Managed Security Service:Service-linked role

Background information

The AliyunServiceRoleForMssp service-linked role is a Resource Access Management (RAM) role. MSSP assumes the service-linked role to access other cloud services to perform security hardening and assessment for your business systems. In most cases, the service-linked role is automatically created and you do not need to modify the role.

Scenarios

In daily operations, MSSP assumes the AliyunServiceRoleForMssp service-linked role to access resources of the following cloud services to perform security hardening and assessment for your business systems: Elastic Compute Service (ECS), Security Center, Object Storage Service (OSS), ApsaraDB RDS, Enterprise Distributed Application Service (EDAS), Sever Load Balancer (SLB and RAM.

AliyunServiceRoleForMssp

• Role name: AliyunServiceRoleForMssp.

• Role policy: AliyunServiceRolePolicyForMssp.

• Policy description:

  • For more information about the policy, see AliyunServiceRolePolicyForMssp.

  • For more information about the policy elements, see Policy elements.

  Note

  RAM provides a system policy for each service-linked role. You cannot modify the policy.

Delete the service-linked role

MSSP requires the AliyunServiceRoleForMssp service-linked role to perform security O&M operations. If MSSP is still within the validity period, you cannot delete the AliyunServiceRoleForMssp service-linked role. After MSSP expires, you can perform the following operations to delete the service-linked role:

1. Log on to the RAM console.

2. In the left-side navigation pane, choose Identities > Roles.

3. On the Roles page, find AliyunServiceRoleForMssp and click Delete Role in the Actions column.

References

• For more information about how to authorize MSSP to access other cloud resources, see Authorize MSSP to access cloud resources.

• For more information about service-linked roles, see Service-linked roles.