All Products
Search

This Product

    :Manage the service-linked role for Image Builder

    Document Center

    :Manage the service-linked role for Image Builder

    Last Updated:Feb 01, 2024

    AliyunServiceRoleForECSImageBuilder is a service-linked role provided by Resource Access Management (RAM) to grant Image Builder access to Alibaba Cloud resources and allow Image Builder to create, share, and distribute images by using the resources. This topic describes how to use the AliyunServiceRoleForECSImageBuilder service-linked role to grant Image Builder the access permissions on Alibaba Cloud resources.

    Prerequisites

    If you use a RAM user, the RAM user is granted the permissions to use Image Builder. This way, you can manage the service-linked role for Image Builder. For more information, see Grant permissions to a RAM user.

    The following policy is attached to grant the RAM user the permissions to use Image Builder.

    Note

    Replace <account ID> with the ID of your Alibaba Cloud account. 

    {
"Statement": [
{
"Action": [
"ram:CreateServiceLinkedRole"
],
"Resource": "acs:ram:*:<account ID>:role/*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"imagebuilder.ecs.aliyuncs.com"
]
}
}
}
],
"Version": "1"
}

    Background information

    Image Builder can assume the AliyunServiceRoleForECSImageBuilder role to gain access to CloudOps Orchestration Service (OOS), Elastic Compute Service (ECS), and Virtual Private Cloud (VPC).

    Create the AliyunServiceRoleForECSImageBuilder role

    When you create an image template, the system checks whether the AliyunServiceRoleForECSImageBuilder role exists in your account. If the role does not exist, the system automatically creates the role.

    Note

    You can call the CreateImagePipeline operation to create image templates.

    Delete the AliyunServiceRoleForECSImageBuilder role

    If you no longer need the AliyunServiceRoleForECSImageBuilder role and understand the impact of deleting the role, you can delete the role. For more information, see Delete a RAM role.

    Note

    Before you can delete the AliyunServiceRoleForECSImageBuilder role, you must delete the image templates in all regions in your account. For information about how to delete an image template, see Delete an image template.

    After you delete the AliyunServiceRoleForECSImageBuilder role, Image Builder cannot create, share, or distribute images.