Lampiran: Peran terkait layanan koneksi Lingjun - Platform For AI

Setelah mengaktifkan PAI-Layanan Komputasi AI Lingjun dan membuat koneksi Lingjun, Anda dapat menggunakan koneksi tersebut untuk mengakses layanan Alibaba Cloud lainnya. Contohnya, Anda dapat mengakses virtual private cloud (VPC), membuat sirkuit Express Connect, dan membuat elastic network interfaces (ENIs). Topik ini menjelaskan skenario penggunaan peran terkait layanan AliyunServiceRoleForEfloVcc dari koneksi Lingjun serta cara menghapus peran tersebut.

Informasi latar belakang

Peran terkait layanan bernama AliyunServiceRoleForEfloVcc adalah peran Resource Access Management (RAM) yang dibuat untuk koneksi Lingjun agar dapat mengakses layanan Alibaba Cloud lainnya guna mengimplementasikan fitur tertentu. Untuk informasi lebih lanjut tentang peran terkait layanan, lihat Peran terkait layanan.

Deskripsi peran

Nama peran: AliyunServiceRoleForEfloVcc

Kebijakan:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:CreateNetworkInterface",
        "ecs:AttachNetworkInterface",
        "ecs:DetachNetworkInterface",
        "ecs:DeleteNetworkInterface",
        "ecs:DescribeNetworkInterfaces",
        "ecs:CreateSecurityGroup",
        "ecs:DeleteSecurityGroup",
        "ecs:AuthorizeSecurityGroup",
        "ecs:AuthorizeSecurityGroupEgress",
        "ecs:RevokeSecurityGroup",
        "ecs:RevokeSecurityGroupEgress",
        "ecs:DescribeSecurityGroups",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:ModifyInstanceAttribute"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVpcs",
        "vpc:DescribeVSwitches",
        "vpc:ConfirmPhysicalConnection",
        "vpc:CreateVirtualBorderRouter",
        "vpc:DeleteVirtualBorderRouter",
        "vpc:DescribeVirtualBorderRouters",
        "vpc:CreateBgpGroup",
        "vpc:DeleteBgpGroup",
        "vpc:DescribeBgpGroups",
        "vpc:CreateBgpPeer",
        "vpc:DeleteBgpPeer",
        "vpc:DescribeBgpPeers",
        "cen:AttachCenChildInstance",
        "cen:DetachCenChildInstance",
        "vpc:DescribeRouteEntryList",
        "vpc:AddBgpNetwork",
        "vpc:DeleteBgpNetwork",
        "vpc:DescribeBgpNetworks",
        "vpc:TerminatePhysicalConnection",
        "vpc:RecoverPhysicalConnection",
        "vpc:DeletePhysicalConnection",
        "vpc:OpenPhysicalConnectionService",
        "vpc:GetPhysicalConnectionServiceStatus",
        "vpc:DescribePhysicalConnections",
        "vpc:CreatePhysicalConnectionOccupancyOrder",
        "vpc:UpdateVirtualPhysicalConnection",
        "vpc:CreateRouterInterface",
        "vpc:DeleteRouterInterface",
        "vpc:DeactivateRouterInterface",
        "vpc:DescribeRouterInterfaces",
        "vpc:DescribeRouteTableList",
        "vpc:CreateRouteEntries",
        "vpc:DeleteRouteEntries",
        "vpc:CreateRouteEntry",
        "vpc:DeleteRouteEntry",
        "vpc:DescribeGrantRulesToCen",
        "vpc:GrantInstanceToCen",
        "vpc:RevokeInstanceFromCen",
        "vpc:CreatePhysicalConnectionNew",
        "vpc:ModifyVirtualBorderRouterAttribute",
        "vpc:AssociatePhysicalConnectionToVirtualBorderRouter",
        "vpc:UnassociatePhysicalConnectionFromVirtualBorderRouter",
        "bssapi:SetRenewal",
        "vpc:CancelPhysicalConnection"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "cen:CreateTransitRouterRouteEntry",
        "cen:ListTransitRouterRouteEntries",
        "cen:DeleteTransitRouterRouteEntry",
        "cen:ResolveAndRouteServiceInCen",
        "cen:DescribeRouteServicesInCen",
        "cen:DeleteRouteServiceInCen",
        "cen:CreateTransitRouterVbrAttachment",
        "cen:DeleteTransitRouterVbrAttachment",
        "cen:ListTransitRouterVbrAttachments",
        "cen:ListTransitRouterVpcAttachments",
        "cen:DisableTransitRouterRouteTablePropagation",
        "cen:EnableTransitRouterRouteTablePropagation",
        "cen:ListTransitRouterRouteTablePropagations",
        "cen:AssociateTransitRouterAttachmentWithRouteTable",
        "cen:DissociateTransitRouterAttachmentFromRouteTable",
        "cen:ListTransitRouterRouteTableAssociations",
        "cen:ListTransitRouterRouteTables",
        "cen:ListTransitRouters",
        "cen:ListTransitRouterAvailableResource",
        "cen:ResolveAndRouteServiceInCen",
        "cen:DescribeRouteServicesInCen",
        "cen:DeleteRouteServiceInCen",
        "cen:DescribeCenAttachedChildInstances",
        "cen:DescribeCenAttachedChildInstanceAttribute",
        "cen:DescribeCens"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ros:ListStacks",
        "ros:GetStack",
        "ros:ListStackEvents",
        "ros:ListStackResources",
        "ros:GetStackResource",
        "ros:CreateStack",
        "ros:DeleteStack",
        "ros:PreviewStack"
      ],
      "Resource": [
        "*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "vcc.eflo.aliyuncs.com"
        }
      }
    }
  ]
}

Buat peran AliyunServiceRoleForEfloVcc

Saat membuat kluster Lingjun untuk pertama kalinya, klik Confirm Authorization pada langkah Konfigurasi Jaringan. Sistem akan secara otomatis membuat peran terkait layanan AliyunServiceRoleForEfloVcc.

Hapus peran AliyunServiceRoleForEfloVcc

Sebelum menghapus peran terkait layanan AliyunServiceRoleForEfloVcc, lepaskan semua koneksi Lingjun yang menggunakan peran ini.

Koneksi Lingjun dilepaskan secara otomatis ketika koneksi tersebut kedaluwarsa.
Untuk informasi lebih lanjut, lihat bagian "Hapus peran terkait layanan" dalam topik Peran terkait layanan.