本文为您介绍资源元数据中心服务关联角色(AliyunServiceRoleForResourceMetaCenter)的应用场景、权限策略、创建及删除操作。

应用场景

资源元数据中心通过服务关联角色(AliyunServiceRoleForResourceMetaCenter)访问其他云服务中的资源,进而获取资源元数据(资源名称、IP地址或标签)信息,然后根据资源元数据搜索资源。

关于服务关联角色的更多信息,请参见服务关联角色

权限说明

角色名称:AliyunServiceRoleForResourceMetaCenter。

权限策略:AliyunServiceRolePolicyForResourceMetaCenter。

权限说明:允许访问其他云服务的权限、允许创建和删除服务关联角色的权限。

 {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:Describe*",
                "ess:Describe*",
                "vpc:Describe*",
                "rds:DescribeDBInstance*",
                "rds:DescribeRegions",
                "rds:DescribeBackup*",
                "rds:DescribeParameters",
                "rds:DescribeSQLCollector*",
                "slb:Describe*",
                "*:DescribeTags",
                "oss:GetService",
                "oss:GetBucket*",
                "oss:ListBuckets",
                "oss:ListObjects",
                "ram:List*",
                "ram:Get*",
                "actiontrail:LookupEvents",
                "actiontrail:Describe*",
                "actiontrail:Get*",
                "ots:BatchGet*",
                "ots:Describe*",
                "ots:Get*",
                "ots:List*",
                "ocs:Describe*",
                "cms:Get*",
                "cms:List*",
                "cms:Query*",
                "cms:BatchQuery*",
                "cms:Describe*",
                "kvstore:Describe*",
                "fc:Get*",
                "fc:List*",
                "kms:DescribeKey",
                "kms:DescribeRegions",
                "kms:ListAliases",
                "kms:ListAliasesByKeyId",
                "kms:ListKeys",
                "kms:DescribeKeyVersion",
                "kms:ListKeyVersions",
                "kms:ListSecrets",
                "kms:DescribeSecret",
                "cdn:Describe*",
                "yundun*:Get*",
                "yundun*:Describe*",
                "yundun*:Query*",
                "yundun*:List*",
                "polardb:Describe*",
                "dds:Describe*",
                "cen:Describe*",
                "mns:ListTopic",
                "mns:GetTopicAttributes",
                "resourcemanager:GetAccount",
                "resourcemanager:ListAccountsForParent",
                "resourcemanager:ListAccounts",
                "resourcemanager:GetFolder",
                "resourcemanager:ListFoldersForParent",
                "resourcemanager:ListAncestors",
                "resourcemanager:GetResourceDirectory",
                "resourcemanager:ListHandshakesForResourceDirectory",
                "resourcemanager:GetHandshake",
                "resourcemanager:ListResourceGroups",
                "resourcemanager:GetResourceGroup",
                "composer:GetFlow",
                "composer:DescribeFlow",
                "nas:Describe*",
                "hbase:Describe*",
                "hbase:Get*",
                "hbase:List*",
                "hbase:Query*",
                "cs:Get*",
                "cs:List*",
                "dms:List*",
                "dms:Get*",
                "mq:OnsInstanceInServiceList",
                "mq:OnsInstanceBaseInfo",
                "mq:OnsTopicList",
                "mq:OnsGroupList",
                "mq:QueryInstanceBaseInfo",
                "mq:List*",
                "alidns:Describe*",
                "alidns:List*",
                "mse:Query*",
                "mse:List*",
                "ros:Describe*",
                "ros:Get*",
                "ros:List*",
                "elasticsearch:List*",
                "elasticsearch:Describe*",
                "dcdn:Describe*",
                "hcs-sgw:Describe*",
                "eci:Describe*",
                "privatelink:List*",
                "privatelink:Get*",
                "yundun-antiddosbag:Describe*",
                "yundun-cert:Describe*",
                "hcs-sgw:Describe*",
                "brain-industrial:List*",
                "brain-industrial:Get*",
                "imagesearch:List*",
                "imagesearch:Describe*",
                "hitsdb:Describe*",
                "apigateway:Describe*",
                "cmn:List*",
                "cmn:Get*",
                "ledgerdb:Describe*",
                "cms:Describe*",
                "pvtz:Describe*",
                "oos:Search*",
                "oos:List*",
                "adb:Describe*",
                "edas:Read*",
                "drds:Describe*",
                "gpdb:Describe*",
                "log:ListProject",
                "log:GetProject",
                "log:ListLogStores",
                "log:GetLogStore",
                "eventbridge:Get*",
                "eventbridge:List*",
                "pvtz:Describe*",
                "*:ListTagResources",
                "emr:List*",
                "emr:Describe*",
                "iot:List*",
                "iot:Get*",
                "iot:Query*",
                "smartag:Describe*",
                "smartag:List*",
                "alb:List*",
                "alb:Get*"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "rmc.resourcemanager.aliyuncs.com"
                }
            }
        },
        {
            "Action": "ram:CreateServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "rmc.resourcemanager.aliyuncs.com"
                }
            }
        }
    ]
}

创建服务关联角色

当您使用资源元数据(资源名称、IP地址或标签)搜索资源时,您需要开启资源元数据中心服务。开启过程中,系统会自动创建该服务关联角色。具体操作,请参见搜索资源组内的资源跨资源组搜索资源

删除服务关联角色

当您不需要使用资源元数据(资源名称、IP地址或标签)搜索功能时,您可以在RAM控制台手动删除该服务关联角色。具体操作,请参见删除RAM角色