如果首次创建RDS实例,需要授权服务关联角色(AliyunServiceRoleForRdsPgsqlOnEcs),允许RDS服务通过该角色完成弹性网卡的挂载动作,进而打通网络链路。本文介绍服务关联角色的相关配置。
前提条件
-
使用Terraform,您需要一个阿里云账号和访问密钥(AccessKey),详细操作请参见创建AccessKey。
-
已经安装并配置了Terraform,详细操作请参见在Cloud Shell中使用Terraform或在本地安装和配置Terraform。
-
Terraform版本不低于1.189.0。您可以通过
terraform -version命令查看当前版本,如果不满足要求,请前往Terraform官方网站下载并安装最新版本。
授权服务关联角色
-
在Terraform执行目录下的terraform.tf文件中,配置如下内容,授权服务关联角色(AliyunServiceRoleForRdsPgsqlOnEcs)。
resource "alicloud_rds_service_linked_role" "default" { service_name = "AliyunServiceRoleForRdsPgsqlOnEcs" }说明
SLR授权详情,请参见服务关联角色。
-
运行
terraform apply。出现如下配置信息后,确认配置信息并输入yes,开始授权。
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_rds_service_linked_role.default will be created + resource "alicloud_rds_service_linked_role" "default" { + arn = (known after apply) + id = (known after apply) + role_id = (known after apply) + role_name = (known after apply) + service_name = "AliyunServiceRoleForRdsPgsqlOnEcs" } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:出现类似如下日志时,表示授权成功。
alicloud_rds_service_linked_role.default: Creating... alicloud_rds_service_linked_role.default: Creation complete after 3s [id=AliyunServiceRoleForRdsPgsqlOnEcs] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. -
运行
terraform show查看结果。# alicloud_rds_service_linked_role.default: resource "alicloud_rds_service_linked_role" "default" { arn = "acs:ram::140****:role/aliyunserviceroleforrdspgsqlonecs" id = "AliyunServiceRoleForRdsPgsqlOnEcs" role_id = "399****" role_name = "AliyunServiceRoleForRdsPgsqlOnEcs" service_name = "AliyunServiceRoleForRdsPgsqlOnEcs" }
删除服务关联角色
-
在terraform.tf文件中,删除
resource "alicloud_rds_service_linked_role" "default"{}配置项的内容,例如,删除如下信息:resource "alicloud_rds_service_linked_role" "default" { service_name = "AliyunServiceRoleForRdsPgsqlOnEcs" } -
运行
terraform apply。出现如下配置信息后,确认配置信息并输入yes,开始删除服务关联角色。
alicloud_rds_service_linked_role.default: Refreshing state... [id=AliyunServiceRoleForRdsPgsqlOnEcs] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # alicloud_rds_service_linked_role.default will be destroyed # (because alicloud_rds_service_linked_role.default is not in configuration) - resource "alicloud_rds_service_linked_role" "default" { - arn = "acs:ram::140***:role/aliyunserviceroleforrdspgsqlonecs" -> null - id = "AliyunServiceRoleForRdsPgsqlOnEcs" -> null - role_id = "399****" -> null - role_name = "AliyunServiceRoleForRdsPgsqlOnEcs" -> null - service_name = "AliyunServiceRoleForRdsPgsqlOnEcs" -> null } Plan: 0 to add, 0 to change, 1 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:出现类似如下日志时,表示删除服务关联角色成功。
alicloud_rds_service_linked_role.default: Destroying... [id=AliyunServiceRoleForRdsPgsqlOnEcs] alicloud_rds_service_linked_role.default: Destruction complete after 0s Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
查询已授权的服务关联角色
-
在terraform.tf文件增加如下内容:
data "alicloud_resource_manager_roles" "slr" { } -
运行
terraform apply查询已授权的服务关联角色。出现类似如下日志时,表示查询成功。
data.alicloud_resource_manager_roles.slr: Reading... data.alicloud_resource_manager_roles.slr: Read complete after 2s [id=163141****] No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. Apply complete! Resources: 0 added, 0 changed, 0 destroyed. -
运行
terraform show查看结果。# data.alicloud_resource_manager_roles.slr: data "alicloud_resource_manager_roles" "slr" { enable_details = false id = "163141****" ids = [ "AliyunActionTrailDefaultRole", "AliyunAdamAccessingDatabaseRole", "AliyunAnalyticDBAccessingDTSRole", ... ] names = [ "AliyunActionTrailDefaultRole", "AliyunAdamAccessingDatabaseRole", "AliyunAnalyticDBAccessingDTSRole", ... ] roles = [ { arn = "acs:ram::140****:role/aliyunactiontraildefaultrole" assume_role_policy_document = "" description = "ActionTrail默认使用此角色来访问您在其他云产品中的资源" id = "AliyunActionTrailDefaultRole" max_session_duration = 3600 role_id = "394****" role_name = "AliyunActionTrailDefaultRole" update_date = "2019-05-07T02:29:41Z" }, { arn = "acs:ram::140****:role/aliyunadamaccessingdatabaserole" assume_role_policy_document = "" description = "ADAM使用此角色来访问您在其他云产品中的资源。" id = "AliyunAdamAccessingDatabaseRole" max_session_duration = 3600 role_id = "351****" role_name = "AliyunAdamAccessingDatabaseRole" update_date = "2020-04-26T07:42:32Z" }, { arn = "acs:ram::140****:role/aliyunanalyticdbaccessingdtsrole" assume_role_policy_document = "" description = "The Open Analytics will use this role to access DTS." id = "AliyunAnalyticDBAccessingDTSRole" max_session_duration = 3600 role_id = "312****" role_name = "AliyunAnalyticDBAccessingDTSRole" update_date = "2020-03-10T01:49:16Z" }, ... ] }
内容没看懂? 不太想学习?想快速解决? 有偿解决: 联系专家
阿里云企业补贴进行中: 马上申请
腾讯云限时活动1折起,即将结束: 马上收藏
同尘科技为腾讯云授权服务中心。
购买腾讯云产品享受折上折,更有现金返利:同意关联,立享优惠
转转请注明出处:https://www.yunxiaoer.com/167541.html
