本文介绍CSB服务关联角色(AliyunServiceRoleForCSB)的应用场景以及如何删除服务关联角色。

背景信息

CSB服务关联角色(AliyunServiceRoleForCSB)是为了完成CSB自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息,请参见服务关联角色

应用场景

CSB的创建Broker运行节点功能需要访问VPC、ECS、SLB云服务的资源,通过服务关联角色功能获取访问权限。

AliyunServiceRoleForCSB的权限策略

AliyunServiceRoleForCSB的角色权限策略为AliyunServiceRolePolicyForCSB。权限说明如下:

   {
            "Action": [
                "log:ListLogStores",
                "log:ListProject",
                "log:CreateLogStore",
                "log:GetIndex",
                "log:CreateIndex",
                "log:UpdateIndex",
                "log:CreateDashboard",
                "log:UpdateDashboard",
                "log:CreateSavedSearch",
                "log:UpdateSavedSearch",
                "log:PostLogStoreLogs",
                "log:CreateEtlMeta",
                "log:CreateProject",
                "edas:ListUserDefineRegion",
                "edas:GetSecureToken",
                "cs:DescribeClusters",
                "vpc:DescribeVpcs",
                "vpc:DescribeVSwitches",
                "vpc:DescribeRegions",
                "vpc:DescribeZones",
                "ecs:DescribeInstances",
                "ecs:DescribeInstanceStatus",
                "ecs:DescribeRegions",
                "ecs:DescribeZones",
                "ecs:CreateNetworkInterface",
                "ecs:DeleteNetworkInterface",
                "ecs:DescribeNetworkInterfaces",
                "ecs:CreateNetworkInterfacePermission",
                "ecs:DescribeNetworkInterfacePermissions",
                "ecs:DescribeSecurityGroups",
                "ecs:DescribeSecurityGroupAttribute",
                "ecs:DescribeSecurityGroupReferences",
                "slb:CreateLoadBalancer",
                "slb:AddBackendServers",
                "slb:RemoveBackendServers",
                "slb:CreateLoadBalancerTCPListener",
                "slb:DescribeLoadBalancerTCPListenerAttribute",
                "slb:SetLoadBalancerTCPListenerAttribute",
                "slb:CreateLoadBalancerHTTPListener",
                "slb:DescribeLoadBalancerHTTPListenerAttribute",
                "slb:SetLoadBalancerHTTPListenerAttribute",
                "slb:CreateLoadBalancerHTTPSListener",
                "slb:DescribeLoadBalancerHTTPSListenerAttribute",
                "slb:SetLoadBalancerHTTPSListenerAttribute",
                "slb:DeleteLoadBalancerListener",
                "slb:DescribeLoadBalancers",
                "slb:DescribeLoadBalancerAttribute",
                "slb:DescribeHealthStatus",
                "slb:StartLoadBalancerListener",
                "slb:SetBackendServers",
                "slb:DescribeLoadBalancerAttribute",
                "slb:DescribeHealthStatus"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },

删除服务关联角色

如果您需要删除AliyunServiceRoleForCSB(服务关联角色),需要先暂停或删除依赖这个服务关联角色的CSB实例(共享实例除外)。

  1. 使用阿里云账号登录RAM控制台
  2. 在左侧导航栏,选择身份管理 > 角色
  3. RAM角色管理页面的搜索框中输入AliyunServiceRoleForCSB
  4. RAM角色名称列表中该角色的操作列单击删除
  5. 删除RAM角色对话框单击确定