本文为您介绍云桌面(原名图形工作站,GWS)服务关联角色(AliyunServiceRoleForGws)的应用场景以及如何删除服务关联角色。
背景信息
用于云桌面(原名图形工作站,GWS)的服务关联角色(AliyunServiceRoleForGws),是为了访问您在其他云产品中的资源。更多信息请参考服务关联角色。
应用场景
GWS 的创建 / 停止 / 启动实例、创建 / 删除镜像等功能,需要通过访问 ECS / VPC 等云产品来实现。AliyunServiceRoleForGws 介绍
角色名称:AliyunServiceRoleForGws
角色权限策略:AliyunServiceRolePolicyForGws
权限说明:
{
"Version": "1",
"Statement": [
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "gws.aliyuncs.com"
}
}
},
{
"Action": "acm:DescribePrice",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:StopInstance",
"ecs:CreateInstance",
"ecs:DeleteInstance",
"ecs:StartInstance",
"ecs:RebootInstance",
"ecs:DescribeInstances",
"ecs:DescribeInstanceAttribute",
"ecs:CreateImage",
"ecs:DeleteImage",
"ecs:DescribeImages",
"ecs:ModifyImageAttribute",
"ecs:AllocatePublicIpAddress",
"ecs:DescribeZones",
"ecs:DescribeAvailableResource",
"ecs:DescribeSecurityGroups",
"ecs:CreateSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:DescribeUserData",
"ecs:TagResources",
"ecs:ModifyInstanceAttribute",
"ecs:ModifyInstanceVncPasswd",
"ecs:RunCommand",
"ecs:DescribeInvocationResults",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:RevokeSecurityGroupEgress"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:CreateVSwitch",
"vpc:CreateVpc",
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches",
"vpc:CreateNatGateway",
"vpc:DeleteNatGateway",
"vpc:DescribeNatGateways",
"vpc:CreateForwardEntry",
"vpc:DeleteForwardEntry",
"vpc:DescribeForwardTableEntries",
"vpc:ModifyForwardEntry"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
删除服务关联角色
如果您需要删除 AliyunServiceRoleForGws(服务关联角色),需要先释放依赖这个服务关联角色的云桌面集群。