服务关联角色管理 - 云数据库 RDS

前提条件

使用Terraform，您需要一个阿里云账号和访问密钥（AccessKey），详细操作请参见创建AccessKey。
已经安装并配置了Terraform，详细操作请参见在Cloud Shell中使用Terraform或在本地安装和配置Terraform。
Terraform版本不低于1.189.0。您可以通过terraform -version命令查看当前版本，如果不满足要求，请前往Terraform官方网站下载并安装最新版本。

授权服务关联角色

在Terraform执行目录下的terraform.tf文件中，配置如下内容，授权服务关联角色（AliyunServiceRoleForRdsPgsqlOnEcs）。
```
resource "alicloud_rds_service_linked_role" "default" {
  service_name = "AliyunServiceRoleForRdsPgsqlOnEcs"
}
```
说明 SLR授权详情，请参见服务关联角色。

运行terraform apply。

出现如下配置信息后，确认配置信息并输入yes，开始授权。

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  + create

Terraform will perform the following actions:

  # alicloud_rds_service_linked_role.default will be created
  + resource "alicloud_rds_service_linked_role" "default" {
      + arn          = (known after apply)
      + id           = (known after apply)
      + role_id      = (known after apply)
      + role_name    = (known after apply)
      + service_name = "AliyunServiceRoleForRdsPgsqlOnEcs"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value:

出现类似如下日志时，表示授权成功。

alicloud_rds_service_linked_role.default: Creating...
alicloud_rds_service_linked_role.default: Creation complete after 3s [id=AliyunServiceRoleForRdsPgsqlOnEcs]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

运行terraform show查看结果。

# alicloud_rds_service_linked_role.default:
resource "alicloud_rds_service_linked_role" "default" {
    arn          = "acs:ram::140****:role/aliyunserviceroleforrdspgsqlonecs"
    id           = "AliyunServiceRoleForRdsPgsqlOnEcs"
    role_id      = "399****"
    role_name    = "AliyunServiceRoleForRdsPgsqlOnEcs"
    service_name = "AliyunServiceRoleForRdsPgsqlOnEcs"
}

删除服务关联角色

在terraform.tf文件中，删除resource "alicloud_rds_service_linked_role" "default"{}配置项的内容，例如，删除如下信息：
```
resource "alicloud_rds_service_linked_role" "default" {
  service_name = "AliyunServiceRoleForRdsPgsqlOnEcs"
}
```

运行terraform apply。

出现如下配置信息后，确认配置信息并输入yes，开始删除服务关联角色。

alicloud_rds_service_linked_role.default: Refreshing state... [id=AliyunServiceRoleForRdsPgsqlOnEcs]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  - destroy

Terraform will perform the following actions:

  # alicloud_rds_service_linked_role.default will be destroyed
  # (because alicloud_rds_service_linked_role.default is not in configuration)
  - resource "alicloud_rds_service_linked_role" "default" {
      - arn          = "acs:ram::140***:role/aliyunserviceroleforrdspgsqlonecs" -> null
      - id           = "AliyunServiceRoleForRdsPgsqlOnEcs" -> null
      - role_id      = "399****" -> null
      - role_name    = "AliyunServiceRoleForRdsPgsqlOnEcs" -> null
      - service_name = "AliyunServiceRoleForRdsPgsqlOnEcs" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value:

出现类似如下日志时，表示删除服务关联角色成功。

alicloud_rds_service_linked_role.default: Destroying... [id=AliyunServiceRoleForRdsPgsqlOnEcs]
alicloud_rds_service_linked_role.default: Destruction complete after 0s

Apply complete! Resources: 0 added, 0 changed, 1 destroyed.

查询已授权的服务关联角色

在terraform.tf文件增加如下内容：

data "alicloud_resource_manager_roles" "slr" {
}

运行terraform apply查询已授权的服务关联角色。

出现类似如下日志时，表示查询成功。

data.alicloud_resource_manager_roles.slr: Reading...
data.alicloud_resource_manager_roles.slr: Read complete after 2s [id=163141****]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are
needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

运行terraform show查看结果。

# data.alicloud_resource_manager_roles.slr:
data "alicloud_resource_manager_roles" "slr" {
    enable_details = false
    id             = "163141****"
    ids            = [
        "AliyunActionTrailDefaultRole",
        "AliyunAdamAccessingDatabaseRole",
        "AliyunAnalyticDBAccessingDTSRole",
        ...
    ]
    names          = [
        "AliyunActionTrailDefaultRole",
        "AliyunAdamAccessingDatabaseRole",
        "AliyunAnalyticDBAccessingDTSRole",
        ...
    ]
    roles          = [
        {
            arn                         = "acs:ram::140****:role/aliyunactiontraildefaultrole"
            assume_role_policy_document = ""
            description                 = "ActionTrail默认使用此角色来访问您在其他云产品中的资源"
            id                          = "AliyunActionTrailDefaultRole"
            max_session_duration        = 3600
            role_id                     = "394****"
            role_name                   = "AliyunActionTrailDefaultRole"
            update_date                 = "2019-05-07T02:29:41Z"
        },
        {
            arn                         = "acs:ram::140****:role/aliyunadamaccessingdatabaserole"
            assume_role_policy_document = ""
            description                 = "ADAM使用此角色来访问您在其他云产品中的资源。"
            id                          = "AliyunAdamAccessingDatabaseRole"
            max_session_duration        = 3600
            role_id                     = "351****"
            role_name                   = "AliyunAdamAccessingDatabaseRole"
            update_date                 = "2020-04-26T07:42:32Z"
        },
        {
            arn                         = "acs:ram::140****:role/aliyunanalyticdbaccessingdtsrole"
            assume_role_policy_document = ""
            description                 = "The Open Analytics will use this role to access DTS."
            id                          = "AliyunAnalyticDBAccessingDTSRole"
            max_session_duration        = 3600
            role_id                     = "312****"
            role_name                   = "AliyunAnalyticDBAccessingDTSRole"
            update_date                 = "2020-03-10T01:49:16Z"
        },
        ...
    ]
}