DocsICP FilingConsole
官方文档
首页

AliyunServiceRoleForOpenSearch

更新时间:
复制 MD 格式
产品详情
我的收藏

AliyunServiceRoleForOpenSearch is the service-linked RAM role for OpenSearch Industry Algorithm Edition. It grants OpenSearch access to other cloud services required for data source configuration.

Background information

Some OpenSearch Industry Algorithm Edition features require access to other cloud services. Alibaba Cloud provides the AliyunServiceRoleForOpenSearch role to grant this access. For more information, see Service-linked roles.

Scenarios

When you configure data sources in OpenSearch Industry Algorithm Edition, you need permissions to access ApsaraDB RDS, PolarDB, or Distributed Relational Database Service (DRDS) resources. The AliyunServiceRoleForOpenSearch role provides these permissions.

Description

Role name: AliyunServiceRoleForOpenSearch. Role policy: AliyunServiceRolePolicyForOpenSearch. Sample authorization policy:

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "rds:DescribeDBInstanceAttribute",
                "rds:DescribeDBInstances",
                "rds:DescribeDatabases",
                "rds:DescribeDBInstanceIPArrayList",
                "rds:DescribeAccounts",
                "rds:DescribeAbnormalDBInstances",
                "rds:ModifySecurityIps",
                "rds:DescribeResourceUsage"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "polardb:DescribeDBClusterAttribute",
                "polardb:DescribeDBClusterEndpoints",
                "polardb:ModifyDBClusterAccessWhitelist",
                "polardb:DescribeDBClusterAccessWhitelist",
                "polardb:DescribeDBClusterParameters"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "drds:DescribeDrdsInstance",
                "drds:ModifyDrdsIpWhiteList",
                "drds:DescribeDrdsDBIpWhiteList",
                "drds:DescribeRdsList",
                "drds:DescribeDrdsDB"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "dts:ConfigureSubscriptionInstance",
                "dts:CreateConsumerGroup",
                "dts:StartSubscriptionInstance",
                "dts:DescribeSubscriptionInstanceStatus",
                "dts:DescribeConsumerGroup",
                "dts:DeleteConsumerGroup"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "opensearch.aliyuncs.com"
                }
            }
        }
    ]
}

Delete the AliyunServiceRoleForOpenSearch role

Before you delete the AliyunServiceRoleForOpenSearch role, release the application associated with the role. For more information, see the Delete a service-linked role section of the "Service-linked roles" topic.

Previous:Types of resources that can be authorizedNext:Access control rules