本文介紹AHAS服務關聯角色AliyunServiceRoleForAHAS以及如何刪除該角色。
背景信息
AHAS服務關聯角色AliyunServiceRoleForAHAS是AHAS在某些情況下,為了完成自身的某個功能,需要獲取其他云服務的訪問權限而提供的RAM角色。更多關于服務關聯角色的信息請參見服務關聯角色。
應用場景
AHAS架構感知的資源拓撲、流量防護等功能需要訪問負載均衡SLB(Server Load Balancer)、專有網絡VPC(Virtual Private Cloud)、云服務器ECS(Elastic Compute Service)等云服務的資源時,可通過自動創建的AHAS服務關聯角色AliyunServiceRoleForAHAS獲取訪問權限。
權限說明
AHAS服務關聯角色AliyunServiceRoleForAHAS具備的云服務的訪問權限如下所示,更多權限說明請參見權限策略管理。
{
"Action": [
"ecs:DescribeInstanceAutoRenewAttribute",
"ecs:DescribeInstances",
"ecs:DescribeInstanceStatus",
"ecs:DescribeInstanceVncUrl",
"ecs:DescribeSpotPriceHistory",
"ecs:DescribeUserdata",
"ecs:DescribeInstanceRamRole",
"ecs:DescribeDisks",
"ecs:DescribeSnapshots",
"ecs:DescribeAutoSnapshotPolicy",
"ecs:DescribeSnapshotLinks",
"ecs:DescribeImages",
"ecs:DescribeImageSharePermission",
"ecs:DescribeClassicLinkInstances",
"ecs:AuthorizeSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:ModifySecurityGroupAttribute",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:ModifySecurityGroupRule",
"ecs:DescribeSecurityGroupReferences",
"ecs:ModifySecurityGroupPolicy",
"ecs:RevokeSecurityGroup",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeTags",
"ecs:DescribeRegions",
"ecs:DescribeZones",
"ecs:DescribeInstanceMonitorData",
"ecs:DescribeEipMonitorData",
"ecs:DescribeDiskMonitorData",
"ecs:DescribeInstanceTypes",
"ecs:DescribeInstanceTypeFamilies",
"ecs:DescribeTasks",
"ecs:DescribeTaskAttribute",
"ecs:DescribeInstanceAttribute",
"ecs:InvokeCommand",
"ecs:CreateCommand",
"ecs:StopInvocation",
"ecs:DeleteCommand",
"ecs:DescribeCommands",
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults",
"ecs:ModifyCommand",
"ecs:InstallCloudAssistant",
"ecs:CreateNetworkInterfacePermission",
"ecs:DeleteNetworkInterfacePermission",
"ecs:CreateNetworkInterface",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:ModifyInstanceAttribute",
"ecs:DescribeNetworkInterfaces",
"ecs:RebootInstances",
"ecs:StopInstances",
"ecs:StartInstances"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"slb:DescribeLoadBalancers",
"slb:DescribeLoadBalancerAttribute",
"slb:DescribeLoadBalancerHTTPListenerAttribute",
"slb:DescribeLoadBalancerHTTPSListenerAttribute",
"slb:DescribeLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerUDPListenerAttribute",
"slb:DescribeHealthStatus",
"slb:DescribeVServerGroups",
"slb:DescribeVServerGroupAttribute",
"slb:DescribeTags",
"slb:DescribeRules"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeNatGateways",
"vpc:DescribeForwardTableEntries",
"vpc:DescribeSnatTableEntries",
"vpc:DescribeBandwidthPackages",
"vpc:DescribeEipAddresses",
"vpc:DescribeEipGatewayInfo",
"vpc:DescribeEipMonitorData"
],
"Resource": "*",
"Effect": "Allow"
},
刪除AHAS服務關聯角色
如果您需要刪除AHAS服務關聯角色AliyunServiceRoleForAHAS,請注意刪除AliyunServiceRoleForAHAS后,會影響您AHAS數據的獲取。刪除AliyunServiceRoleForAHAS的操作步驟如下。
常見問題
問:為什么我的RAM用戶無法自動創建AHAS服務關聯角色AliyunServiceRoleForAHAS?
{
"Statement": [
{
"Action": [
"ram:CreateServiceLinkedRole"
],
"Resource": "acs:ram:*:主賬號ID:role/*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"ahas.aliyuncs.com"
]
}
}
}
],
"Version": "1"
}主賬號ID替換為您實際的阿里云賬號(主賬號)ID。