本文介绍Workbench服务关联角色AliyunServiceRoleForECSWorkbench以及如何删除该角色。
背景信息
Workbench服务关联角色AliyunServiceRoleForECSWorkbench是访问控制提供的一种服务关联角色。通过AliyunServiceRoleForECSWorkbench,Workbench可以获得云服务器ECS、ECI的访问权限。更多信息,请参见服务关联角色。
AliyunServiceRoleForECSWorkbench权限说明
角色名称:AliyunServiceRoleForECSWorkbench
权限策略:AliyunServiceRolePolicyForECSWorkbench
权限策略内容:
{ "Version": "1", "Statement": [ { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "workbench.ecs.aliyuncs.com" } } }, { "Action": "eci:DescribeContainerGroups", "Resource": "*", "Effect": "Allow" }, { "Action": "ecs:DescribeInstances", "Resource": "*", "Effect": "Allow" }, { "Action": "ecs:StartTerminalSession", "Resource": "*", "Effect": "Allow" }, { "Action": "ecs:DescribeInvocations", "Resource": "*", "Effect": "Allow" }, { "Action": "ecs:InvokeCommand", "Resource": "*", "Effect": "Allow" }, { "Action": "eci:ExecContainerCommand", "Resource": "*", "Effect": "Allow" } ] }
创建AliyunServiceRoleForECSWorkbench
在您使用Workbench时,系统会检查当前账号是否已有AliyunServiceRoleForECSWorkbench,如果不存在则自动创建。
AliyunServiceRoleForECSWorkbench包含系统权限策略AliyunServiceRolePolicyForECSWorkbench。服务关联角色包含的权限策略由对应的云服务定义和使用,您不能为服务关联角色添加、修改或删除权限。
删除AliyunServiceRoleForECSWorkbench
如果您不再需要使用AliyunServiceRoleForECSWorkbench,可以删除AliyunServiceRoleForECSWorkbench。具体操作,请参见删除RAM角色。
常见问题
为什么我的RAM用户无法自动创建Workbench服务关联角色AliyunServiceRoleForECSWorkbench?
您需要拥有指定的权限,才能自动创建或删除AliyunServiceRoleForECSWorkbench。因此,在RAM用户无法自动创建AliyunServiceRoleForECSWorkbench时,您需为其或者添加系统权限AliyunECSWorkbenchFullAccess或添加以下权限策略。关于AliyunECSWorkbenchFullAccess的更多详情,请参见AliyunECSWorkbenchFullAccess。
{
"Version": "1",
"Statement": [
{
"Action": "ecs-workbench:LoginInstance",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "workbench.ecs.aliyuncs.com"
}
}
}
]
}
请将主账号ID
替换为您实际的阿里云账号(主账号)ID。
- 本页导读 (1)