本文为您介绍什么是混合云容灾HDR的服务关联角色(AliyunServiceRoleForHdr)以及如何删除服务关联角色。
背景信息
HDR服务关联角色(AliyunServiceRoleForHdr)是指在某些情况下,为了完成HDR自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色。
HDR可能需要创建新的vSwitch、安全组、ECS实例、镜像等,可通过自动创建的HDR服务关联角色(AliyunServiceRoleForHdr)获取访问VPC和ECS等资源的权限。
AliyunServiceRoleForHdr权限说明
说明 RAM用户需具有HDRFullAccess权限才能创建AliyunServiceRoleForHdr。
AliyunServiceRoleForHdr具备以下云服务的访问权限:
- 云助手相关权限
HDR需使用云助手来自动安装客户端到您的ECS实例。
{ "Action": [ "ecs:CreateCommand", "ecs:InvokeCommand", "ecs:StopInvocation", "ecs:DeleteCommand", "ecs:DescribeCommands", "ecs:DescribeInvocations", "ecs:DescribeInvocationResults", "ecs:DescribeCloudAssistantStatus" ], "Resource": "*", "Effect": "Allow" }
- ECS实例及磁盘快照相关权限
HDR需使用ECS实例及磁盘快照相关权限来创建shadow、恢复点以及恢复实例。
{ "Action": [ "ecs:DescribeImages", "ecs:CreateDisk", "ecs:AttachDisk", "ecs:ReInitDisk", "ecs:DetachDisk", "ecs:DescribeDisks", "ecs:ReplaceSystemDisk", "ecs:DeleteDisk", "ecs:ResizeDisk", "ecs:CreateInstance", "ecs:StartInstance", "ecs:StopInstance", "ecs:RebootInstance", "ecs:DeleteInstance", "ecs:DescribeInstances", "ecs:CreateSecurityGroup", "ecs:DescribeSecurityGroups", "ecs:AuthorizeSecurityGroup", "ecs:AuthorizeSecurityGroupEgress", "ecs:DeleteSecurityGroup", "ecs:AllocatePublicIpAddress", "ecs:ModifyInstanceAttribute", "ecs:JoinSecurityGroup", "ecs:CreateNetworkInterface", "ecs:DeleteNetworkInterface", "ecs:DescribeNetworkInterfaces", "ecs:CreateNetworkInterfacePermission", "ecs:DescribeNetworkInterfacePermissions", "ecs:DeleteNetworkInterfacePermission", "ecs:CreateSnapshot", "ecs:DeleteSnapshot", "ecs:DescribeSnapshots", "ecs:DescribeSnapshotLinks", "ecs:ModifyResourceMeta" ], "Resource": "*", "Effect": "Allow" }
- 专有网络VPC的访问权限
HDR需使用以下权限来访问您的VPC相关资源。
{ "Action": [ "vpc:DescribeVpcs", "vpc:DescribeVSwitches", "vpc:DescribeEipAddresses", "vpc:AssociateEipAddress" ], "Resource": "*", "Effect": "Allow" }
删除服务关联角色
如果您需要删除HDR服务关联角色(AliyunServiceRoleForHdr),您需要先删除HDR下的所有站点对。
删除服务关联角色具体操作请参见删除服务关联角色。