本文介紹多云成本運營服務關聯角色AliyunServiceRoleForACMP以及如何刪除該角色。
背景信息
多云成本運營服務關聯角色AliyunServiceRoleForACMP是同步阿里云賬號下資源及賬單數據時,獲取其他云服務的訪問權限而提供的RAM角色,更多關于服務關聯角色的信息請參見服務關聯角色。
AliyunServiceRoleForACMP應用場景
多云成本運營服務需要訪問云服務器ECS、容器服務ACK、專有網絡VPC、云數據庫RDS等云服務的資源時,可通過自動創建的多云成本運營服務關聯角色AliyunServiceRoleForACMP獲取訪問權限。
AliyunServiceRoleForACMP權限說明
AliyunServiceRoleForACMP僅涉及您賬號下的云資源及賬單數據的查詢權限。
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:DescribeInstances",
"ecs:DescribeInstanceStatus",
"ecs:DescribeDisks",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeStorageCapacityUnits"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cs:DescribeClusterDetail",
"cs:DescribeClusters",
"cs:DescribeClusterNodes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cr:ListInstance",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "eci:DescribeContainerGroups",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"log:ListLogStores",
"log:ListProject",
"log:GetLogStore"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "oss:ListBuckets",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "nas:DescribeFileSystems",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "polardb:DescribeDBClusters",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstanceAttribute",
"rds:DescribeDBInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "dts:DescribeDtsJobs",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"kvstore:DescribeInstanceAttribute",
"kvstore:DescribeInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"hbase:DescribeInstance",
"hbase:DescribeInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "dds:DescribeDBInstances",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "dbs:DescribeBackupPlanList",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "clickhouse:DescribeDBClusters",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "gpdb:DescribeDBInstances",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"adb:DescribeDBClusterAttribute",
"adb:DescribeDBClusters"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"polardbx:DescribeDBInstances",
"drds:DescribeDrdsInstance"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticsearch:DescribeInstance",
"elasticsearch:ListInstance"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "alb:ListLoadBalancers",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "slb:DescribeLoadBalancers",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "nlb:ListLoadBalancers",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cdn:DescribeUserDomains",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "vpc:DescribeNatGateways",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "vpc:DescribeCommonBandwidthPackages",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "vpc:DescribeEipAddresses",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeRouteTableList"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cen:DescribeCens",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "yundun-waf:DescribeInstanceInfos",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "rocketmq:ListTopics",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "alikafka:ListInstance",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"bssapi:DescribeInstanceBill",
"bssapi:QuerySettleBill",
"bssapi:GetOrderDetail",
"bssapi:QueryOrders",
"bssapi:DescribeSplitItemBill",
"bssapi:QueryRelationList",
"bssapi:QueryFinancialAccountInfo",
"bss:FrDeductLogQueryRequest",
"bssapi:QueryResourcePackageInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:ListUserBasicInfos",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudcontrol:GetResources",
"Resource": "*"
}
]
}刪除AliyunServiceRoleForACMP
如果您的賬號已接入多云成本運營,然后需要刪除多云成本運營服務關聯角色AliyunServiceRoleForACMP,例如您出于安全考慮,需要刪除該角色,則需要先明確刪除后的影響:刪除AliyunServiceRoleForACMP后,無法將當前賬號下的云資源及賬單數據同步至多云成本運營平臺中。
刪除AliyunServiceRoleForACMP的操作步驟如下:
文檔內容是否對您有幫助?