本文為您介紹DBFS服務關聯(lián)角色(AliyunServiceRoleForDbfs)的應用場景以及如何刪除服務關聯(lián)角色。
背景信息
DBFS服務關聯(lián)角色(AliyunServiceRoleForDbfs)是在某些情況下,為了完成DBFS自身的某個功能,需要獲取其它云服務的訪問權限而提供的RAM角色。更多關于服務關聯(lián)角色的信息請參見服務關聯(lián)角色
應用場景
DBFS的創(chuàng)建、掛載、卸載、擴容、快照和刪除操作需要訪問ECS云服務和私網(wǎng)連接(PrivateLink)的資源,通過服務關聯(lián)角色功能獲取訪問權限。
DBFS使用ECS云助手完成版本在線升級、日志收集等功能,通過服務關聯(lián)角色功能獲取云助手訪問權限。
DBFS樣板間功能為用戶自動創(chuàng)建ECS、VPC、虛擬交換機、安全組資源,通過服務關聯(lián)角色功能獲取訪問權限。
AliyunServiceRoleForDbfs介紹
角色名稱:AliyunServiceRoleForDbfs
角色權限策略:AliyunServiceRolePolicyForDbfs
權限說明:
{
"Action": [
"ecs:CreateDisk",
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:DeleteDisk",
"ecs:ResizeDisk",
"ecs:CreateSnapshot",
"ecs:DeleteSnapshot",
"ecs:DescribeSnapshots",
"ecs:DescribeSnapshotLinks",
"ecs:ResetDisk",
"ecs:DescribeDisks",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeInstances",
"ecs:AuthorizeSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:DescribeCloudAssistantStatus",
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults",
"ecs:RunCommand",
"ecs:DescribeSecurityGroups",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:RunInstances",
"ecs:CreateInstance",
"ecs:StartInstance",
"ecs:CreateNetworkInterface",
"ecs:AttachNetworkInterface",
"privatelink:CreateVpcEndpoint",
"privatelink:DeleteVpcEndpoint",
"privatelink:GetVpcEndpointAttribute",
"privatelink:ListVpcEndpoints",
"privatelink:ListVpcEndpointZones",
"privatelink:AddZoneToVpcEndpoint",
"privatelink:RemoveZoneFromVpcEndpoint",
"privatelink:OpenPrivateLinkService",
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches",
"vpc:AssociateVpcCidrBlock",
"vpc:CreateVpc",
"vpc:CreateVSwitch",
"vpc:DeleteVpc",
"vpc:DeleteVSwitch"
],
"Resource": "*",
"Effect": "Allow"
},{
"Action": "ecs:DeleteInstance",
"Condition": {
"StringEqualsIgnoreCase": {
"ecs:tag/DBFS": "AutoCreated"
}
},
"Resource": "acs:ecs:*:*:*",
"Effect": "Allow"
}刪除服務關聯(lián)角色
如果您需要刪除AliyunServiceRoleForDbfs(服務關聯(lián)角色),需要先刪除依賴這個服務關聯(lián)角色的DBFS實例。
刪除DBFS實例具體操作請參見刪除文件系統(tǒng)
刪除服務關聯(lián)角色具體操作請參見刪除服務關聯(lián)角色