本文為您介紹DAS服務關聯角色(AliyunServiceRoleForDAS)的應用場景以及如何刪除服務關聯角色。

背景信息

DAS服務關聯角色(AliyunServiceRoleForDAS)是在某些情況下,為了很好地支持DAS自身的功能,需要獲取用戶其他云服務的訪問權限而提供的RAM角色。更多關于服務關聯角色的信息請參見服務關聯角色

應用場景

DAS接入用戶在阿里云購買的云數據庫,比如RDS、MongoDB、Redis、PolarDB等或者在阿里云ECS上自建的數據庫時,通過服務關聯角色功能獲取訪問權限。

AliyunServiceRoleForDAS介紹

角色名稱:AliyunServiceRoleForDAS

角色權限策略:AliyunServiceRolePolicyForDAS

權限說明:
{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "rds:DescribeRegions",
                "rds:DescribeDBInstances",
                "rds:DescribeDatabases",
                "rds:DescribeDBInstanceNetInfo",
                "rds:DescribeDBInstanceAttribute",
                "rds:DescribeAccounts",
                "rds:DescribeDBInstanceIPArrayList",
                "rds:DescribeDBInstancePerformance",
                "rds:ModifySecurityIps",
                "rds:CreateAccount",
                "rds:GrantAccountPrivilege",
                "rds:RevokeAccountPrivilege",
                "rds:CreateDatabase",
                "rds:ModifyDBInstanceDescription",
                "rds:DescribeSlowLogRecords",
                "rds:DescribeSlowLogs",
                "rds:DescribeResourceUsage",
                "rds:DescribeSQLCollectorPolicy",
                "rds:ModifyDBInstanceSpec",
                "rds:DescribeTasks",
                "rds:DescribeTaskIdByRequestID",
                "rds:ModifyDBNodeClass",
                "rds:DescribeParameters",
                "rds:ModifyParameter",
                "rds:DescribeBackups",
                "rds:CloneDBInstance",
                "rds:DescribeLocalAvailableRecoveryTime"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "vpc:DescribeVpcs",
                "vpc:DescribePhysicalConnections",
                "vpc:DescribeVpnGateways",
                "vpc:DescribeRouterInterfaces",
                "vpc:DescribeVirtualBorderRouters",
                "vpc:DescribeVSwitches",
                "vpc:DescribeVSwitchAttributes",
                "vpc:ModifyVSwitchAttribute"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ecs:DescribeInstances",
                "ecs:DescribeInstanceAttribute",
                "ecs:DescribeInstanceStatus",
                "ecs:DescribeInstanceMonitorData",
                "ecs:DescribeSecurityGroups",
                "ecs:JoinSecurityGroup",
                "ecs:DescribeSecurityGroupAttribute",
                "ecs:AuthorizeSecurityGroup",
                "ecs:RevokeSecurityGroup",
                "ecs:DescribeDisks",
                "ecs:RunInstances",
                "ecs:CreateSecurityGroup",
                "ecs:DescribeAvailableResource",
                "ecs:DescribeImages"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "kvstore:DescribeCacheAnalysisReport",
                "kvstore:DescribeCacheAnalysisReportList",
                "kvstore:CreateCacheAnalysisTask",
                "kvstore:DescribeAccounts",
                "kvstore:CreateAccount",
                "kvstore:DescribeRegions",
                "kvstore:DescribeInstances",
                "kvstore:DescribeInstanceAttribute",
                "kvstore:DescribeHistoryMonitorValues",
                "kvstore:DescribeMonitorItems",
                "kvstore:VerifyPassword",
                "kvstore:DescribeSecurityIps",
                "kvstore:ModifySecurityIps",
                "kvstore:ModifyInstanceAttribute",
                "kvstore:ModifyInstanceSpec",
                "kvstore:AddShardingNode",
                "kvstore:DeleteShardingNode",
                "kvstore:DescribeRoleZoneInfo",
                "kvstore:EnableAdditionalBandwidth",
                "kvstore:RenewAdditionalBandwidth",
                "kvstore:DescribeIntranetAttribute",
                "kvstore:DescribeClusterMemberInfo",
                "kvstore:DescribeAuditLogConfig",
                "kvstore:DescribeAuditRecords",
                "kvstore:DescribeRunningLogRecords",
                "kvstore:DescribeSlowLogRecords"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "dts:DescribeMigrationJobs",
                "dts:DescribeMigrationJobDetail",
                "dts:DescribeMigrationJobStatus",
                "dts:CreateMigrationJob",
                "dts:ConfigureMigrationJob",
                "dts:SuspendMigrationJob",
                "dts:StartMigrationJob",
                "dts:StopMigrationJob",
                "dts:DeleteMigrationJob",
                "dts:DescribeSynchronizationJobs",
                "dts:DescribeSynchronizationJobStatus",
                "dts:CreateSynchronizationJob",
                "dts:ConfigureSynchronizationJob",
                "dts:SuspendSynchronizationJob",
                "dts:StartSynchronizationJob",
                "dts:DeleteSynchronizationJob",
                "dts:DescribeObjectModifyStatus",
                "dts:ModifySynchronizationObject",
                "dts:ResetSynchronizationJob"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "pvtz:DescribeUserServiceStatus",
                "pvtz:DescribeZones",
                "pvtz:DescribeZoneRecords",
                "pvtz:UpdateZoneRecord"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "dds:DescribeDBInstances",
                "dds:DescribeReplicaSetRole",
                "dds:DescribeDBInstanceAttribute",
                "dds:DescribeRegions",
                "dds:DescribeDBInstancePerformance",
                "dds:DescribeSecurityIps",
                "dds:ModifyDBInstanceDescription",
                "dds:ModifySecurityIps",
                "dds:DescribeShardingNetworkAddress",
                "dds:DescribeSlowLogRecords",
                "dds:DescribeRunningLogRecords",
                "dds:DescribeErrorLogList"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "cms:QueryContactGroup",
                "cms:QueryContact"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "polardb:DescribeDBClusters",
                "polardb:DescribeRegions",
                "polardb:DescribeDBClusterAttribute",
                "polardb:ModifyDBNodeClass",
                "polardb:DescribeDBClusterAvailableResources",
                "polardb:CreateDBNodes",
                "polardb:DeleteDBNodes",
                "polardb:DescribeBackups",
                "polardb:CreateDBCluster",
                "polardb:DescribeDBClusterParameters"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "hdm.aliyuncs.com"
                }
            }
        }
    ]
}

刪除服務關聯角色

如果您需要刪除服務關聯角色(AliyunServiceRoleForDAS),請參見刪除服務關聯角色