開通靈駿連接后,用戶可通過靈駿連接訪問阿里云其他云產品(例如,訪問VPC、創建專線、創建彈性網卡等),進行此類操作時需通過服務關聯角色獲取對應云產品的訪問權限。本文為您介紹靈駿連接實例關聯角色(AliyunServiceRoleForEfloVcc)的應用場景以及如何刪除服務關聯角色。
背景信息
靈駿連接服務關聯角色(AliyunServiceRoleForEfloVcc)是在某些情況下,為了完成靈駿連接自身的某個功能,需要獲取其他云服務的訪問權限,而提供的RAM角色。更多關于服務關聯角色的信息請參見服務關聯角色。
權限說明
角色名稱:AliyunServiceRoleForEfloVcc
角色權限策略:
{ "Version": "1", "Statement": [ { "Action": [ "ecs:CreateNetworkInterface", "ecs:AttachNetworkInterface", "ecs:DetachNetworkInterface", "ecs:DeleteNetworkInterface", "ecs:DescribeNetworkInterfaces", "ecs:CreateSecurityGroup", "ecs:DeleteSecurityGroup", "ecs:AuthorizeSecurityGroup", "ecs:AuthorizeSecurityGroupEgress", "ecs:RevokeSecurityGroup", "ecs:RevokeSecurityGroupEgress", "ecs:DescribeSecurityGroups", "ecs:DescribeSecurityGroupAttribute", "ecs:ModifyInstanceAttribute" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "vpc:DescribeVpcs", "vpc:DescribeVSwitches", "vpc:ConfirmPhysicalConnection", "vpc:CreateVirtualBorderRouter", "vpc:DeleteVirtualBorderRouter", "vpc:DescribeVirtualBorderRouters", "vpc:CreateBgpGroup", "vpc:DeleteBgpGroup", "vpc:DescribeBgpGroups", "vpc:CreateBgpPeer", "vpc:DeleteBgpPeer", "vpc:DescribeBgpPeers", "cen:AttachCenChildInstance", "cen:DetachCenChildInstance", "vpc:DescribeRouteEntryList", "vpc:AddBgpNetwork", "vpc:DeleteBgpNetwork", "vpc:DescribeBgpNetworks", "vpc:TerminatePhysicalConnection", "vpc:RecoverPhysicalConnection", "vpc:DeletePhysicalConnection", "vpc:OpenPhysicalConnectionService", "vpc:GetPhysicalConnectionServiceStatus", "vpc:DescribePhysicalConnections", "vpc:CreatePhysicalConnectionOccupancyOrder", "vpc:UpdateVirtualPhysicalConnection", "vpc:CreateRouterInterface", "vpc:DeleteRouterInterface", "vpc:DeactivateRouterInterface", "vpc:DescribeRouterInterfaces", "vpc:DescribeRouteTableList", "vpc:CreateRouteEntries", "vpc:DeleteRouteEntries", "vpc:CreateRouteEntry", "vpc:DeleteRouteEntry", "vpc:DescribeGrantRulesToCen", "vpc:GrantInstanceToCen", "vpc:RevokeInstanceFromCen", "vpc:CreatePhysicalConnectionNew", "vpc:ModifyVirtualBorderRouterAttribute", "vpc:AssociatePhysicalConnectionToVirtualBorderRouter", "vpc:UnassociatePhysicalConnectionFromVirtualBorderRouter", "bssapi:SetRenewal", "vpc:CancelPhysicalConnection" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "cen:CreateTransitRouterRouteEntry", "cen:ListTransitRouterRouteEntries", "cen:DeleteTransitRouterRouteEntry", "cen:ResolveAndRouteServiceInCen", "cen:DescribeRouteServicesInCen", "cen:DeleteRouteServiceInCen", "cen:CreateTransitRouterVbrAttachment", "cen:DeleteTransitRouterVbrAttachment", "cen:ListTransitRouterVbrAttachments", "cen:ListTransitRouterVpcAttachments", "cen:DisableTransitRouterRouteTablePropagation", "cen:EnableTransitRouterRouteTablePropagation", "cen:ListTransitRouterRouteTablePropagations", "cen:AssociateTransitRouterAttachmentWithRouteTable", "cen:DissociateTransitRouterAttachmentFromRouteTable", "cen:ListTransitRouterRouteTableAssociations", "cen:ListTransitRouterRouteTables", "cen:ListTransitRouters", "cen:ListTransitRouterAvailableResource", "cen:ResolveAndRouteServiceInCen", "cen:DescribeRouteServicesInCen", "cen:DeleteRouteServiceInCen", "cen:DescribeCenAttachedChildInstances", "cen:DescribeCenAttachedChildInstanceAttribute", "cen:DescribeCens" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "ros:ListStacks", "ros:GetStack", "ros:ListStackEvents", "ros:ListStackResources", "ros:GetStackResource", "ros:CreateStack", "ros:DeleteStack", "ros:PreviewStack" ], "Resource": [ "*" ], "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "vcc.eflo.aliyuncs.com" } } } ] }
創建服務關聯角色
當您第一次創建集群,進行網絡配置,您需要單擊授權服務角色創建按鈕,一鍵創建服務關聯角色(AliyunServiceRoleForEfloVcc)。
刪除服務關聯角色
如果您需要刪除AliyunServiceRoleForEfloVcc(服務關聯角色),需要先釋放依賴這個服務關聯角色的靈駿連接。
釋放靈駿連接可等云服務實例到期自動釋放。
刪除服務關聯角色具體操作請參見刪除服務關聯角色。
文檔內容是否對您有幫助?