Data lake connections (CONNECTION)

更新时间:
复制 MD 格式

This topic describes how to create, update, and delete a data lake connection, and how to grant other users permissions to use it.

Important

This feature is in invitation-only preview. To enable it, submit a ticket.

Overview

A data lake connection (CONNECTION) hosts access credentials for cloud services. You can delegate access to external storage through a connection for scenarios such as data discovery and querying external tables. The connection is encrypted and stored securely in the metadata service. Users with the Connection_Admin or Connection_User role can manage and use the corresponding connections. When you use a connection to access cloud services, you no longer need to expose authentication information, such as AccessKey IDs and AccessKey secrets, in plaintext.

Use cases

  • Create an OSS data discovery task by using a connection.

  • Create and access an OSS external table by using a connection.

Usage notes

  • Region: Data lake connections are supported only in the China (Beijing) and China (Shenzhen) regions.

  • Permissions: An Alibaba Cloud account or a user with the tenant-level Connection_Admin role can manage and create a connection.

    Role

    Permissions

    Connection_Admin

    List, view, create, update, delete, and use connections. Grant other users the Connection_User role so they can use a connection.

    Connection_User

    View and use a connection.

Grant roles

  1. If you are a RAM user, you must be granted the tenant-level Connection_Admin role before you can create and manage connections. For instructions, see Tenant-level role authorization.

  2. Currently, only an Alibaba Cloud account can grant the Connection_Admin role.

    1. Log in to the MaxCompute console and select a region in the upper-left corner.

    2. In the left-side navigation pane, choose Manage Configurations > Tenants .

    3. On the Tenants page, click the Roles tab.

    4. On the Roles tab, find the Connection_Admin role and click Create Authorization in the Actions column.

    5. In the Create Authorization dialog box, add the desired users, and then click OK.

Create a connection

  1. Log in to the MaxCompute console and select a region in the upper-left corner.

  2. In the left-side navigation pane, choose MaxLake > Data Lake Connection.

  3. On the Data Lake Connection (CONNECTION) page, click Create Data Lake Connection.

  4. In the Create Data Lake Connection dialog box, configure the parameters and click OK.

    Parameter

    Description

    Data lake connection parameter

    The name of the data lake connection. The name must be unique within a tenant.

    RAMRoleARN

    The Alibaba Cloud Resource Name (ARN) of the RAM role with OSS access permissions.

    You can create a custom role and specify its RAMRoleARN. For more information, see Authorization scheme for accessing external data sources.

    Data lake connection description

    The description of the data lake connection.

Authorize a connection

To grant other users permission to use a connection, grant them the Connection_User role by following these steps.

  1. Log in to the MaxCompute console and select a region in the upper-left corner.

  2. In the left-side navigation pane, choose MaxLake > Data Lake Connection.

  3. On the Data Lake Connection (CONNECTION) page, in the Operation column for the desired CONNECTION, click Add Authorization.

  4. In the Data Lake Connection Authorization dialog box, add the users you want to authorize and click OK.

View connections

  1. Log in to the MaxCompute console and select a region in the upper-left corner.

  2. In the left-side navigation pane, choose MaxLake > Data Lake Connection.

  3. On the Data Lake Connection (CONNECTION) page, view the CONNECTION list.

Delete a connection

Important

Deleting a connection invalidates access authorizations for dependent external tables and external storage, causing access attempts to fail. Evaluate the potential impact on your business before you proceed. This action is irreversible.

  1. Log in to the MaxCompute console and select a region in the upper-left corner.

  2. In the left-side navigation pane, choose MaxLake > Data Lake Connection.

  3. On the Data Lake Connection (CONNECTION) page, in the Operation column for the desired CONNECTION, click Delete.

  4. In the dialog box, click Delete.