If this is the first time you create an ApsaraDB RDS for PostgreSQL instance, you
must create the AliyunServiceRoleForRdsPgsqlOnEcs service-linked role for ApsaraDB
RDS for PostgreSQL. This way, your RDS instance can mount Elastic Network Interfaces
(ENIs) and establish network connections. This topic describes how to manage service-linked
roles.
Create a service-linked role
- In the terraform.tf file in the Terraform working directory, configure the following
information to create the AliyunServiceRoleForRdsPgsqlOnEcs service-linked role:
resource "alicloud_rds_service_linked_role" "default" {
service_name = "AliyunServiceRoleForRdsPgsqlOnEcs"
}
- Run the
terraform apply
command.
If the following information appears, confirm the information and enter
yes to create the service-linked role:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
+ create
Terraform will perform the following actions:
# alicloud_rds_service_linked_role.default will be created
+ resource "alicloud_rds_service_linked_role" "default" {
+ arn = (known after apply)
+ id = (known after apply)
+ role_id = (known after apply)
+ role_name = (known after apply)
+ service_name = "AliyunServiceRoleForRdsPgsqlOnEcs"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
If the following logs appear, the operation is successful:
alicloud_rds_service_linked_role.default: Creating...
alicloud_rds_service_linked_role.default: Creation complete after 3s [id=AliyunServiceRoleForRdsPgsqlOnEcs]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
- Run the
terraform show
command to view the result. # alicloud_rds_service_linked_role.default:
resource "alicloud_rds_service_linked_role" "default" {
arn = "acs:ram::140****:role/aliyunserviceroleforrdspgsqlonecs"
id = "AliyunServiceRoleForRdsPgsqlOnEcs"
role_id = "399****"
role_name = "AliyunServiceRoleForRdsPgsqlOnEcs"
service_name = "AliyunServiceRoleForRdsPgsqlOnEcs"
}
Delete a service-linked role
- In the terraform.tf file, delete the
resource "alicloud_rds_service_linked_role" "default"{}
configuration item. In this example, delete the following information:resource "alicloud_rds_service_linked_role" "default" {
service_name = "AliyunServiceRoleForRdsPgsqlOnEcs"
}
- Run the
terraform apply
command.
After the following information appears, confirm the information and enter yes to delete the service-linked role:
alicloud_rds_service_linked_role.default: Refreshing state... [id=AliyunServiceRoleForRdsPgsqlOnEcs]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
- destroy
Terraform will perform the following actions:
# alicloud_rds_service_linked_role.default will be destroyed
# (because alicloud_rds_service_linked_role.default is not in configuration)
- resource "alicloud_rds_service_linked_role" "default" {
- arn = "acs:ram::140***:role/aliyunserviceroleforrdspgsqlonecs" -> null
- id = "AliyunServiceRoleForRdsPgsqlOnEcs" -> null
- role_id = "399****" -> null
- role_name = "AliyunServiceRoleForRdsPgsqlOnEcs" -> null
- service_name = "AliyunServiceRoleForRdsPgsqlOnEcs" -> null
}
Plan: 0 to add, 0 to change, 1 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
If the following logs appear, the operation is successful:
alicloud_rds_service_linked_role.default: Destroying... [id=AliyunServiceRoleForRdsPgsqlOnEcs]
alicloud_rds_service_linked_role.default: Destruction complete after 0s
Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
Query the created service-linked roles
- In the terraform.tf file, add the following content:
data "alicloud_resource_manager_roles" "slr" {
}
- Run the
terraform apply
command to query the service-linked roles that are created.
If the following logs appear, the operation is successful:
data.alicloud_resource_manager_roles.slr: Reading...
data.alicloud_resource_manager_roles.slr: Read complete after 2s [id=163141****]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are
needed.
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
- Run the
terraform show
command to view the result. # data.alicloud_resource_manager_roles.slr:
data "alicloud_resource_manager_roles" "slr" {
enable_details = false
id = "163141****"
ids = [
"AliyunActionTrailDefaultRole",
"AliyunAdamAccessingDatabaseRole",
"AliyunAnalyticDBAccessingDTSRole",
...
]
names = [
"AliyunActionTrailDefaultRole",
"AliyunAdamAccessingDatabaseRole",
"AliyunAnalyticDBAccessingDTSRole",
...
]
roles = [
{
arn = "acs:ram::140****:role/aliyunactiontraildefaultrole"
assume_role_policy_document = ""
description = "By default, ActionTrail assumes this role to access your cloud resources."
id = "AliyunActionTrailDefaultRole"
max_session_duration = 3600
role_id = "394****"
role_name = "AliyunActionTrailDefaultRole"
update_date = "2019-05-07T02:29:41Z"
},
{
arn = "acs:ram::140****:role/aliyunadamaccessingdatabaserole"
assume_role_policy_document = ""
description = "ADAM assumes this role to access your cloud resources."
id = "AliyunAdamAccessingDatabaseRole"
max_session_duration = 3600
role_id = "351****"
role_name = "AliyunAdamAccessingDatabaseRole"
update_date = "2020-04-26T07:42:32Z"
},
{
arn = "acs:ram::140****:role/aliyunanalyticdbaccessingdtsrole"
assume_role_policy_document = ""
description = "The Open Analytics will use this role to access DTS."
id = "AliyunAnalyticDBAccessingDTSRole"
max_session_duration = 3600
role_id = "312****"
role_name = "AliyunAnalyticDBAccessingDTSRole"
update_date = "2020-03-10T01:49:16Z"
},
...
]
}