日本熟妇hd丰满老熟妇,中文字幕一区二区三区在线不卡 ,亚洲成片在线观看,免费女同在线一区二区

AI 助理
備案控制臺
文檔
有獎調研
輸入文檔關鍵字查找
首頁 應用實時監控服務 可觀測鏈路 OpenTelemetry 版 開發參考 訪問控制 可觀測鏈路 OpenTelemetry 版服務關聯角色

可觀測鏈路 OpenTelemetry 版服務關聯角色

更新時間:
產品詳情
相關技術圈
我的收藏

本文介紹可觀測鏈路 OpenTelemetry 版服務關聯角色AliyunServiceRoleForXtrace以及如何刪除該角色。

背景信息

可觀測鏈路 OpenTelemetry 版服務關聯角色AliyunServiceRoleForXtrace是可觀測鏈路 OpenTelemetry 版在某些情況下,為了完成自身的某個功能,需要獲取其他云服務的訪問權限而提供的RAM角色。更多關于服務關聯角色的信息,請參見服務關聯角色

AliyunServiceRoleForXtrace應用場景

可觀測鏈路 OpenTelemetry 版監控功能需要訪問容器服務ACK日志服務SLS、云服務器ECS專有網絡VPC云服務的資源時,可通過自動創建的可觀測鏈路 OpenTelemetry 版服務關聯角色AliyunServiceRoleForXtrace獲取訪問權限。

AliyunServiceRoleForXtrace權限說明

AliyunServiceRoleForXtrace具備以下云服務的訪問權限。

容器服務ACK的訪問權限

{
            "Action": [
                "cs:ScaleCluster",
                "cs:GetClusterById",
                "cs:GetClusters",
                "cs:GetUserConfig",
                "cs:CheckKritisInstall",
                "cs:GetKritisAttestationAuthority",
                "cs:GetKritisGenericAttestationPolicy",
                "cs:AttachInstances",
                "cs:InstallKritis",
                "cs:InstallKritisAttestationAuthority",
                "cs:InstallKritisGenericAttestationPolicy",
                "cs:UpdateClusterTags",
                "cs:UninstallKritis",
                "cs:DeleteKritisAttestationAuthority",
                "cs:DeleteKritisGenericAttestationPolicy",
                "cs:UpdateKritisAttestationAuthority",
                "cs:UpdateKritisGenericAttestationPolicy",
                "cs:UpgradeCluster",
                "cs:GetClusterLogs"
            ],
            "Resource": [
              "acs:cs:*:*:cluster/*"
            ],
            "Effect": "Allow"
        }

日志服務SLS的訪問權限

{
       "Action": [
        "log:CreateProject",
        "log:GetProject",
        "log:GetLogStoreLogs",
        "log:GetHistograms",
        "log:GetLogStoreHistogram",
        "log:GetLogStore",
        "log:ListLogStores",
        "log:EnableService",
        "log:DescribeService",
        "log:CreateLogStore",
        "log:DeleteLogStore",
        "log:UpdateLogStore",
        "log:GetCursorOrData",
        "log:GetCursor",
        "log:PullLogs",
        "log:ListShards",
        "log:PostLogStoreLogs",
        "log:CreateConfig",
        "log:UpdateConfig",
        "log:DeleteConfig",
        "log:GetConfig",
        "log:ListConfig",
        "log:CreateMachineGroup",
        "log:UpdateMachineGroup",
        "log:DeleteMachineGroup",
        "log:GetMachineGroup",
        "log:ListMachineGroup",
        "log:ListMachines",
        "log:ApplyConfigToGroup",
        "log:RemoveConfigFromGroup",
        "log:GetAppliedMachineGroups",
        "log:GetAppliedConfigs",
        "log:GetShipperStatus",
        "log:RetryShipperTask",
        "log:CreateConsumerGroup",
        "log:UpdateConsumerGroup",
        "log:DeleteConsumerGroup",
        "log:ListConsumerGroup",
        "log:UpdateCheckPoint",
        "log:HeartBeat",
        "log:GetCheckPoint",
        "log:CreateIndex",
        "log:DeleteIndex",
        "log:GetIndex",
        "log:UpdateIndex",
        "log:CreateSavedSearch",
        "log:UpdateSavedSearch",
        "log:GetSavedSearch",
        "log:DeleteSavedSearch",
        "log:ListSavedSearch",
        "log:CreateDashboard",
        "log:UpdateDashboard",
        "log:GetDashboard",
        "log:DeleteDashboard",
        "log:ListDashboard",
        "log:CreateJob",
        "log:UpdateJob"
       }
]

云服務器ECS的訪問權限

{
       "Action": [
        "ecs:DescribeInstanceAutoRenewAttribute",
        "ecs:DescribeInstances",
        "ecs:DescribeInstanceStatus",
        "ecs:DescribeInstanceVncUrl",
        "ecs:DescribeSpotPriceHistory",
        "ecs:DescribeUserdata",
        "ecs:DescribeInstanceRamRole",
        "ecs:DescribeDisks",
        "ecs:DescribeSnapshots",
        "ecs:DescribeAutoSnapshotPolicy",
        "ecs:DescribeSnapshotLinks",
        "ecs:DescribeImages",
        "ecs:DescribeImageSharePermission",
        "ecs:DescribeClassicLinkInstances",
        "ecs:AuthorizeSecurityGroup",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:DescribeSecurityGroups",
        "ecs:AuthorizeSecurityGroupEgress",
        "ecs:DescribeSecurityGroupReferences",
        "ecs:RevokeSecurityGroup",
        "ecs:DescribeNetworkInterfaces",
        "ecs:DescribeTags",
        "ecs:DescribeRegions",
        "ecs:DescribeZones",
        "ecs:DescribeInstanceMonitorData",
        "ecs:DescribeEipMonitorData",
        "ecs:DescribeDiskMonitorData",
        "ecs:DescribeInstanceTypes",
        "ecs:DescribeInstanceTypeFamilies",
        "ecs:DescribeTasks",
        "ecs:DescribeTaskAttribute",
        "ecs:DescribeInstanceAttribute",
        "ecs:InvokeCommand",
        "ecs:CreateCommand",
        "ecs:StopInvocation",
        "ecs:DeleteCommand",
        "ecs:DescribeCommands",
        "ecs:DescribeInvocations",
        "ecs:DescribeInvocationResults",
        "ecs:ModifyCommand",
        "ecs:InstallCloudAssistant"
         ],
      "Resource": "*",
      "Effect": "Allow"
    }

專有網絡VPC的訪問權限

{
       "Action": [
        "vpc:DescribeVpcs",
        "vpc:DescribeVSwitches",
        "vpc:DescribeEipAddresses",
        "vpc:DescribeRouterInterfaces",
        "vpc:DescribeGlobalAccelerationInstances",
        "vpc:DescribeVpnGateways",
        "vpc:DescribeNatGateways"
       ],
       "Resource": "*",
       "Effect": "Allow"
}

SLB的訪問和配置權限

{
       "Action": [
        "slb:DescribeLoadBalancers",
        "slb:DescribeLoadBalancerAttribute",
        "slb:SetLoadbalancerListenerAttributeEx",
        "slb:DescribeLoadbalancerListenersEx",
        "slb:DescribeLoadbalancerListenersEx",
        "slb:SetAccessLogsDownloadAttribute",
        "slb:DeleteAccessLogsDownloadAttribute",
        "slb:DescribeAccessLogsDownloadAttribute"
       ],
       "Resource": "*",
       "Effect": "Allow"
}

刪除AliyunServiceRoleForXtrace

如果您使用了可觀測鏈路 OpenTelemetry 版的監控功能,然后需要刪除可觀測鏈路 OpenTelemetry 版服務關聯角色AliyunServiceRoleForXtrace,例如您出于安全考慮,需要刪除該角色,則需要先明確刪除后的影響:刪除AliyunServiceRoleForXtrace后,無法將當前賬號下的數據進行存儲和展示。

刪除AliyunServiceRoleForXtrace的操作步驟如下:

說明

如果當前賬號下還有應用數據,則需先刪除所有應用后才能刪除AliyunServiceRoleForXtrace。

  1. 登錄RAM控制臺,在左側導航欄中選擇身份管理 > 角色。

  2. 角色頁面的搜索框中,輸入AliyunServiceRoleForXtrace,自動搜索到名稱為AliyunServiceRoleForXtrace的RAM角色。

  3. 在右側操作列,單擊刪除角色。

  4. 刪除角色對話框,確認信息并單擊刪除角色。

    • 如果當前賬號下還有可觀測鏈路 OpenTelemetry 版的應用,則需先刪除所有應用才能刪除AliyunServiceRoleForXtrace,否則提示刪除失敗。

    • 如果當前賬號下所有應用已經刪除,則可直接刪除AliyunServiceRoleForXtrace。

常見問題

為什么我的XTRACE用戶無法自動創建ARMS服務關聯角色AliyunServiceRoleForXtrace?

您需要擁有指定的權限,才能自動創建或刪除AliyunServiceRoleForXtrace。因此,在RAM用戶無法自動創建AliyunServiceRoleForXtrace時,您需為其添加以下權限策略。

{
    "Statement": [
        {
            "Action": [
                "ram:CreateServiceLinkedRole"
            ],
            "Resource": "acs:ram:*:主賬號ID:role/*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": [
                        "xtrace.aliyuncs.com"
                    ]
                }
            }
        }
    ],
    "Version": "1"
}