開通靈駿串連後,使用者可通過靈駿串連訪問阿里雲其他雲產品(例如,訪問VPC、建立專線、建立彈性網卡等),進行此類操作時需通過服務關聯角色擷取對應雲產品的存取權限。本文為您介紹靈駿串連執行個體關聯角色(AliyunServiceRoleForEfloVcc)的應用情境以及如何刪除服務關聯角色。
背景資訊
靈駿串連服務關聯角色(AliyunServiceRoleForEfloVcc)是在某些情況下,為了完成靈駿串連自身的某個功能,需要擷取其他雲端服務的存取權限,而提供的RAM角色。更多關於服務關聯角色的資訊請參見服務關聯角色。
許可權說明
角色名稱:AliyunServiceRoleForEfloVcc
角色權限原則:
{ "Version": "1", "Statement": [ { "Action": [ "ecs:CreateNetworkInterface", "ecs:AttachNetworkInterface", "ecs:DetachNetworkInterface", "ecs:DeleteNetworkInterface", "ecs:DescribeNetworkInterfaces", "ecs:CreateSecurityGroup", "ecs:DeleteSecurityGroup", "ecs:AuthorizeSecurityGroup", "ecs:AuthorizeSecurityGroupEgress", "ecs:RevokeSecurityGroup", "ecs:RevokeSecurityGroupEgress", "ecs:DescribeSecurityGroups", "ecs:DescribeSecurityGroupAttribute", "ecs:ModifyInstanceAttribute" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "vpc:DescribeVpcs", "vpc:DescribeVSwitches", "vpc:ConfirmPhysicalConnection", "vpc:CreateVirtualBorderRouter", "vpc:DeleteVirtualBorderRouter", "vpc:DescribeVirtualBorderRouters", "vpc:CreateBgpGroup", "vpc:DeleteBgpGroup", "vpc:DescribeBgpGroups", "vpc:CreateBgpPeer", "vpc:DeleteBgpPeer", "vpc:DescribeBgpPeers", "cen:AttachCenChildInstance", "cen:DetachCenChildInstance", "vpc:DescribeRouteEntryList", "vpc:AddBgpNetwork", "vpc:DeleteBgpNetwork", "vpc:DescribeBgpNetworks", "vpc:TerminatePhysicalConnection", "vpc:RecoverPhysicalConnection", "vpc:DeletePhysicalConnection", "vpc:OpenPhysicalConnectionService", "vpc:GetPhysicalConnectionServiceStatus", "vpc:DescribePhysicalConnections", "vpc:CreatePhysicalConnectionOccupancyOrder", "vpc:UpdateVirtualPhysicalConnection", "vpc:CreateRouterInterface", "vpc:DeleteRouterInterface", "vpc:DeactivateRouterInterface", "vpc:DescribeRouterInterfaces", "vpc:DescribeRouteTableList", "vpc:CreateRouteEntries", "vpc:DeleteRouteEntries", "vpc:CreateRouteEntry", "vpc:DeleteRouteEntry", "vpc:DescribeGrantRulesToCen", "vpc:GrantInstanceToCen", "vpc:RevokeInstanceFromCen", "vpc:CreatePhysicalConnectionNew", "vpc:ModifyVirtualBorderRouterAttribute", "vpc:AssociatePhysicalConnectionToVirtualBorderRouter", "vpc:UnassociatePhysicalConnectionFromVirtualBorderRouter", "bssapi:SetRenewal", "vpc:CancelPhysicalConnection" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "cen:CreateTransitRouterRouteEntry", "cen:ListTransitRouterRouteEntries", "cen:DeleteTransitRouterRouteEntry", "cen:ResolveAndRouteServiceInCen", "cen:DescribeRouteServicesInCen", "cen:DeleteRouteServiceInCen", "cen:CreateTransitRouterVbrAttachment", "cen:DeleteTransitRouterVbrAttachment", "cen:ListTransitRouterVbrAttachments", "cen:ListTransitRouterVpcAttachments", "cen:DisableTransitRouterRouteTablePropagation", "cen:EnableTransitRouterRouteTablePropagation", "cen:ListTransitRouterRouteTablePropagations", "cen:AssociateTransitRouterAttachmentWithRouteTable", "cen:DissociateTransitRouterAttachmentFromRouteTable", "cen:ListTransitRouterRouteTableAssociations", "cen:ListTransitRouterRouteTables", "cen:ListTransitRouters", "cen:ListTransitRouterAvailableResource", "cen:ResolveAndRouteServiceInCen", "cen:DescribeRouteServicesInCen", "cen:DeleteRouteServiceInCen", "cen:DescribeCenAttachedChildInstances", "cen:DescribeCenAttachedChildInstanceAttribute", "cen:DescribeCens" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "ros:ListStacks", "ros:GetStack", "ros:ListStackEvents", "ros:ListStackResources", "ros:GetStackResource", "ros:CreateStack", "ros:DeleteStack", "ros:PreviewStack" ], "Resource": [ "*" ], "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "vcc.eflo.aliyuncs.com" } } } ] }
建立服務關聯角色
當您第一次建立叢集,進行網路設定,您需要單擊授權服務角色建立按鈕,一鍵建立服務關聯角色(AliyunServiceRoleForEfloVcc)。
刪除服務關聯角色
如果您需要刪除AliyunServiceRoleForEfloVcc(服務關聯角色),需要先釋放依賴這個服務關聯角色的靈駿串連。
釋放靈駿串連可等雲端服務執行個體到期自動釋放。
刪除服務關聯角色具體操作請參見刪除服務關聯角色。