本文为您介绍DAS服务关联角色(AliyunServiceRoleForDAS)的应用场景以及如何删除服务关联角色。
背景信息
DAS服务关联角色(AliyunServiceRoleForDAS)是在某些情况下,为了很好地支持DAS自身的功能,需要获取用户其他云服务的访问权限而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色。
应用场景
DAS接入用户在阿里云购买的云数据库,比如RDS、MongoDB、Redis、PolarDB等或者在阿里云ECS上自建的数据库时,通过服务关联角色功能获取访问权限。
AliyunServiceRoleForDAS介绍
角色名称:AliyunServiceRoleForDAS
角色权限策略:AliyunServiceRolePolicyForDAS
权限说明:
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:DescribeRegions",
"rds:DescribeDBInstances",
"rds:DescribeDatabases",
"rds:DescribeDBInstanceNetInfo",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeAccounts",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeDBInstancePerformance",
"rds:ModifySecurityIps",
"rds:CreateAccount",
"rds:GrantAccountPrivilege",
"rds:RevokeAccountPrivilege",
"rds:CreateDatabase",
"rds:ModifyDBInstanceDescription",
"rds:DescribeSlowLogRecords",
"rds:DescribeSlowLogs",
"rds:DescribeResourceUsage",
"rds:DescribeSQLCollectorPolicy",
"rds:ModifyDBInstanceSpec",
"rds:DescribeTasks",
"rds:DescribeTaskIdByRequestID",
"rds:ModifyDBNodeClass",
"rds:DescribeParameters",
"rds:ModifyParameter",
"rds:DescribeBackups",
"rds:CloneDBInstance",
"rds:DescribeLocalAvailableRecoveryTime"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribePhysicalConnections",
"vpc:DescribeVpnGateways",
"vpc:DescribeRouterInterfaces",
"vpc:DescribeVirtualBorderRouters",
"vpc:DescribeVSwitches",
"vpc:DescribeVSwitchAttributes",
"vpc:ModifyVSwitchAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeInstances",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeInstanceStatus",
"ecs:DescribeInstanceMonitorData",
"ecs:DescribeSecurityGroups",
"ecs:JoinSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:DescribeDisks",
"ecs:RunInstances",
"ecs:CreateSecurityGroup",
"ecs:DescribeAvailableResource",
"ecs:DescribeImages"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeCacheAnalysisReport",
"kvstore:DescribeCacheAnalysisReportList",
"kvstore:CreateCacheAnalysisTask",
"kvstore:DescribeAccounts",
"kvstore:CreateAccount",
"kvstore:DescribeRegions",
"kvstore:DescribeInstances",
"kvstore:DescribeInstanceAttribute",
"kvstore:DescribeHistoryMonitorValues",
"kvstore:DescribeMonitorItems",
"kvstore:VerifyPassword",
"kvstore:DescribeSecurityIps",
"kvstore:ModifySecurityIps",
"kvstore:ModifyInstanceAttribute",
"kvstore:ModifyInstanceSpec",
"kvstore:AddShardingNode",
"kvstore:DeleteShardingNode",
"kvstore:DescribeRoleZoneInfo",
"kvstore:EnableAdditionalBandwidth",
"kvstore:RenewAdditionalBandwidth",
"kvstore:DescribeIntranetAttribute",
"kvstore:DescribeClusterMemberInfo",
"kvstore:DescribeAuditLogConfig",
"kvstore:DescribeAuditRecords",
"kvstore:DescribeRunningLogRecords",
"kvstore:DescribeSlowLogRecords"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dts:DescribeMigrationJobs",
"dts:DescribeMigrationJobDetail",
"dts:DescribeMigrationJobStatus",
"dts:CreateMigrationJob",
"dts:ConfigureMigrationJob",
"dts:SuspendMigrationJob",
"dts:StartMigrationJob",
"dts:StopMigrationJob",
"dts:DeleteMigrationJob",
"dts:DescribeSynchronizationJobs",
"dts:DescribeSynchronizationJobStatus",
"dts:CreateSynchronizationJob",
"dts:ConfigureSynchronizationJob",
"dts:SuspendSynchronizationJob",
"dts:StartSynchronizationJob",
"dts:DeleteSynchronizationJob",
"dts:DescribeObjectModifyStatus",
"dts:ModifySynchronizationObject",
"dts:ResetSynchronizationJob"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"pvtz:DescribeUserServiceStatus",
"pvtz:DescribeZones",
"pvtz:DescribeZoneRecords",
"pvtz:UpdateZoneRecord"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeDBInstances",
"dds:DescribeReplicaSetRole",
"dds:DescribeDBInstanceAttribute",
"dds:DescribeRegions",
"dds:DescribeDBInstancePerformance",
"dds:DescribeSecurityIps",
"dds:ModifyDBInstanceDescription",
"dds:ModifySecurityIps",
"dds:DescribeShardingNetworkAddress",
"dds:DescribeSlowLogRecords",
"dds:DescribeRunningLogRecords",
"dds:DescribeErrorLogList"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:QueryContactGroup",
"cms:QueryContact"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeDBClusters",
"polardb:DescribeRegions",
"polardb:DescribeDBClusterAttribute",
"polardb:ModifyDBNodeClass",
"polardb:DescribeDBClusterAvailableResources",
"polardb:CreateDBNodes",
"polardb:DeleteDBNodes",
"polardb:DescribeBackups",
"polardb:CreateDBCluster",
"polardb:DescribeDBClusterParameters"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "hdm.aliyuncs.com"
}
}
}
]
}
删除服务关联角色
如果您需要删除服务关联角色(AliyunServiceRoleForDAS),请参见删除服务关联角色。