Resource Management:Service-linked role for Resource Group

Overview

A service-linked role is a Resource Access Management (RAM) role whose trusted entity is an Alibaba Cloud service. Service-linked roles can implement authorized access across services. The following table provides information about the service-linked role for Resource Group.

For more information, see Service-linked roles.

Scenarios

Resource Group assumes the service-linked role to implement the Automatic Resource Transfer feature. This feature enables Resource Group to automatically transfer the resources that meet specific conditions to the desired resource groups.

Create the service-linked role

The system automatically creates the service-linked role when you enable the Automatic Resource Transfer feature. For more information, see Enable the Automatic Resource Transfer feature.

View the information about the service-linked role

After the service-linked role is created, you can view the following information about the service-linked role on the details page of the role. To go to the details page of the role, log on to the RAM console, go to the Roles page, find the role on the page, and then click the name of the role.

• Basic information

  In the Basic Information section, you can view the basic information about the role, such as the name, creation time, Alibaba Cloud Resource Name (ARN), and description.

• Permission policy

  On the Permissions tab, you can click the policy name to view the policy document.

  Note

  You cannot view the permission policy that is attached to a service-linked role on the Policies page of the RAM console. You can view the permission policy only on the role details page.

• Trust policy

  On the Trust Policy tab, you can view the document of the trust policy that is attached to the role. A trust policy is a policy that contains the trusted entities of a RAM role. A trusted entity refers to an entity that can assume the RAM role. The trusted entity of a service-linked role is a cloud service. You can view the value of the Service field in the trust policy of the service-linked role to obtain the trusted entity.

For more information about how to view information about a service-linked role, see View the information about a RAM role.

Delete the service-linked role

When you disable the Automatic Resource Transfer feature, the system automatically deletes the service-linked role. For more information, see Disable the Automatic Resource Transfer feature.