This topic describes how to create the AliyunServiceRoleForIOTInstanceNetwork service-linked role for an Exclusive Enterprise Edition instance of IoT Platform and delete the role.
Background information
For more information, see Service-linked roles.
Usage notes
You can enable Message Queuing Telemetry Transport (MQTT)-based virtual private cloud (VPC) endpoints and create the AliyunServiceRoleForIOTInstanceNetwork service-linked role only for Exclusive Enterprise Edition instances.
If you want to connect a device to IoT Platform over a VPC by using MQTT, you must grant the device the permissions to access the VPC. IoT Platform supports automatic creation of service-linked roles. If you create a separate MQTT endpoint for an Exclusive Enterprise Edition instance, the system automatically creates the service-linked role after you enable and grant permissions on VPCs. For more information, see Create a separate MQTT endpoint for an Exclusive Enterprise Edition instance.
Role description
Name:
AliyunServiceRoleForIOTInstanceNetwork
Policy:
AliyunServiceRolePolicyForIOTInstanceNetwork
Permissions:
The service-linked role is used to grant IoT Platform instances
the permissions to access the resources of other Alibaba Cloud services.
{ "Version": "1", "Statement": [ { "Action": [ "privatelink:OpenPrivateLinkService", "privatelink:ListVpcEndpointServices", "privatelink:CreateVpcEndpoint", "privatelink:ListVpcEndpoints", "privatelink:UpdateVpcEndpointAttribute", "privatelink:GetVpcEndpointAttribute", "privatelink:ListVpcEndpointSecurityGroups", "privatelink:AttachSecurityGroupToVpcEndpoint", "privatelink:DetachSecurityGroupFromVpcEndpoint", "privatelink:AddZoneToVpcEndpoint", "privatelink:RemoveZoneFromVpcEndpoint", "privatelink:ListVpcEndpointZones", "privatelink:DeleteVpcEndpoint", "vpc:DescribeVpcs", "ecs:DescribeSecurityGroups", "vpc:DescribeVSwitches" ], "Resource": "*", "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "iot-instance-network.iot.aliyuncs.com" } } }, { "Action": "ram:CreateServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "privatelink.aliyuncs.com" } } } ] }
Delete the role
If you no longer use the AliyunServiceRoleForIOTInstanceNetwork
service-linked role, you can delete the role.
Release the IoT Platform instance to which the role applies.
NoteYou cannot manually release an instance. An instance is automatically released 15 days after the instance is expired.
For more information, see Delete a service-linked role.