本文介紹ApsaraDB for SelectDB服務關聯角色AliyunServiceRoleForSelectDB的應用情境以及如何刪除該角色。
背景資訊
ApsaraDB for SelectDB服務關聯角色AliyunServiceRoleForSelectDB是在某些情況下,為了完成ApsaraDB for SelectDB自身的某個功能,需要擷取其他雲端服務的存取權限,而提供的RAM角色。更多關於服務關聯角色的資訊請參見服務關聯角色。
應用情境
服務關聯角色AliyunServiceRoleForSelectDB的應用情境,包括但不限於:
擷取ECS雲端服務的存取權限:建立ApsaraDB for SelectDB執行個體需要從ECS雲端服務擷取所需的計算資源並進行管理。
擷取VPC雲端服務的存取權限:部署和運行ApsaraDB for SelectDB執行個體需要VPC雲端服務提供網路環境並進行管理。
擷取SLB雲端服務的存取權限:ApsaraDB for SelectDB執行個體需要SLB雲端服務提供負載平衡服務;
擷取ARMS雲端服務的存取權限:ApsaraDB for SelectDB執行個體需要ARMS雲端服務提供監控資訊和警示服務。
AliyunServiceRoleForSelectDB介紹
角色名稱:AliyunServiceRoleForSelectDB
角色權限原則:AliyunServiceRolePolicyForSelectDB
許可權說明:
{ "Statement": [ { "Action": [ "log:GetProject", "log:ListProject", "log:GetCursor", "log:GetCursorTime", "log:GetLogs", "log:GetHistograms", "log:GetContextLogs", "log:PullLogs", "log:GetLogStoreLogs", "log:GetLogStoreHistogram", "log:GetLogStore", "log:ListLogStores", "log:GetCursorOrData", "log:ListShards", "log:GetConfig", "log:ListConfig", "log:GetShipperStatus", "log:GetCheckPoint", "log:HeartBeat", "log:UpdateCheckPoint", "log:PostLogStoreLogs", "log:CreateConsumerGroup", "log:UpdateConsumerGroup", "log:DeleteConsumerGroup", "log:ListConsumerGroup", "log:ConsumerGroupUpdateCheckPoint", "log:ConsumerGroupHeartBeat", "log:GetConsumerGroupCheckPoint", "log:CreateExport", "log:GetExport", "log:ListExport", "log:UpdateExport", "log:DeleteExport", "log:CreateJob", "log:GetJob", "log:ListJobs", "log:UpdateJob", "log:DeleteJob", "ecs:AttachNetworkInterface", "ecs:AuthorizeSecurityGroup", "ecs:CreateNetworkInterface", "ecs:CreateNetworkInterfacePermission", "ecs:CreateRouteEntry", "ecs:CreateSecurityGroup", "ecs:DeleteNetworkInterface", "ecs:DeleteNetworkInterfacePermission", "ecs:DeleteRouteEntry", "ecs:DeleteSecurityGroup", "ecs:DescribeInstanceAttribute", "ecs:DescribeInstanceStatus", "ecs:DescribeInstanceTypeFamilies", "ecs:DescribeInstanceTypes", "ecs:DescribeInstances", "ecs:DescribeInstancesFullStatus", "ecs:DescribeNetworkInterfaceAttribute", "ecs:DescribeNetworkInterfaces", "ecs:DescribeRegions", "ecs:DescribeSecurityGroupAttribute", "ecs:DescribeSecurityGroups", "ecs:DescribeZones", "ecs:DetachNetworkInterface", "ecs:ListTagResources", "ecs:ModifyNetworkInterfaceAttribute", "ecs:RevokeSecurityGroup", "ecs:TagResources", "ecs:UntagResources", "vpc:CreateRouteEntry", "vpc:DeleteRouteEntry", "vpc:DescribeRegions", "vpc:DescribeVSwitchAttributes", "vpc:DescribeVSwitches", "vpc:DescribeVpcAttribute", "vpc:DescribeVpcs", "vpc:DescribeZones", "vpc:ListTagResources", "vpc:ModifyBypassToaAttribute", "vpc:TagResources", "vpc:UntagResources", "selectdb:DescribeSecurityIPList", "selectdb:ModifySecurityIPList" ], "Resource": "*", "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "selectdb.aliyuncs.com" } } }, { "Action": [ "kms:Listkeys", "kms:Listaliases", "kms:ListResourceTags", "kms:DescribeKey", "kms:UntagResource", "kms:TagResource", "kms:DescribeAccountKmsStatus" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Effect": "Allow", "Condition": { "StringEqualsIgnoreCase": { "kms:tag/acs:selectdb:instance-encryption": "true" } } }, { "Action": [ "rds:ModifySecurityIps", "rds:DescribeDBInstanceNetInfo", "rds:DescribeDBInstanceIPArrayList" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "arms:CheckServiceStatus", "arms:OpenArmsService", "arms:GetPrometheusApiToken", "arms:OpenVCluster", "arms:ListDashboards" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "slb:AddBackendServers", "slb:AddTags", "slb:AddVServerGroupBackendServers", "slb:CreateLoadBalancer", "slb:CreateLoadBalancerForCloudService", "slb:CreateLoadBalancerHTTPListener", "slb:CreateLoadBalancerHTTPSListener", "slb:CreateLoadBalancerTCPListener", "slb:CreateLoadBalancerUDPListener", "slb:CreateVServerGroup", "slb:DeleteLoadBalancer", "slb:DeleteLoadBalancerListener", "slb:DeleteVServerGroup", "slb:DescribeTags", "slb:DescribeVServerGroups", "slb:DescribeLoadBalancers", "slb:DescribeVServerGroupAttribute", "slb:DescribeLoadBalancerAttribute", "slb:DescribeLoadBalancerHTTPSListenerAttribute", "slb:DescribeLoadBalancerHTTPListenerAttribute", "slb:DescribeLoadBalancerListeners", "slb:DescribeLoadBalancerTCPListenerAttribute", "slb:DescribeLoadBalancerUDPListenerAttribute", "slb:ModifyLoadBalancerInstanceSpec", "slb:ModifyLoadBalancerInternetSpec", "slb:ModifyVServerGroupBackendServers", "slb:RemoveBackendServers", "slb:RemoveTags", "slb:DescribeAccessControlLists", "slb:RemoveVServerGroupBackendServers", "slb:SetLoadBalancerHTTPListenerAttribute", "slb:SetLoadBalancerHTTPSListenerAttribute", "slb:SetLoadBalancerTCPListenerAttribute", "slb:SetLoadBalancerUDPListenerAttribute", "slb:SetLoadBalancerModificationProtection", "slb:SetLoadBalancerDeleteProtection", "slb:SetVServerGroupAttribute", "slb:ServiceManagedControl", "slb:StartLoadBalancerListener", "slb:StopLoadBalancerListener", "slb:DeleteAccessControlList", "slb:CreateAccessControlList", "slb:DescribeAccessControlListAttribute", "slb:AddAccessControlListEntry", "slb:RemoveAccessControlListEntry" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "pvtz:DescribeUserServiceStatus", "pvtz:DescribeZones" ], "Resource": "*", "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "bssapi:QueryAvailableInstances" ], "Resource": "*" }, { "Action": "bss:DescribeAcccount", "Resource": "*", "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "bssapi:CreateInstance" ], "Resource": "*", "Condition": { "StringEquals": { "bssapi:ProductCode": "pvtz", "bssapi:ProductType": [ "pvtzpost" ] } } }, { "Action": "ram:CreateServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "eipaccess.slb.aliyuncs.com" } } } ], "Version": "1" }
建立服務關聯角色
如果您尚未建立ApsaraDB for SelectDB服務關聯角色AliyunServiceRoleForSelectDB,每次開啟ApsaraDB for SelectDB產品控制台時,都會彈出開通雲資料庫SelectDB產品服務提示框,單擊確認開通後,系統將自動幫您建立該角色。
說明
未建立服務關聯角色AliyunServiceRoleForSelectDB將導致無法正常使用ApsaraDB for SelectDB。
刪除服務關聯角色
您可前往RAM控制台,刪除服務關聯角色AliyunServiceRoleForSelectDB,具體操作,請參見刪除RAM角色。
說明
刪除服務關聯角色AliyunServiceRoleForSelectDB後,將會影響正常使用ApsaraDB for SelectDB,謹慎操作。