All Products
Search
Document Center

Cloud Shell:Service-linked role

Last Updated:Sep 04, 2024

The service-linked role (AliyunServiceRoleForCloudShell) is a Resource Access Management (RAM) role that is provided for Cloud Shell to access other Alibaba Cloud services.

Note

For more information, see Service-linked roles.

Scenarios

The service-linked role is applicable to the following scenario:

  • When you connect Cloud Shell to Virtual Private Cloud (VPC) resources, the service-linked role is required to manage the resources. A secondary network card automatically created to establish connections.

Delete the service-linked role

To delete the service-linked role, log on to the RAM console. For more information, see Service-linked roles.

Role description

This section describes the details of the service-linked role.

  • Role name: AliyunServiceRoleForCloudShell.

  • Policy name: AliyunServiceRolePolicyForCloudShell.

  • Description of the policy:

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:CreateNetworkInterfacePermission",
                "ecs:DeleteNetworkInterfacePermission",
                "ecs:CreateNetworkInterface",
                "ecs:DescribeNetworkInterfaces",
                "ecs:DescribeSecurityGroups"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "vpc:DescribeVSwitches",
                "vpc:DescribeVpcs"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "cloudshell.aliyuncs.com"
                }
            }
        }
    ]
}