Topik ini menjelaskan skenario penggunaan peran terkait layanan AliyunServiceRoleForSelectDB untuk ApsaraDB for SelectDB. Topik ini juga mencakup cara membuat dan menghapus peran tersebut.
Informasi latar belakang
Peran terkait layanan untuk ApsaraDB for SelectDB adalah Peran RAM (Resource Access Management) yang digunakan untuk mengakses layanan Alibaba Cloud lainnya guna mendukung fitur-fitur tertentu dari ApsaraDB for SelectDB. Untuk informasi lebih lanjut, lihat Peran terkait layanan.
Skenario
Peran terkait layanan AliyunServiceRoleForSelectDB berlaku untuk, namun tidak terbatas pada, skenario-skenario berikut:
Akses Elastic Compute Service (ECS): Anda harus mengakses ECS untuk mendapatkan sumber daya komputasi yang diperlukan sebelum membuat instans ApsaraDB for SelectDB.
Akses Virtual Private Cloud (VPC): Anda harus mengakses VPC untuk mendapatkan lingkungan jaringan yang diperlukan sebelum menerapkan dan menjalankan instans ApsaraDB for SelectDB.
Akses Server Load Balancer (SLB): Anda harus mengakses SLB untuk menggunakan layanan penyeimbangan beban untuk instans ApsaraDB for SelectDB.
Akses Application Real-Time Monitoring Service (ARMS): Anda harus mengakses ARMS untuk memantau instans ApsaraDB for SelectDB dan mengonfigurasi peringatan.
Deskripsi peran
Nama peran: AliyunServiceRoleForSelectDB
Kebijakan yang disambungkan ke peran: AliyunServiceRolePolicyForSelectDB
Izin:
{ "Statement": [ { "Action": [ "log:GetProject", "log:ListProject", "log:GetCursor", "log:GetCursorTime", "log:GetLogs", "log:GetHistograms", "log:GetContextLogs", "log:PullLogs", "log:GetLogStoreLogs", "log:GetLogStoreHistogram", "log:GetLogStore", "log:ListLogStores", "log:GetCursorOrData", "log:ListShards", "log:GetConfig", "log:ListConfig", "log:GetShipperStatus", "log:GetCheckPoint", "log:HeartBeat", "log:UpdateCheckPoint", "log:PostLogStoreLogs", "log:CreateConsumerGroup", "log:UpdateConsumerGroup", "log:DeleteConsumerGroup", "log:ListConsumerGroup", "log:ConsumerGroupUpdateCheckPoint", "log:ConsumerGroupHeartBeat", "log:GetConsumerGroupCheckPoint", "log:CreateExport", "log:GetExport", "log:ListExport", "log:UpdateExport", "log:DeleteExport", "log:CreateJob", "log:GetJob", "log:ListJobs", "log:UpdateJob", "log:DeleteJob", "ecs:AttachNetworkInterface", "ecs:AuthorizeSecurityGroup", "ecs:CreateNetworkInterface", "ecs:CreateNetworkInterfacePermission", "ecs:CreateRouteEntry", "ecs:CreateSecurityGroup", "ecs:DeleteNetworkInterface", "ecs:DeleteNetworkInterfacePermission", "ecs:DeleteRouteEntry", "ecs:DeleteSecurityGroup", "ecs:DescribeInstanceAttribute", "ecs:DescribeInstanceStatus", "ecs:DescribeInstanceTypeFamilies", "ecs:DescribeInstanceTypes", "ecs:DescribeInstances", "ecs:DescribeInstancesFullStatus", "ecs:DescribeNetworkInterfaceAttribute", "ecs:DescribeNetworkInterfaces", "ecs:DescribeRegions", "ecs:DescribeSecurityGroupAttribute", "ecs:DescribeSecurityGroups", "ecs:DescribeZones", "ecs:DetachNetworkInterface", "ecs:ListTagResources", "ecs:ModifyNetworkInterfaceAttribute", "ecs:RevokeSecurityGroup", "ecs:TagResources", "ecs:UntagResources", "vpc:CreateRouteEntry", "vpc:DeleteRouteEntry", "vpc:DescribeRegions", "vpc:DescribeVSwitchAttributes", "vpc:DescribeVSwitches", "vpc:DescribeVpcAttribute", "vpc:DescribeVpcs", "vpc:DescribeZones", "vpc:ListTagResources", "vpc:ModifyBypassToaAttribute", "vpc:TagResources", "vpc:UntagResources", "selectdb:DescribeSecurityIPList", "selectdb:ModifySecurityIPList" ], "Resource": "*", "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "selectdb.aliyuncs.com" } } }, { "Action": [ "kms:Listkeys", "kms:Listaliases", "kms:ListResourceTags", "kms:DescribeKey", "kms:UntagResource", "kms:TagResource", "kms:DescribeAccountKmsStatus" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Effect": "Allow", "Condition": { "StringEqualsIgnoreCase": { "kms:tag/acs:selectdb:instance-encryption": "true" } } }, { "Action": [ "rds:ModifySecurityIps", "rds:DescribeDBInstanceNetInfo", "rds:DescribeDBInstanceIPArrayList" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "arms:CheckServiceStatus", "arms:OpenArmsService", "arms:GetPrometheusApiToken", "arms:OpenVCluster", "arms:ListDashboards" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "slb:AddBackendServers", "slb:AddTags", "slb:AddVServerGroupBackendServers", "slb:CreateLoadBalancer", "slb:CreateLoadBalancerForCloudService", "slb:CreateLoadBalancerHTTPListener", "slb:CreateLoadBalancerHTTPSListener", "slb:CreateLoadBalancerTCPListener", "slb:CreateLoadBalancerUDPListener", "slb:CreateVServerGroup", "slb:DeleteLoadBalancer", "slb:DeleteLoadBalancerListener", "slb:DeleteVServerGroup", "slb:DescribeTags", "slb:DescribeVServerGroups", "slb:DescribeLoadBalancers", "slb:DescribeVServerGroupAttribute", "slb:DescribeLoadBalancerAttribute", "slb:DescribeLoadBalancerHTTPSListenerAttribute", "slb:DescribeLoadBalancerHTTPListenerAttribute", "slb:DescribeLoadBalancerListeners", "slb:DescribeLoadBalancerTCPListenerAttribute", "slb:DescribeLoadBalancerUDPListenerAttribute", "slb:ModifyLoadBalancerInstanceSpec", "slb:ModifyLoadBalancerInternetSpec", "slb:ModifyVServerGroupBackendServers", "slb:RemoveBackendServers", "slb:RemoveTags", "slb:DescribeAccessControlLists", "slb:RemoveVServerGroupBackendServers", "slb:SetLoadBalancerHTTPListenerAttribute", "slb:SetLoadBalancerHTTPSListenerAttribute", "slb:SetLoadBalancerTCPListenerAttribute", "slb:SetLoadBalancerUDPListenerAttribute", "slb:SetLoadBalancerModificationProtection", "slb:SetLoadBalancerDeleteProtection", "slb:SetVServerGroupAttribute", "slb:ServiceManagedControl", "slb:StartLoadBalancerListener", "slb:StopLoadBalancerListener", "slb:DeleteAccessControlList", "slb:CreateAccessControlList", "slb:DescribeAccessControlListAttribute", "slb:AddAccessControlListEntry", "slb:RemoveAccessControlListEntry" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "pvtz:DescribeUserServiceStatus", "pvtz:DescribeZones" ], "Resource": "*", "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "bssapi:QueryAvailableInstances" ], "Resource": "*" }, { "Action": "bss:DescribeAcccount", "Resource": "*", "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "bssapi:CreateInstance" ], "Resource": "*", "Condition": { "StringEquals": { "bssapi:ProductCode": "pvtz", "bssapi:ProductType": [ "pvtzpost" ] } } }, { "Action": "ram:CreateServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "eipaccess.slb.aliyuncs.com" } } } ], "Version": "1" }
Buat peran AliyunServiceRoleForSelectDB
Jika peran terkait layanan AliyunServiceRoleForSelectDB belum dibuat, you are prompted to activate ApsaraDB for SelectDB setiap kali Anda masuk ke ApsaraDB for SelectDB. Setelah Anda mengaktifkan ApsaraDB for SelectDB, sistem secara otomatis membuat peran terkait layanan AliyunServiceRoleForSelectDB.
Jika peran terkait layanan AliyunServiceRoleForSelectDB belum dibuat, Anda tidak dapat menggunakan ApsaraDB for SelectDB.
Hapus peran AliyunServiceRoleForSelectDB
Anda dapat menghapus peran AliyunServiceRoleForSelectDB di Konsol RAM. Untuk informasi lebih lanjut, lihat Hapus peran RAM.
Setelah menghapus peran terkait layanan AliyunServiceRoleForSelectDB, Anda tidak dapat menggunakan ApsaraDB for SelectDB. Lanjutkan dengan hati-hati.