All Products
Search
Document Center

Server Migration Center:Service-linked role for SMC

Last Updated:Dec 16, 2024

A service-linked role is a Resource Access Management (RAM) role whose trusted entity is an Alibaba Cloud service. Server Migration Center (SMC) assumes the service-linked role AliyunServiceRoleForSMC to obtain the access permissions on other Alibaba Cloud services or resources.

In most cases, a service-linked role is automatically created when you perform an operation. If the service-linked role AliyunServiceRoleForSMC fails to be automatically created or SMC does not support the automatic creation of the role, you must manually create the role.

RAM provides a system policy for each service-linked role. You cannot modify the system policy. To view information about the system policy of a specific service-linked role, go to the details page of the specified service-linked role. For more information, see AliyunSMCFullAccess.

Scenarios

The service-linked role AliyunServiceRoleForSMC allows SMC to access Elastic Compute Service (ECS) during data migration.

Required permissions for a RAM user to assume a service-linked role

If you want to create or delete a service-linked role as a RAM user, contact the administrator to grant the RAM user the AliyunSWASFullAccess permission. You can also add the following permissions in the Action statement of your custom policy:

  • Create a service-link role: ram:CreateServiceLinkedRole

  • Delete a service-linked role: ram:DeleteServiceLinkedRole

For more information, see the Permissions required to create and delete a service-linked role section of the "Service-linked roles" topic.

Create the service-linked role

SMC automatically creates the service-linked role AliyunServiceRoleForSMC when you import the information about a migration source. For more information, see Step 1: Import the information about a migration source.

Important

After the service-linked role is created, SMC can assume the RAM role to access other Alibaba Cloud services. You may be charged for creating snapshots and ECS instances.

View the information about the service-linked role

After the service-linked role is created, you can view the following information about the service-linked role. To view the information, go to the Roles page in the RAM console and search for AliyunServiceRoleForSMC.

  • Basic information

    In the Basic Information section of the details page of the service-linked role AliyunServiceRoleForSMC, view the basic information about the service-linked role. The information includes the role name, creation time, Alibaba Cloud Resource Name (ARN), and description.

  • Permission policy

    On the Permissions tab of the details page of the service-linked role AliyunServiceRoleForSMC, click the name of the permission policy. On the page that appears, view the content of the permission policy and cloud resources that SMC can access by assuming this service-linked role.

  • Trust policy

    On the Trust Policy tab of the details page of the service-linked role AliyunServiceRoleForSMC, view the content of the trust policy. A trust policy is a policy that describes the trusted entities of a RAM role. A trusted entity is an entity that can assume the RAM role. The trusted entity of a service-linked role is a cloud service. You can view the value of the Service field in the trust policy of the service-linked role to obtain the trusted entity.

For information about how to view information about a service-linked role, see View the information about a RAM role.

Delete the service-linked role

Important

After the service-linked role is deleted, the features that depend on the role cannot be used. Proceed with caution.

If no longer need to use SMC, you can manually delete the service-linked role in the RAM console. For more information, see Delete a RAM role.

Before you delete the service-linked role for SMC, you can use one of the following methods to delete the migration source that depends on the service-linked role:

  • Log on to the SMC console to delete a migration source.

    For example, in the left-side navigation pane, choose Migrate to Cloud > Server Migration, click the migration source ID, and click Delete Migration Source in the upper-right corner of the page.

  • Call the DeleteSourceServer operation to delete the migration source.