This topic describes the AliyunServiceRoleForARMS service-linked role for Application Real-Time Monitoring Service (ARMS) and shows you how to delete this role.
Background information
The AliyunServiceRoleForARMS service-linked role is a RAM role that ARMS assumes to access other Alibaba Cloud services to implement an ARMS feature in specific scenarios. For more information about service-linked roles, see Service-linked roles.
Scenarios
ARMS Prometheus monitoring can use the automatically created AliyunServiceRoleForARMS role to access resources in other Alibaba Cloud services, such as Container Service for Kubernetes (ACK), Simple Log Service, Elastic Compute Service (ECS), and Virtual Private Cloud (VPC).
Permissions of the AliyunServiceRoleForARMS role
AliyunServiceRoleForARMS has permissions to access the following cloud services:
Delete the AliyunServiceRoleForARMS role
For security reasons, you may want to delete the AliyunServiceRoleForARMS role if you no longer need to use ARMS Prometheus monitoring. After you delete this role, the Kubernetes cluster within your account cannot be synchronized to the list of Kubernetes clusters in the ARMS console. In addition, ARMS stops reading monitoring data from and writing monitoring data to the ARMS console.
To delete the AliyunServiceRoleForARMS role, perform the following steps:
If a Prometheus agent is installed for the Kubernetes cluster in your account, uninstall the agent first. Otherwise, the AliyunServiceRoleForARMS role cannot be deleted. For more information, see Uninstall the Prometheus agent.
Log on to the RAM console as a RAM user who has administrative rights.
In the left-side navigation pane, choose .
On the page that appears, enter AliyunServiceRoleForARMS in the text box and click the search icon.
In the Actions column of the AliyunServiceRoleForARMS role, click Delete Role.
In the Delete Role dialog box, enter AliyunServiceRoleForARMS and click Delete Role.
FAQ
Why is the AliyunServiceRoleForARMS service-linked role not automatically created for my RAM user?
You must obtain the specified permissions to automatically create or delete the AliyunServiceRoleForARMS role. To allow the AliyunServiceRoleForARMS role to be automatically created for your RAM user, attach the following policy to your RAM user:
{
"Statement": [
{
"Action": [
"ram:CreateServiceLinkedRole"
],
"Resource": "acs:ram:*:ID of your Alibaba Cloud account:role/*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"arms.aliyuncs.com"
]
}
}
}
],
"Version": "1"
}
Replace the ID of your Alibaba Cloud account
in the policy statement with the ID of your Alibaba Cloud account.