目前应用集成服务关联角色用的是CSB服务关联角色(AliyunServiceRoleForCSB),本文介绍该角色的应用场景以及如何删除服务关联角色。

背景信息

CSB服务关联角色(AliyunServiceRoleForCSB)是为了完成CSB自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息,请参见服务关联角色

应用场景

使用应用集成需要访问VPC、ECS、SLB云服务的资源,通过服务关联角色功能获取访问权限。

AliyunServiceRoleForCSB的权限策略

AliyunServiceRoleForCSB的角色权限策略为AliyunServiceRolePolicyForCSB。权限说明如下:

{
  "Action": [
    "vpc:DescribeVpcs",
    "vpc:DescribeVSwitches",
    "vpc:DescribeRegions",
    "vpc:DescribeZones",
    "ecs:DescribeInstances",
    "ecs:DescribeInstanceStatus",
    "ecs:DescribeRegions",
    "ecs:DescribeZones",
    "ecs:CreateNetworkInterface",
    "ecs:DeleteNetworkInterface",
    "ecs:DescribeNetworkInterfaces",
    "ecs:CreateNetworkInterfacePermission",
    "ecs:DescribeNetworkInterfacePermissions",
    "ecs:DescribeSecurityGroups",
    "ecs:DescribeSecurityGroupAttribute",
    "ecs:DescribeSecurityGroupReferences",
    "slb:AddBackendServers",
    "slb:RemoveBackendServers",
    "slb:CreateLoadBalancerTCPListener",
    "slb:DescribeLoadBalancerTCPListenerAttribute",
    "slb:SetLoadBalancerTCPListenerAttribute",
    "slb:CreateLoadBalancerHTTPListener",
    "slb:DescribeLoadBalancerHTTPListenerAttribute",
    "slb:SetLoadBalancerHTTPListenerAttribute",
    "slb:CreateLoadBalancerHTTPSListener",
    "slb:DescribeLoadBalancerHTTPSListenerAttribute",
    "slb:SetLoadBalancerHTTPSListenerAttribute",
    "slb:DeleteLoadBalancerListener",
    "slb:DescribeLoadBalancers",
    "slb:DescribeLoadBalancerAttribute",
    "slb:DescribeHealthStatus",
    "slb:DescribeLoadBalancers",
    "slb:DescribeLoadBalancerAttribute",
    "slb:DescribeHealthStatus"
  ],
  "Resource": "*",
  "Effect": "Allow"
}

删除服务关联角色

  1. 云账号登录RAM控制台
  2. 在左侧导航栏,单击RAM角色管理
  3. RAM角色管理页面的搜索框,输入AliyunServiceRoleForCSB
  4. RAM角色名称列表,单击该角色操作列下的删除
  5. 删除RAM角色对话框,单击确定