本文为您介绍什么是混合云容灾HDR的服务关联角色(AliyunServiceRoleForHdr)以及如何删除服务关联角色。

背景信息

HDR服务关联角色(AliyunServiceRoleForHdr)是指在某些情况下,为了完成HDR自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色

HDR可能需要创建新的vSwitch、安全组、ECS实例、镜像等,可通过自动创建的HDR服务关联角色(AliyunServiceRoleForHdr)获取访问VPC和ECS等资源的权限。

AliyunServiceRoleForHdr权限说明

说明 RAM用户需具有HDRFullAccess权限才能创建AliyunServiceRoleForHdr。

AliyunServiceRoleForHdr具备以下云服务的访问权限:

  • 云助手相关权限

    HDR需使用云助手来自动安装客户端到您的ECS实例。

    {
          "Action": [
            "ecs:CreateCommand",
            "ecs:InvokeCommand",
            "ecs:StopInvocation",
            "ecs:DeleteCommand",
            "ecs:DescribeCommands",
            "ecs:DescribeInvocations",
            "ecs:DescribeInvocationResults",
            "ecs:DescribeCloudAssistantStatus"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
  • ECS实例及磁盘快照相关权限
    HDR需使用ECS实例及磁盘快照相关权限来创建shadow、恢复点以及恢复实例。
    {
          "Action": [
            "ecs:DescribeImages",
            "ecs:CreateDisk",
            "ecs:AttachDisk",
            "ecs:ReInitDisk",
            "ecs:DetachDisk",
            "ecs:DescribeDisks",
            "ecs:ReplaceSystemDisk",
            "ecs:DeleteDisk",
            "ecs:ResizeDisk",
            "ecs:CreateInstance",
            "ecs:StartInstance",
            "ecs:StopInstance",
            "ecs:RebootInstance",
            "ecs:DeleteInstance",
            "ecs:DescribeInstances",
            "ecs:CreateSecurityGroup",
            "ecs:DescribeSecurityGroups",
            "ecs:AuthorizeSecurityGroup",
            "ecs:AuthorizeSecurityGroupEgress",
            "ecs:DeleteSecurityGroup",
            "ecs:AllocatePublicIpAddress",
            "ecs:ModifyInstanceAttribute",
            "ecs:JoinSecurityGroup",
            "ecs:CreateNetworkInterface",
            "ecs:DeleteNetworkInterface",
            "ecs:DescribeNetworkInterfaces",
            "ecs:CreateNetworkInterfacePermission",
            "ecs:DescribeNetworkInterfacePermissions",
            "ecs:DeleteNetworkInterfacePermission",
            "ecs:CreateSnapshot",
            "ecs:DeleteSnapshot",
            "ecs:DescribeSnapshots",
            "ecs:DescribeSnapshotLinks",
            "ecs:ModifyResourceMeta"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
  • 专有网络VPC的访问权限

    HDR需使用以下权限来访问您的VPC相关资源。

    {
          "Action": [
            "vpc:DescribeVpcs",
            "vpc:DescribeVSwitches",
            "vpc:DescribeEipAddresses",
            "vpc:AssociateEipAddress"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }

删除服务关联角色

如果您需要删除HDR服务关联角色(AliyunServiceRoleForHdr),您需要先删除HDR下的所有站点对。

删除服务关联角色具体操作请参见删除服务关联角色