全部产品

OpenSearch服务关联角色

更新时间:2020-09-03 14:57:01

本文为您介绍OpenSearch服务关联角色(AliyunServiceRoleForOpenSearch)的应用场景以及如何删除服务关联角色。

背景信息

OpenSearch服务关联角色(AliyunServiceRoleForOpenSearch)是在某些情况下,为了完成OpenSearch自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色

应用场景

OpenSearch的数据源功能需要访问云服务Rds/PolarDB/DRDS的资源,通过服务关联角色功能获取访问权限。

AliyunServiceRoleForOpenSearch介绍

角色名称:AliyunServiceRoleForOpenSearch
角色权限策略:AliyunServiceRolePolicyForOpenSearch
授权策略:

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Action": [
  6. "rds:DescribeDBInstanceAttribute",
  7. "rds:DescribeDBInstances",
  8. "rds:DescribeDatabases",
  9. "rds:DescribeDBInstanceIPArrayList",
  10. "rds:DescribeAccounts",
  11. "rds:DescribeAbnormalDBInstances",
  12. "rds:ModifySecurityIps",
  13. "rds:DescribeResourceUsage"
  14. ],
  15. "Resource": "*",
  16. "Effect": "Allow"
  17. },
  18. {
  19. "Action": [
  20. "polardb:DescribeDBClusterAttribute",
  21. "polardb:DescribeDBClusterEndpoints",
  22. "polardb:ModifyDBClusterAccessWhitelist",
  23. "polardb:DescribeDBClusterAccessWhitelist",
  24. "polardb:DescribeDBClusterParameters"
  25. ],
  26. "Resource": "*",
  27. "Effect": "Allow"
  28. },
  29. {
  30. "Action": [
  31. "drds:DescribeDrdsInstance",
  32. "drds:ModifyDrdsIpWhiteList",
  33. "drds:DescribeDrdsDBIpWhiteList",
  34. "drds:DescribeRdsList",
  35. "drds:DescribeDrdsDB"
  36. ],
  37. "Resource": "*",
  38. "Effect": "Allow"
  39. },
  40. {
  41. "Action": "ram:DeleteServiceLinkedRole",
  42. "Resource": "*",
  43. "Effect": "Allow",
  44. "Condition": {
  45. "StringEquals": {
  46. "ram:ServiceName": "opensearch.aliyuncs.com"
  47. }
  48. }
  49. }
  50. ]
  51. }

删除服务关联角色

如果您需要删除AliyunServiceRoleForOpenSearch(服务关联角色),需要先释放掉依赖这个服务关联角色的OpenSearch应用,删除服务关联角色具体操作请参见删除服务关联角色