The service-linked role (AliyunServiceRoleForCloudShell) is a Resource Access Management (RAM) role that is provided for Cloud Shell to access other Alibaba Cloud services.
For more information, see Service-linked roles.
Scenarios
The service-linked role is applicable to the following scenario:
When you connect Cloud Shell to Virtual Private Cloud (VPC) resources, the service-linked role is required to manage the resources. A secondary network card automatically created to establish connections.
Delete the service-linked role
To delete the service-linked role, log on to the RAM console. For more information, see Service-linked roles.
Role description
This section describes the details of the service-linked role.
Role name: AliyunServiceRoleForCloudShell.
Policy name: AliyunServiceRolePolicyForCloudShell.
Description of the policy:
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateNetworkInterfacePermission",
"ecs:DeleteNetworkInterfacePermission",
"ecs:CreateNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeSecurityGroups"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "cloudshell.aliyuncs.com"
}
}
}
]
}