日本熟妇hd丰满老熟妇,中文字幕一区二区三区在线不卡 ,亚洲成片在线观看,免费女同在线一区二区

AI 助理
備案控制臺(tái)
文檔
輸入文檔關(guān)鍵字查找
首頁 應(yīng)用實(shí)時(shí)監(jiān)控服務(wù) 安全合規(guī) 訪問控制 使用RAM進(jìn)行訪問控制 ARMS服務(wù)關(guān)聯(lián)角色

ARMS服務(wù)關(guān)聯(lián)角色

更新時(shí)間:
產(chǎn)品詳情
我的收藏

本文介紹ARMS服務(wù)關(guān)聯(lián)角色AliyunServiceRoleForARMS以及如何刪除該角色。

背景信息

ARMS服務(wù)關(guān)聯(lián)角色AliyunServiceRoleForARMSARMS在某些情況下,為了完成自身的某個(gè)功能,需要獲取其他云服務(wù)的訪問權(quán)限而提供的RAM角色。更多關(guān)于服務(wù)關(guān)聯(lián)角色的信息請參見服務(wù)關(guān)聯(lián)角色

AliyunServiceRoleForARMS應(yīng)用場景

ARMS Prometheus監(jiān)控功能需要訪問容器服務(wù)ACK日志服務(wù)SLS云服務(wù)器ECS專有網(wǎng)絡(luò)VPC云服務(wù)的資源時(shí),可通過自動(dòng)創(chuàng)建的ARMS服務(wù)關(guān)聯(lián)角色AliyunServiceRoleForARMS獲取訪問權(quán)限。

AliyunServiceRoleForARMS權(quán)限說明

AliyunServiceRoleForARMS具備以下云服務(wù)的訪問權(quán)限:

容器服務(wù)ACK的訪問權(quán)限

{
            "Action": [
                "cs:ScaleCluster",
                "cs:DeleteCluster",
                "cs:GetClusterById",
                "cs:GetClusters",
                "cs:GetUserConfig",
                "cs:CheckKritisInstall",
                "cs:GetKritisAttestationAuthority",
                "cs:GetKritisGenericAttestationPolicy",
                "cs:CreateCluster",
                "cs:AttachInstances",
                "cs:InstallKritis",
                "cs:InstallKritisAttestationAuthority",
                "cs:InstallKritisGenericAttestationPolicy",
                "cs:DeleteCluster",
                "cs:UpdateClusterTags",
                "cs:DeleteClusterNodes",
                "cs:UninstallKritis",
                "cs:DeleteKritisAttestationAuthority",
                "cs:DeleteKritisGenericAttestationPolicy",
                "cs:UpdateKritisAttestationAuthority",
                "cs:UpdateKritisGenericAttestationPolicy",
                "cs:UpgradeCluster",
                "cs:DeleteClusterNode",
                "cs:GetClusterLogs"
            ],
            "Resource": [
                "acs:cs:*:*:cluster/*"
            ],
            "Effect": "Allow"
        }

日志服務(wù)SLS的訪問權(quán)限

{
            "Action": [
                "log:CreateProject",
                "log:GetProject",
                "log:GetLogStoreLogs",
                "log:GetHistograms",
                "log:GetLogStoreHistogram",
                "log:GetLogStore",
                "log:ListLogStores",
                "log:CreateLogStore",
                "log:DeleteLogStore",
                "log:UpdateLogStore",
                "log:GetCursorOrData",
                "log:GetCursor",
                "log:PullLogs",
                "log:ListShards",
                "log:PostLogStoreLogs",
                "log:CreateConfig",
                "log:UpdateConfig",
                "log:DeleteConfig",
                "log:GetConfig",
                "log:ListConfig",
                "log:CreateMachineGroup",
                "log:UpdateMachineGroup",
                "log:DeleteMachineGroup",
                "log:GetMachineGroup",
                "log:ListMachineGroup",
                "log:ListMachines",
                "log:ApplyConfigToGroup",
                "log:RemoveConfigFromGroup",
                "log:GetAppliedMachineGroups",
                "log:GetAppliedConfigs",
                "log:GetShipperStatus",
                "log:RetryShipperTask",
                "log:CreateConsumerGroup",
                "log:UpdateConsumerGroup",
                "log:DeleteConsumerGroup",
                "log:ListConsumerGroup",
                "log:UpdateCheckPoint",
                "log:HeartBeat",
                "log:GetCheckPoint",
                "log:CreateIndex",
                "log:DeleteIndex",
                "log:GetIndex",
                "log:UpdateIndex",
                "log:CreateSavedSearch",
                "log:UpdateSavedSearch",
                "log:GetSavedSearch",
                "log:DeleteSavedSearch",
                "log:ListSavedSearch",
                "log:CreateDashboard",
                "log:UpdateDashboard",
                "log:GetDashboard",
                "log:DeleteDashboard",
                "log:ListDashboard",
                "log:CreateJob",
                "log:UpdateJob"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }

云服務(wù)器ECS的訪問權(quán)限

{
            "Action": [
                "ecs:DescribeInstanceAutoRenewAttribute",
                "ecs:DescribeInstances",
                "ecs:DescribeInstanceStatus",
                "ecs:DescribeInstanceVncUrl",
                "ecs:DescribeSpotPriceHistory",
                "ecs:DescribeUserdata",
                "ecs:DescribeInstanceRamRole",
                "ecs:DescribeDisks",
                "ecs:DescribeSnapshots",
                "ecs:DescribeAutoSnapshotPolicy",
                "ecs:DescribeSnapshotLinks",
                "ecs:DescribeImages",
                "ecs:DescribeImageSharePermission",
                "ecs:DescribeClassicLinkInstances",
                "ecs:AuthorizeSecurityGroup",
                "ecs:DescribeSecurityGroupAttribute",
                "ecs:DescribeSecurityGroups",
                "ecs:AuthorizeSecurityGroupEgress",
                "ecs:DescribeSecurityGroupReferences",
                "ecs:RevokeSecurityGroup",
                "ecs:DescribeNetworkInterfaces",
                "ecs:DescribeTags",
                "ecs:DescribeRegions",
                "ecs:DescribeZones",
                "ecs:DescribeInstanceMonitorData",
                "ecs:DescribeEipMonitorData",
                "ecs:DescribeDiskMonitorData",
                "ecs:DescribeInstanceTypes",
                "ecs:DescribeInstanceTypeFamilies",
                "ecs:DescribeTasks",
                "ecs:DescribeTaskAttribute",
                "ecs:DescribeInstanceAttribute",
                "ecs:InvokeCommand",
                "ecs:CreateCommand",
                "ecs:StopInvocation",
                "ecs:DeleteCommand",
                "ecs:DescribeCommands",
                "ecs:DescribeInvocations",
                "ecs:DescribeInvocationResults",
                "ecs:ModifyCommand",
                "ecs:InstallCloudAssistant"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }

專有網(wǎng)絡(luò)VPC的訪問權(quán)限

{
       "Action": [
           "vpc:DescribeVpcs",
           "vpc:DescribeVSwitches"
       ],
       "Resource": "*",
       "Effect": "Allow"
}

刪除AliyunServiceRoleForARMS

如果您使用了ARMS Prometheus監(jiān)控功能,并且需要?jiǎng)h除ARMS服務(wù)關(guān)聯(lián)角色AliyunServiceRoleForARMS,例如出于安全考慮,需要?jiǎng)h除該角色,則需要先明確刪除后的影響:刪除AliyunServiceRoleForARMS后,無法將當(dāng)前賬號下的K8s集群同步至ARMS控制臺(tái)K8s集群列表中,與此同時(shí),ARMS控制臺(tái)將停止獲取及寫入相關(guān)監(jiān)控?cái)?shù)據(jù)。

刪除AliyunServiceRoleForARMS的操作步驟如下:

說明

如果當(dāng)前賬號下的K8s集群安裝了ARMS Prometheus監(jiān)控Agent,則需先刪除Agent后才能刪除AliyunServiceRoleForARMS,否則提示刪除失敗,詳情請參見卸載監(jiān)控插件

  1. 登錄RAM控制臺(tái),在左側(cè)導(dǎo)航欄選擇身份管理 > 角色

  2. 角色頁面的搜索框中,輸入AliyunServiceRoleForARMS,自動(dòng)搜索到名稱為AliyunServiceRoleForARMSRAM角色。

  3. 在右側(cè)操作列,單擊刪除

  4. 刪除RAM角色對話框,單擊確定

    • 如果當(dāng)前賬號下的K8s集群安裝了ARMS Prometheus監(jiān)控Agent,則需先刪除Agent后才能刪除AliyunServiceRoleForARMS,否則提示刪除失敗,詳情請參見卸載監(jiān)控插件

    • 如果當(dāng)前賬號下的K8s集群已卸載ARMS Prometheus監(jiān)控Agent,則可直接刪除AliyunServiceRoleForARMS。

常見問題

為什么我的RAM用戶無法自動(dòng)創(chuàng)建ARMS服務(wù)關(guān)聯(lián)角色AliyunServiceRoleForARMS?

您需要擁有指定的權(quán)限,才能自動(dòng)創(chuàng)建或刪除AliyunServiceRoleForARMS。因此,在RAM用戶無法自動(dòng)創(chuàng)建AliyunServiceRoleForARMS時(shí),您需為其添加以下權(quán)限策略。

{
    "Statement": [
        {
            "Action": [
                "ram:CreateServiceLinkedRole"
            ],
            "Resource": "acs:ram:*:主賬號ID:role/*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": [
                        "arms.aliyuncs.com"
                    ]
                }
            }
        }
    ],
    "Version": "1"
}
說明

請將主賬號ID替換為您實(shí)際的阿里云賬號(主賬號)ID。