文档

OpenSearch-行业算法版服务关联角色

更新时间:

本文为您介绍OpenSearch-行业算法版服务关联角色(AliyunServiceRoleForOpenSearch)的应用场景以及如何删除服务关联角色。

背景信息

OpenSearch-行业算法版服务关联角色(AliyunServiceRoleForOpenSearch)是在某些情况下,为了完成OpenSearch-行业算法版自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色

应用场景

OpenSearch-行业算法版的数据源功能需要访问云服务Rds/PolarDB/DRDS的资源,通过服务关联角色功能获取访问权限。

AliyunServiceRoleForOpenSearch介绍

角色名称:AliyunServiceRoleForOpenSearch角色权限策略:AliyunServiceRolePolicyForOpenSearch授权策略:

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "rds:DescribeDBInstanceAttribute",
                "rds:DescribeDBInstances",
                "rds:DescribeDatabases",
                "rds:DescribeDBInstanceIPArrayList",
                "rds:DescribeAccounts",
                "rds:DescribeAbnormalDBInstances",
                "rds:ModifySecurityIps",
                "rds:DescribeResourceUsage"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "polardb:DescribeDBClusterAttribute",
                "polardb:DescribeDBClusterEndpoints",
                "polardb:ModifyDBClusterAccessWhitelist",
                "polardb:DescribeDBClusterAccessWhitelist",
                "polardb:DescribeDBClusterParameters"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "drds:DescribeDrdsInstance",
                "drds:ModifyDrdsIpWhiteList",
                "drds:DescribeDrdsDBIpWhiteList",
                "drds:DescribeRdsList",
                "drds:DescribeDrdsDB"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "dts:ConfigureSubscriptionInstance",
                "dts:CreateConsumerGroup",
                "dts:StartSubscriptionInstance",
                "dts:DescribeSubscriptionInstanceStatus",
                "dts:DescribeConsumerGroup",
                "dts:DeleteConsumerGroup"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "opensearch.aliyuncs.com"
                }
            }
        }
    ]
}

删除服务关联角色

如果您需要删除AliyunServiceRoleForOpenSearch(服务关联角色),需要先释放掉依赖这个服务关联角色的OpenSearch-行业算法版的应用,删除服务关联角色具体操作请参见删除服务关联角色

  • 本页导读 (0)
文档反馈