本文為您介紹Elastic Container Instance服務關聯角色AliyunServiceRoleForECI以及如何刪除服務關聯角色。
背景資訊
Elastic Container Instance服務關聯角色AliyunServiceRoleForECI是ECI在某些情況下,為了完成自身的某個功能,需要擷取其他雲端服務的存取權限而提供的RAM角色。更多關於服務關聯角色的資訊,請參見服務關聯角色。
AliyunServiceRoleForECI應用情境
在建立ECI執行個體和鏡像緩衝的過程中,ECI需要訪問Elastic Compute Service、Virtual Private Cloud、Container RegistryACR、Log ServiceSLS和Server Load Balancer的資源時,可以通過自動建立的Elastic Container Instance服務關聯角色AliyunServiceRoleForECI擷取存取權限。
AliyunServiceRoleForECI許可權說明
Elastic Container Instance服務關聯角色AliyunServiceRoleForECI對應的角色權限原則為AliyunServiceRolePolicyForECI,包含的雲端服務存取權限如下:
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateNetworkInterfacePermission",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:CreateNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeSecurityGroups",
"ecs:TagResources"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVpcs",
"vpc:AssociateEipAddress",
"vpc:UnassociateEipAddress",
"vpc:DescribeEipAddresses",
"vpc:AllocateEipAddress",
"vpc:ReleaseEipAddress",
"vpc:AddCommonBandwidthPackageIp",
"vpc:RemoveCommonBandwidthPackageIp",
"vpc:DescribeIpv6Addresses",
"vpc:DescribeIpv6Gateways",
"vpc:AllocateIpv6InternetBandwidth",
"vpc:TagResources"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cr:PullRepository",
"cr:GetAuthorizationToken",
"cr:GetRepositoryLayers",
"cr:GetRepositoryManifest",
"cr:GetRepositoryTag",
"cr:GetRepository",
"cr:ListInstance",
"cr:ListInstanceEndpoint"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"log:CreateProject",
"log:GetProject",
"log:CreateLogStore",
"log:GetLogStore",
"log:CreateMachineGroup",
"log:CreateConfig",
"log:GetConfig",
"log:ApplyConfigToGroup",
"log:GetAppliedConfigs",
"log:CreateIndex",
"log:TagResources"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"slb:DescribeLoadBalancers",
"slb:RemoveBackendServers"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "eci.aliyuncs.com"
}
}
}
]
}刪除AliyunServiceRoleForECI
如果您需要刪除Elastic Container Instance服務關聯角色AliyunServiceRoleForECI,請先通過控制台或者OpenAPI刪除依賴該服務關聯角色的ECI資源,包括ECI執行個體和鏡像緩衝。刪除ECI執行個體和鏡像緩衝後,您可以刪除AliyunServiceRoleForECI。具體操作,請參見刪除RAM角色。