This topic describes the details of the AliyunServiceRoleForConfigRemediation service-linked role that is used for automatic remediation and the scenarios in which the role can be applied. This topic also describes how to create and delete the service-linked role.
Scenarios
Role description
- Role name: AliyunServiceRoleForConfigRemediation.
- Policy attached to the role: AliyunServiceRolePolicyForConfigRemediation.
- Policy description: This policy grants Cloud Config the permissions to access the non-compliant resources of other Alibaba Cloud services.
Note For more information about the policy, see AliyunServiceRolePolicyForConfigRemediation.
Create the AliyunServiceRoleForConfigRemediation service-linked role
You can configure a remediation template for a rule in the Cloud Config console. If Cloud Config detects non-compliant resources based on the rule, Cloud Config automatically creates the AliyunServiceRoleForConfigRemediation service-linked role for automatic remediation in the Resource Access Management (RAM) console.
Delete the AliyunServiceRoleForConfigRemediation service-linked role
- Delete remediation settings.
- Delete the remediation settings of a rule. For more information, see Delete remediation settings.
- Delete all rules for which remediation settings are configured. For more information, see Delete a rule.
- Delete the AliyunServiceRoleForConfigRemediation service-linked role.
For more information, see Delete a RAM role.
The AliyunServiceRoleForConfigRemediation service-linked role cannot be automatically deleted. You must log on to the RAM console and manually delete the role. For more information, see Delete a RAM role.