本文介紹Advisor服務關聯角色AliyunServiceRoleForAdvisor以及如何刪除該角色。
背景信息
Advisor服務關聯角色AliyunServiceRoleForAdvisor是Advisor為了完成自身的某個功能,需要獲取其他云服務的訪問權限而提供的RAM角色。更多關于服務關聯角色的信息請參見服務關聯角色。
應用場景
Advisor需要訪問負載均衡SLB(Server Load Balancer)、專有網絡VPC(Virtual Private Cloud)、云服務器ECS(Elastic Compute Service)等云服務的資源時,可通過自動創建的Advisor服務關聯角色AliyunServiceRoleForAdvisor獲取訪問權限。
權限說明
AliyunServiceRoleForAdvisor具備的云服務的訪問權限如下所示,更多權限說明請參見權限策略管理。
{
"Action": [
"ecs:DescribeInstances",
"ecs:DescribeTags",
"ecs:DescribeDisks",
"ecs:DescribeRegions",
"ecs:DescribeInstanceMonitorData",
"ecs:DescribeDiskMonitorData",
"ecs:ValidateSecurityGroup",
"ecs:DescribeCommands",
"ecs:DescribeDisksFullStatus",
"ecs:DescribeDeploymentSets",
"ecs:DescribeAccountAttributes",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeSecurityGroups",
"ecs:DescribeAccountAttributes",
"ecs:DescribeDedicatedHosts",
"ecs:DescribeDedicatedHostAutoRenew",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSnapshots",
"ecs:CreateDiagnosticReport",
"ecs:DescribeDiagnosticReports",
"ecs:DescribePrice",
"ecs:DescribeResourcesModification",
"ecs:DescribeInstanceTypes",
"ecsinc:DescribeResourceStatusDiagnosis",
"ecs:DescribeSceneResourceRecommend"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"slb:DescribeLoadBalancers",
"slb:DescribeRegions",
"slb:DescribeLoadBalancerAttribute",
"slb:DescribeHealthStatus",
"slb:DescribeLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerUDPListenerAttribute",
"slb:DescribeLoadBalancerHTTPListenerAttribute",
"slb:DescribeLoadBalancerHTTPSListenerAttribute",
"slb:DescribeLoadBalancerListeners",
"slb:DescribeVServerGroupAttribute",
"slb:DescribeMasterSlaveServerGroupAttribute",
"slb:DescribeAccessControlLists",
"slb:DescribeAccessControlListAttribute",
"slb:DescribeMasterSlaveServerGroups"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBInstanceNetInfo",
"rds:DescribeRenewalPrice",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeRegions",
"rds:DescribeSQLCollectorPolicy",
"rds:DescribeDBInstancePerformance",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeSlowLogs",
"rds:DescribeSlowLogRecords",
"rds:DescribeDBInstanceProxyConfiguration",
"rds:DescribeReplicas",
"rds:DescribeErrorLogs",
"rds:DescribeHASwitchConfig",
"rds:DescribeAccounts",
"rds:DescribeBackups",
"rds:DescribeDBInstanceHAConfig",
"rds:DescribeAvailableClasses",
"rds:ListClasses",
"rds:DescribePrice"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"cdn:DescribeUserDomains",
"cdn:DescribeDomainReqHitRateData",
"cdn:DescribeCdnDomainDetail",
"cdn:DescribeCdnDomai nConfigs",
"cdn:DescribeRefreshQuota",
"cdn:DescribeDomainCertificateInfo",
"cdn:DescribeCdnUserQuota",
"cdn:DescribeDomainHttpCodeData",
"cdn:DescribeDomainRealTimeReqHitRateData",
"cdn:DescribeDomainQpsData"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"alb:ListServerGroupServers",
"alb:GetLoadBalancerAttribute",
"alb:ListListeners",
"alb:ListLoadBalancers",
"alb:GetListenerHealthStatus",
"alb:ListListenerCertificates",
"alb:ListServerGroups",
"alb:ListRules",
"alb:GetListenerAttribute",
"alb:ListAcls",
"alb:ListAclEntries",
"alb:ListAclRelations"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"nlb:DescribeRegions",
"nlb:GetListenerAttribute",
"nlb:GetListenerHealthStatus",
"nlb:GetLoadBalancerAttribute",
"nlb:ListListenerCertificates",
"nlb:ListListeners",
"nlb:ListLoadBalancers",
"nlb:ListSecurityPolicy",
"nlb:ListServerGroups",
"nlb:ListServerGroupServers"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"scdn:DescribeScdnDomainDetail",
"scdn:DescribeScdnUserDomains"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"dcdn:DescribeDcdnDomainDetail",
"dcdn:DescribeDcdnUserDomains"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"nas:DescribeRegions",
"nas:DescribeFileSystems"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches",
"vpc:DescribeEipAddresses",
"vpc:DescribeRegions",
"vpc:DescribeEipMonitorData",
"vpc:DescribePhysicalConnections",
"vpc:DescribeVpnGateways",
"vpc:DescribeVpnConnections",
"vpc:DescribeCustomerGateways",
"vpc:DescribeSslVpnClientCerts",
"vpc:DescribeVpnPbrRouteEntries",
"vpc:DescribeVpnRouteEntries",
"vpc:DescribeRouteTableList",
"vpc:DescribeRouteEntryList",
"vpc:DescribeNatGateways",
"vpc:DescribeBandwidthPackages",
"vpc:DescribeSnatTableEntries",
"vpc:DescribeForwardTableEntries",
"vpc:DescribeCommonBandwidthPackages",
"vpc:DescribeVirtualBorderRouters",
"vpc:DescribeRouterInterfaces",
"vpc:DescribeGlobalAccelerationInstances"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"oss:ListBuckets",
"oss:GetBucketInfo",
"oss:GetBucketAcl",
"oss:GetBucketLogging",
"oss:GetBucketEncryption",
"oss:GetBucketReplication",
"oss:GetBucketVersioning",
"oss:GetBucketReferer",
"oss:GetBucketPolicy",
"oss:ListObjects"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"alidns:DescribeDomains",
"alidns:DescribeDomainRecords",
"alidns:DescribeSubDomainRecords"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"yundun-waf:DescribePayInfo",
"yundun-waf:DescribeDomainConfig",
"yundun-waf:DescribeDomainNames",
"yundun-ddos:DescribeInstanceSpecs",
"yundun-ddos:DescribeDdosEventList",
"yundun-ddoscoo:DescribeInstanceSpecs",
"yundun-ddoscoo:DescribeDomains",
"yundun-ddoscoo:DescribeInstanceIds",
"yundun-ddoscoo:DescribeAutoCcWhitelist",
"yundun-ddoscoo:DescribeAutoCcBlacklist",
"yundun-ddoscoo:DescribeDomainAttackEvents",
"yundun-cert:DescribeSSLCertificatePublicKeyDetail",
"yundun-cert:ListCertificateOrder"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"cen:DescribePublishedRouteEntries",
"cen:DescribeCenAttachedChildInstances",
"cen:DescribeCens",
"cen:DescribeCenVbrHealthCheck"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"cms:DescribeMetricData",
"cms:DescribeMetricList",
"cms:DescribeSystemEventAttribute",
"cms:DescribeMetricLast",
"cms:QueryMetricData",
"cms:QueryMetricList",
"cms:DescribeMonitoringAgentStatuses",
"cms:QueryMonitoringAgentStatuses",
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"polardb:DescribeRegions",
"polardb:DescribeDBClusters",
"polardb:DescribeDBClusterAttribute",
"polardb:DescribeDBClusters"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"dds:DescribeDBInstances",
"dds:DescribeDBInstanceAttribute",
"dds:DescribeRegions"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"netgateway:DescribeNatGateways"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"live:DescribeLiveUserDomains",
"live:DescribeLiveDomainConfigs",
"live:DescribeLiveStreamsOnlineList",
"live:DescribeLiveRecordConfig",
"live:DescribeLiveRecordNotifyConfig",
"live:DescribeLiveDomainDetail",
"live:DescribeLiveStreamsPublishList",
"live:DescribeLiveStreamMetricDetailData"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"kvstore:DescribeInstances",
"kvstore:DescribeHistoryMonitorValues",
"kvstore:DescribeInstanceAttribute",
"kvstore:DescribeSecurityIps",
"kvstore:DescribeInstanceSSL",
"kvstore:DescribeRegions"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"ram:DeleteServiceLinkedRole",
"ram:CreateServiceLinkedRole",
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"polardbx:DescribeDrdsInstances",
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"drds:DescribeDrdsInstances"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"mq:OnsInstanceInServiceList",
"mq:OnsRegionList",
"mq:OnsTopicList"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"mse:ListClusters",
"mse:ListAnsServices",
"mse:ListEurekaServices",
"mse:QueryClusterDetail"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"cs:DescribeClustersV1",
"cs:ListClusterReportSummary",
"cs:GetClusterCheckItem",
"cs:GetClusterBasicInfo",
"cs:GetClusterReportSummary",
"cs:DescribeClusterNodes",
"cs:GetClusters",
"cs:GetClusterCheckResult"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"ims:ListAccessKeys"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"tag:ListTagResources",
"tag:DescribeRegions"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"resourcemanager:GetResourceDirectory",
"resourcemanager:GetAccount",
"resourcemanager:GetFolder",
"resourcemanager:ListAccounts",
"resourcemanager:ListAccountsForParent",
"resourcemanager:ListFoldersForParent",
"resourcemanager:ListDelegatedAdministrators",
"resourcemanager:ListDelegatedServicesForAccount"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"kms:DescribeRegions",
"kms:ListKmsInstances",
"kms:GetKmsInstance"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"bssapi:DescribeInstanceBill",
"bssapi:GetPayAsYouGoPrice",
"bssapi:GetSubscriptionPrice",
"bssapi:QueryProductList",
"bssapi:QueryAvailableInstances",
"bssapi:DescribePricingModule"
],
"Resource": "*",
"Effect": "Allow"
}
刪除Advisor服務關聯角色
刪除AliyunServiceRoleForAdvisor會影響Advisor獲取數據,請謹慎操作。刪除AliyunServiceRoleForAdvisor的操作步驟如下。
登錄RAM控制臺,在左側導航欄中單擊RAM角色管理。
在RAM角色管理頁面的搜索框中,輸入AliyunServiceRoleForAdvisor,自動搜索到名稱為AliyunServiceRoleForAdvisor的RAM角色。
在右側操作列,單擊刪除。
在刪除RAM角色對話框,單擊確定。
恢復服務關聯角色
若刪除服務關聯角色后仍需使用到云資源,系統會提示您創建服務關聯角色。登錄Advisor控制臺,根據提示完成授權。
常見問題
問:為什么我的RAM用戶無法自動創建AliyunServiceRoleForAdvisor?
答:您需要擁有指定的權限才能自動創建或刪除AliyunServiceRoleForAdvisor。因此,在RAM用戶無法自動創建AliyunServiceRoleForAdvisor時,您需為其添加以下權限策略。
{
"Statement": [
{
"Action": [
"ram:CreateServiceLinkedRole"
],
"Resource": "acs:ram:*:主賬號ID:role/*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"advisor.aliyuncs.com"
]
}
}
}
],
"Version": "1"
}說明
請將主賬號ID替換為您實際的阿里云賬號(主賬號)ID。
文檔內容是否對您有幫助?