All Products
Search
Document Center

PolarDB:Service-linked roles for PolarDB

Last Updated:Nov 26, 2024

AliyunServiceRoleForPolarDB is the service-linked role for PolarDB. This topic describes the scenarios of the service-linked role and how to delete the service-linked role.

Background information

PolarDB may need to access other cloud services to implement features. Alibaba Cloud provides the AliyunServiceRoleForPolarDB role that allows PolarDB to access other cloud services.

Scenarios

AliyunServiceRoleForPolarDB

Role name: AliyunServiceRoleForPolarDB

Role policy: AliyunServiceRolePolicyForPolarDB

Policy document:

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "pvtz:DescribeUserServiceStatus",
                "pvtz:DescribeZones",
                "pvtz:DescribeZoneInfo",
                "pvtz:DescribeZoneRecords",
                "pvtz:CheckZoneName",
                "pvtz:AddZone",
                "pvtz:BindZoneVpc",
                "pvtz:DeleteZone",
                "pvtz:AddZoneRecord",
                "pvtz:UpdateZoneRecord",
                "pvtz:DeleteZoneRecord",
                "dts:CreateDtsInstance",
                "dts:ConfigureDtsJob",
                "dts:StartDtsJob",
                "dts:DescribePreCheckStatus",
                "dts:DescribeDtsJobDetail",
                "dts:DescribeDtsJobs",
                "dts:ModifyDtsJob",
                "dts:SuspendDtsJob",
                "dts:StopDtsJob",
                "dts:DeleteDtsJob",
                "dts:CheckDefaultRole",
                "dts:ReverseTwoWayDirection",
                "dts:ModifyDtsJobEndpoint",
                "privatelink:ListVpcEndpointServicesByEndUser",
                "privatelink:CreateVpcEndpoint",
                "privatelink:ListVpcEndpoints",
                "privatelink:UpdateVpcEndpointAttribute",
                "privatelink:GetVpcEndpointAttribute",
                "privatelink:ListVpcEndpointSecurityGroups",
                "privatelink:AttachSecurityGroupToVpcEndpoint",
                "privatelink:DetachSecurityGroupFromVpcEndpoint",
                "privatelink:AddZoneToVpcEndpoint",
                "privatelink:RemoveZoneFromVpcEndpoint",
                "privatelink:ListVpcEndpointZones",
                "privatelink:DeleteVpcEndpoint",
                "ecs:CreateNetworkInterface",
                "ecs:DeleteNetworkInterface",
                "ecs:DeleteNetworkInterfacePermission",
                "ecs:AttachNetworkInterface",
                "ecs:DetachNetworkInterface",
                "ecs:DescribeNetworkInterfaceAttribute",
                "ecs:DescribeNetworkInterfaces",
                "ecs:ModifyNetworkInterfaceAttribute",
                "ecs:CreateNetworkInterfacePermission",
                "ecs:DescribeNetworkInterfacePermissions",
                "ecs:DescribeSecurityGroupAttribute",
                "ecs:DescribeSecurityGroups",
                "vpc:DescribeVSwitches",
                "vpc:DescribeVpcs",
                "dms:AddInstance",
                "dms:ListInstances",
                "dms:GetInstance"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "polardb.aliyuncs.com"
                }
            }
        },
        {
            "Action": "ram:CreateServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "privatelink.aliyuncs.com"
                }
            }
        }
    ]
}

Delete the service-linked role

Before you delete the AliyunServiceRoleForPolarDB role, you must release the PolarDB cluster that is dependent on the role.