All Products
Search
Document Center

Serverless App Engine:Peran terkait layanan

Last Updated:May 19, 2026

Serverless App Engine (SAE) menggunakan peran terkait layanan (SLR) untuk mengakses sumber daya Alibaba Cloud lainnya. Topik ini menjelaskan kasus penggunaan SLR serta cara membuat dan menghapusnya.

Apa itu SLR?

Dalam beberapa skenario, SAE perlu mengakses layanan cloud lain agar berfungsi secara penuh. Misalnya, saat Anda membuat aplikasi, SAE mungkin perlu mengambil informasi tentang sumber daya Anda, seperti Virtual Private Cloud (VPC). SLR memberikan izin yang diperlukan kepada SAE untuk mengakses layanan seperti VPC. Metode ini secara aman mendelegasikan hanya izin yang diperlukan, sehingga mengurangi risiko kesalahan operasional. Kebijakan izin untuk SLR telah ditentukan sebelumnya dan dikelola oleh layanan terkait. Anda tidak dapat memodifikasi atau menghapus kebijakan tersebut, menyambungkan kebijakan tambahan ke peran, maupun melepaskannya. Untuk informasi selengkapnya, lihat Service-linked roles.

Izin SLR

Nama peran: AliyunServiceRoleForSAE

Kebijakan izin: AliyunServiceRolePolicyForSAE

Dokumen kebijakan:

json{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "alb:TagResources",
                "alb:UnTagResources",
                "alb:ListServerGroups",
                "alb:ListServerGroupServers",
                "alb:AddServersToServerGroup",
                "alb:RemoveServersFromServerGroup",
                "alb:ReplaceServersInServerGroup",
                "alb:CreateLoadBalancer",
                "alb:DeleteLoadBalancer",
                "alb:UpdateLoadBalancerAttribute",
                "alb:UpdateLoadBalancerEdition",
                "alb:EnableLoadBalancerAccessLog",
                "alb:DisableLoadBalancerAccessLog",
                "alb:EnableDeletionProtection",
                "alb:DisableDeletionProtection",
                "alb:ListLoadBalancers",
                "alb:GetLoadBalancerAttribute",
                "alb:ListListeners",
                "alb:CreateListener",
                "alb:GetListenerAttribute",
                "alb:UpdateListenerAttribute",
                "alb:ListListenerCertificates",
                "alb:AssociateAdditionalCertificatesWithListener",
                "alb:DissociateAdditionalCertificatesFromListener",
                "alb:DeleteListener",
                "alb:CreateRule",
                "alb:DeleteRule",
                "alb:UpdateRuleAttribute",
                "alb:CreateRules",
                "alb:UpdateRulesAttribute",
                "alb:DeleteRules",
                "alb:ListRules",
                "alb:CreateServerGroup",
                "alb:DeleteServerGroup",
                "alb:UpdateServerGroupAttribute",
                "alb:DescribeZones"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ecs:ListTagResources",
                "ecs:TagResources",
                "ecs:UnTagResources",
                "ecs:CreateNetworkInterface",
                "ecs:DeleteNetworkInterface",
                "ecs:DescribeNetworkInterfaces",
                "ecs:AttachNetworkInterface",
                "ecs:DetachNetworkInterface",
                "ecs:CreateNetworkInterfacePermission",
                "ecs:DescribeNetworkInterfacePermissions",
                "ecs:DeleteNetworkInterfacePermission",
                "ecs:ModifyNetworkInterfaceAttribute",
                "ecs:JoinSecurityGroup",
                "ecs:LeaveSecurityGroup",
                "ecs:CreateSecurityGroup",
                "ecs:AuthorizeSecurityGroup",
                "ecs:DescribeSecurityGroupAttribute",
                "ecs:DescribeSecurityGroups",
                "ecs:RevokeSecurityGroup",
                "ecs:DeleteSecurityGroup",
                "ecs:ModifySecurityGroupAttribute",
                "ecs:AuthorizeSecurityGroupEgress",
                "ecs:RevokeSecurityGroupEgress",
                "ecs:ModifySecurityGroupRule",
                "ecs:DescribeSecurityGroupReferences",
                "ecs:ModifySecurityGroupPolicy"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "slb:AddTags",
                "slb:RemoveTags",
                "slb:CreateLoadBalancer",
                "slb:ModifyLoadBalancerInternetSpec",
                "slb:DeleteLoadBalancer",
                "slb:SetLoadBalancerStatus",
                "slb:SetLoadBalancerName",
                "slb:DescribeLoadBalancers",
                "slb:DescribeLoadBalancerAttribute",
                "slb:ModifyLoadBalancerPayType",
                "slb:ModifyLoadBalancerInstanceSpec",
                "slb:CreateLoadBalancerHTTPListener",
                "slb:CreateLoadBalancerHTTPSListener",
                "slb:CreateLoadBalancerTCPListener",
                "slb:CreateLoadBalancerUDPListener",
                "slb:DeleteLoadBalancerListener",
                "slb:StartLoadBalancerListener",
                "slb:StopLoadBalancerListener",
                "slb:DescribeLoadBalancerListeners",
                "slb:SetLoadBalancerHTTPListenerAttribute",
                "slb:SetLoadBalancerHTTPSListenerAttribute",
                "slb:SetLoadBalancerTCPListenerAttribute",
                "slb:SetLoadBalancerUDPListenerAttribute",
                "slb:SetListenerAccessControlStatus",
                "slb:DescribeLoadBalancerHTTPListenerAttribute",
                "slb:DescribeLoadBalancerHTTPListenerAttributes",
                "slb:DescribeLoadBalancerHTTPSListenerAttribute",
                "slb:DescribeLoadBalancerTCPListenerAttribute",
                "slb:DescribeLoadBalancerUDPListenerAttribute",
                "slb:DescribeListenerAccessControlAttribute",
                "slb:AddListenerWhiteListItem",
                "slb:RemoveListenerWhiteListItem",
                "slb:AddBackendServers",
                "slb:RemoveBackendServers",
                "slb:SetBackendServers",
                "slb:DescribeHealthStatus",
                "slb:UploadServerCertificate",
                "slb:DeleteServerCertificate",
                "slb:DescribeServerCertificates",
                "slb:SetServerCertificateName",
                "slb:DescribeRegions",
                "slb:CreateVServerGroup",
                "slb:DescribeVServerGroupAttribute",
                "slb:DescribeVServerGroups",
                "slb:AddVServerGroupBackendServers",
                "slb:SetVServerGroupAttribute",
                "slb:ModifyVServerGroupBackendServers",
                "slb:RemoveVServerGroupBackendServers",
                "slb:DescribeRules",
                "slb:SetRule",
                "slb:CreateRules",
                "slb:DeleteRules",
                "slb:DescribeTags",
                "slb:DeleteVServerGroup"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "nas:DescribeRegions",
                "nas:CreateFileSystem",
                "nas:DeleteFileSystem",
                "nas:DescribeFileSystems",
                "nas:ModifyFileSystem",
                "nas:CreateMountTarget",
                "nas:DeleteMountTarget",
                "nas:DescribeMountTargets",
                "nas:ModifyMountTarget",
                "nas:CreateAccessGroup",
                "nas:DeleteAccessGroup",
                "nas:DescribeAccessGroups",
                "nas:ModifyAccessGroup",
                "nas:CreateAccessRule",
                "nas:DeleteAccessRule",
                "nas:DescribeAccessRules",
                "nas:ModifyAccessRule",
                "nas:SetUserVolumeCountLimit"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "vpc:DescribeVSwitches",
                "vpc:DescribeVpcs",
                "vpc:CreateVpc",
                "vpc:DescribeZones",
                "vpc:CreateVSwitch",
                "vpc:DescribeVSwitchAttributes",
                "vpc:DescribeEipAddresses",
                "vpc:AssociateEipAddress",
                "vpc:UnassociateEipAddress",
                "vpc:AllocateEipAddress",
                "vpc:ReleaseEipAddress"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "cr:GetUserInfo",
                "cr:GetRegionList",
                "cr:GetNamespaceList",
                "cr:GetRepoListByNamespace",
                "cr:GetRepoTags",
                "cr:GetRepoList",
                "cr:GetRepo",
                "cr:GetInstanceVpcEndpoint",
                "cr:ListNamespace",
                "cr:ListInstanceEndpoint",
                "cr:CreateNamespace",
                "cr:DeleteNamespace",
                "cr:UpdateNamespace",
                "cr:GetNamespace",
                "cr:CreateRepository",
                "cr:DeleteRepository",
                "cr:UpdateRepository",
                "cr:GetRepository",
                "cr:ListRepository",
                "cr:ListRepositoryTag",
                "cr:DeleteRepositoryTag",
                "cr:GetRepositoryManifest",
                "cr:GetRepositoryLayers",
                "cr:PullRepository",
                "cr:PushRepository",
                "cr:GetAuthorizationToken"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ram:GetRole"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:PassRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "acs:Service": "oos.aliyuncs.com"
                }
            }
        },
        {
            "Action": [
                "log:GetLogStore",
                "log:ListLogStores",
                "log:CreateLogStore",
                "log:DeleteLogStore",
                "log:UpdateLogStore",
                "log:GetCursorOrData",
                "log:ListShards",
                "log:PostLogStoreLogs",
                "log:CreateConfig",
                "log:UpdateConfig",
                "log:DeleteConfig",
                "log:GetConfig",
                "log:ListConfig",
                "log:CreateMachineGroup",
                "log:UpdateMachineGroup",
                "log:DeleteMachineGroup",
                "log:GetMachineGroup",
                "log:ListMachineGroup",
                "log:ListMachines",
                "log:ApplyConfigToGroup",
                "log:RemoveConfigFromGroup",
                "log:GetAppliedMachineGroups",
                "log:GetAppliedConfigs",
                "log:GetLogStoreLogs",
                "log:GetLogStoreHistogram",
                "log:CreateProject",
                "log:GetProject",
                "log:GetIndex",
                "log:CreateIndex",
                "log:DeleteIndex",
                "log:UpdateIndex",
                "log:GetMachineGroups",
                "log:RemoveConfigFromMachineGroup",
                "log:DeleteProject"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "yundun-cert:DescribeUserCertificateList",
                "yundun-cert:DescribeUserCertificateDetail"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "bss:DescribePrice",
                "bss:DescribeInstances"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "arms:QueryMetric",
                "arms:ListDashboards",
                "arms:OpenArmsService",
                "arms:ListServerlessTopNApps",
                "arms:CreateAlertContact",
                "arms:SearchAlertContact",
                "arms:UpdateAlertContact",
                "arms:DeleteAlertContact",
                "arms:CreateAlertContactGroup",
                "arms:SearchAlertContactGroup",
                "arms:UpdateAlertContactGroup",
                "arms:DeleteAlertContactGroup"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "oos:ListExecutions",
                "oos:StartExecution",
                "oos:DeleteExecutions",
                "oos:CancelExecution",
                "oos:GetTemplate",
                "oos:CreateTemplate",
                "oos:UpdateTemplate"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "mse:CreateApplication",
                "mse:RemoveApplication",
                "mse:FetchRoutePolicyList",
                "mse:AddRoutePolicy",
                "mse:UpdateRoutePolicy",
                "mse:RemoveRoutePolicy",
                "mse:GetServiceDetail",
                "mse:GetServiceListPage",
                "mse:GetServiceList"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "eventbridge:CreateEventBus",
                "eventbridge:GetEventBus",
                "eventbridge:DeleteEventBus",
                "eventbridge:ListEventBuses",
                "eventbridge:CreateRule",
                "eventbridge:GetRule",
                "eventbridge:UpdateRule",
                "eventbridge:EnableRule",
                "eventbridge:DisableRule",
                "eventbridge:DeleteRule",
                "eventbridge:ListRules",
                "eventbridge:UpdateTargets",
                "eventbridge:DeleteTargets",
                "eventbridge:ListTargets",
                "eventbridge:PutEvents",
                "eventbridge:CreateEventSource",
                "eventbridge:UpdateEventSource",
                "eventbridge:DeleteEventSource",
                "eventbridge:ListAliyunOfficialEventSources",
                "eventbridge:ListUserDefinedEventSources"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "alikafka:ListInstance",
                "alikafka:ListTopic"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "sae.aliyuncs.com"
                }
            }
        },
        {
            "Action": "ram:CreateServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "eipaccess.slb.aliyuncs.com"
                }
            }
        }
    ]
}

Membuat SLR

SAE dapat membuat SLR-nya secara otomatis. Jika SLR belum dibuat, kotak dialog Welcome to Serverless App Engine (SAE) akan muncul saat Anda login ke SAE console. Klik Confirm untuk membuat SLR.

Kotak dialog tersebut menyatakan bahwa peran baru bernama AliyunServiceRoleForSAE dan menggunakan kebijakan AliyunServiceRolePolicyForSAE. Peran ini memungkinkan SAE mengakses sumber daya cloud seperti VPC, RDS, ECS, SLB, Container Registry (ACR), Log Service (SLS), Apsara File Storage (NAS), dan Application Real-Time Monitoring Service (ARMS). Akses ini diperlukan untuk operasi seperti menarik image, mengumpulkan data pemantauan, mengekspor log, dan menyimpan data secara persisten.

Catatan

Kotak dialog Welcome to Serverless App Engine (SAE) akan terus muncul setiap kali Anda login ke SAE console hingga Anda membuat SLR.

Menghapus SLR

Jika Anda perlu menghapus SLR, Anda harus terlebih dahulu menghapus semua aplikasi yang dideploy oleh Akun Alibaba Cloud di SAE.

Penting
  • Setelah Anda menghapus SLR, Anda tidak dapat lagi menggunakan SAE. Lakukan dengan hati-hati.

  • Untuk menggunakan kembali SAE setelah menghapus SLR, login ke SAE console untuk membuatnya ulang. Untuk informasi selengkapnya, lihat Create an SLR.