服務(wù)關(guān)聯(lián)角色
本文為您介紹什么是云存儲網(wǎng)關(guān)服務(wù)關(guān)聯(lián)角色(AliyunServiceRoleForHCSSGW和AliyunServiceRoleForHCSSGWLogMonitor)以及如何刪除服務(wù)關(guān)聯(lián)角色。
背景信息
網(wǎng)關(guān)服務(wù)關(guān)聯(lián)角色(AliyunServiceRoleForHCSSGW和AliyunServiceRoleForHCSSGWLogMonitor)是指在某些情況下,為了完成網(wǎng)關(guān)自身的某個功能,需要獲取其他云服務(wù)的訪問權(quán)限,從而提供的RAM角色。
網(wǎng)關(guān)服務(wù)可能需要創(chuàng)建彈性網(wǎng)卡以及消息主題、隊列、訂閱等對象,使用密鑰管理進(jìn)行數(shù)據(jù)加密,對OSS數(shù)據(jù)進(jìn)行上傳下載管理訪問等,可通過自動創(chuàng)建的網(wǎng)關(guān)服務(wù)關(guān)聯(lián)角色(AliyunServiceRoleForHCSSGW)獲取訪問ECS、VPC、KMS、OSS等資源的權(quán)限。
對于日志監(jiān)控功能,網(wǎng)關(guān)服務(wù)可能需要獲取和推送網(wǎng)關(guān)日志,可通過自動創(chuàng)建的網(wǎng)關(guān)服務(wù)關(guān)聯(lián)角色(AliyunServiceRoleForHCSSGWLogMonitor)獲取訪問SLS資源的權(quán)限。
AliyunServiceRoleForHCSSGW權(quán)限說明
RAM用戶需具有AliyunHCSSGWFullAccess權(quán)限才能創(chuàng)建AliyunServiceRoleForHCSSGW。
AliyunServiceRoleForHCSSGW具備以下云服務(wù)的訪問權(quán)限:
ECS彈性網(wǎng)卡及安全組相關(guān)權(quán)限
網(wǎng)關(guān)服務(wù)需使用彈性網(wǎng)卡(以及相關(guān)安全組)來提供掛載協(xié)議。
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:CreateSecurityGroup",
"ecs:DescribeSecurityGroups",
"ecs:AuthorizeSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:JoinSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
}
專有網(wǎng)絡(luò)VPC的訪問權(quán)限
網(wǎng)關(guān)服務(wù)需使用以下權(quán)限來訪問您的VPC相關(guān)資源。
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches"
],
"Resource": "*",
"Effect": "Allow"
}
對象存儲OSS的訪問權(quán)限
網(wǎng)關(guān)服務(wù)需要使用以下權(quán)限對您的數(shù)據(jù)進(jìn)行OSS上傳,下載及管理。
{
"Action": [
"oss:ListBuckets",
"oss:ListObjects",
"oss:GetObject",
"oss:PutObject",
"oss:DeleteObject",
"oss:HeadObject",
"oss:CopyObject",
"oss:InitiateMultipartUpload",
"oss:UploadPart",
"oss:UploadPartCopy",
"oss:CompleteMultipartUpload",
"oss:AbortMultipartUpload",
"oss:ListMultipartUploads",
"oss:ListParts",
"oss:GetBucketStat",
"oss:GetBucketWebsite",
"oss:GetBucketInfo",
"oss:GetBucketEncryption",
"oss:PutBucketEncryption",
"oss:DeleteBucketEncryption",
"oss:RestoreObject",
"oss:PutObjectTagging",
"oss:GetObjectTagging",
"oss:DeleteObjectTagging"
],
"Resource": "*",
"Effect": "Allow"
}
密鑰管理KMS的權(quán)限
網(wǎng)關(guān)服務(wù)需要使用以下權(quán)限對您的數(shù)據(jù)進(jìn)行服務(wù)端加密(OSS端加密)或客戶端加密(網(wǎng)關(guān)側(cè)加密)。
{
"Action": [
"kms:DescribeKey",
"kms:Encrypt",
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": "*",
"Effect": "Allow"
}
消息MNS的權(quán)限
網(wǎng)關(guān)服務(wù)需要使用以下權(quán)限來完成網(wǎng)關(guān)極速同步功能的相關(guān)配置。
{
"Action": [
"mns:SendMessage",
"mns:ReceiveMessage",
"mns:PublishMessage",
"mns:DeleteMessage",
"mns:GetQueueAttributes",
"mns:GetTopicAttributes",
"mns:CreateTopic",
"mns:DeleteTopic",
"mns:CreateQueue",
"mns:DeleteQueue",
"mns:PutEventNotifications",
"mns:DeleteEventNotifications",
"mns:UpdateEventNotifications",
"mns:GetEvent",
"mns:Subscribe",
"mns:Unsubscribe",
"mns:ListTopic",
"mns:ListQueue",
"mns:ListSubscriptionByTopic"
],
"Resource": "*",
"Effect": "Allow"
}
BSS(交易和賬單管理)的權(quán)限
網(wǎng)關(guān)服務(wù)需要使用以下權(quán)限來獲取展示網(wǎng)關(guān)相關(guān)價格信息。
{
"Action": [
"bss:DescribePrice"
],
"Resource": "*",
"Effect": "Allow"
}
AliyunServiceRoleForHCSSGWLogMonitor權(quán)限說明
RAM用戶需具有AliyunHCSSGWFullAccess權(quán)限才能創(chuàng)建AliyunServiceRoleForHCSSGWLogMonitor。
AliyunServiceRoleForHCSSGWLogMonitor具備以下云服務(wù)的訪問權(quán)限:
日志SLS的權(quán)限
網(wǎng)關(guān)服務(wù)需要使用以下權(quán)限來完成網(wǎng)關(guān)日志監(jiān)控功能的相關(guān)配置。
{
"Action": [
"log:PostLogStoreLogs",
"log:GetLogStore"
],
"Resource": "*",
"Effect": "Allow"
}
刪除服務(wù)關(guān)聯(lián)角色
如果您需要刪除網(wǎng)關(guān)服務(wù)關(guān)聯(lián)角色(AliyunServiceRoleForHCSSGW或AliyunServiceRoleForHCSSGWLogMonitor),您需要先刪除網(wǎng)關(guān)服務(wù)下的所有網(wǎng)關(guān)實(shí)例。