首次使用EMR Workflow前,需要授予您的阿里云账号默认角色。本文为您介绍角色授权的操作,以及权限策略的内容。
注意事项
首次使用EMR Workflow时,必须使用阿里云账号完成默认角色授权,否则RAM用户和阿里云账号不能使用EMR Workflow。
如果删除默认角色,请确保使用该角色的资源已经释放,否则会影响EMR Workflow的正常使用。
授权操作
说明
首次使用EMR Workflow时,您只需要按照以下操作通过阿里云账号(主账号)进行授权,无需手动配置权限。一旦授权成功,以后使用时就无需再进行重复授权。
使用阿里云账号(主账号)登录E-MapReduce控制台。
在左侧导航栏,选择EMR Workbench > Workflow。
在依赖检测页面,单击去授权。
单击同意授权。
授权后,EMR Workflow拥有对您云资源相应的访问权限。
策略内容
AliyunEMRWorkflowDefaultRole
AliyunEMRWorkflowDefaultRole对应的权限策略为AliyunEMRWorkflowDefaultRolePolicy。策略内容如下所示。
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVSwitches",
"vpc:CreateRouteTable",
"vpc:DeleteRouteTable",
"vpc:UnassociateRouteTable",
"vpc:AssociateRouteTable",
"vpc:DescribeRouteTableList",
"vpc:CreateRouteEntry",
"vpc:DeleteRouteEntry",
"vpc:DescribeRouteEntryList",
"emr:ListClusterHost",
"emr:DescribeCluster",
"emr:DescribeClusterV2",
"emr:ListClusters",
"emr:DescribeFlowAgentToken",
"emr:ListClusterServiceQuickLink",
"emr:DescribeClusterServiceConfig",
"emr:ListClusterHostComponent",
"emr:DescribeClusterServiceConfig",
"emr:GetClusterClientMeta",
"emr:ListApplicationConfigFiles",
"emr:GetApplicationConfigFile",
"emr:ListNodeGroups",
"emr:ListNodes",
"emr:ListClusterTemplates",
"emr:DescribeClusterTemplate",
"emr:DescribeFlowProject",
"emr:ListFlow",
"emr:DescribeFlow",
"emr:DescribeFlowJob",
"emr:ListFlowJob",
"emr:ListFlowProject",
"emr:ListFlowCategory",
"emr:DescribeFlowVariableCollection",
"dlf:BatchCreatePartitions",
"dlf:BatchCreateTables",
"dlf:BatchDeletePartitions",
"dlf:BatchDeleteTables",
"dlf:BatchGetPartitions",
"dlf:BatchGetTables",
"dlf:BatchUpdatePartitions",
"dlf:BatchUpdateTables",
"dlf:CreateDatabase",
"dlf:CreateFunction",
"dlf:CreatePartition",
"dlf:CreateTable",
"dlf:DeleteDatabase",
"dlf:DeleteFunction",
"dlf:DeletePartition",
"dlf:DeleteTable",
"dlf:GetDatabase",
"dlf:GetFunction",
"dlf:GetPartition",
"dlf:GetTable",
"dlf:ListCatalogs",
"dlf:ListDatabases",
"dlf:ListFunctionNames",
"dlf:ListFunctions",
"dlf:ListPartitionNames",
"dlf:ListPartitions",
"dlf:ListPartitionsByExpr",
"dlf:ListPartitionsByFilter",
"dlf:ListTableNames",
"dlf:ListTables",
"dlf:RenamePartition",
"dlf:RenameTable",
"dlf:UpdateDatabase",
"dlf:UpdateFunction",
"dlf:UpdateTable",
"dlf:UpdateTableColumnStatistics",
"dlf:GetTableColumnStatistics",
"dlf:DeleteTableColumnStatistics",
"dlf:UpdatePartitionColumnStatistics",
"dlf:GetPartitionColumnStatistics",
"dlf:DeletePartitionColumnStatistics",
"dlf:BatchGetPartitionColumnStatistics",
"dlf:CreateLock",
"dlf:UnLock",
"dlf:AbortLock",
"dlf:RefreshLock",
"dlf:GetLock",
"dlf:GetAsyncTaskStatus"
],
"Resource": "*",
"Effect": "Allow"
}
]
}AliyunStreamAsiDefaultrole
依赖Flink全托管服务的角色AliyunStreamAsiDefaultrole,其对应的权限策略为AliyunStreamAsiDefaultRolePolicy。策略内容如下所示。
{
"Version": "1",
"Statement": [
{
"Action": [
"oss:ListBuckets",
"oss:GetBucketInfo",
"oss:GetObjectMetadata",
"oss:GetObject",
"oss:ListObjects",
"oss:PutObject",
"oss:CopyObject",
"oss:CompleteMultipartUpload",
"oss:AbortMultipartUpload",
"oss:InitiateMultipartUpload",
"oss:UploadPartCopy",
"oss:UploadPart",
"oss:DeleteObject",
"oss:PutBucketcors",
"oss:GetBucketCors"
],
"Resource": "acs:oss:*:*:*",
"Effect": "Allow"
},
{
"Action": [
"ecs:AssociateEipAddress",
"ecs:AttachNetworkInterface",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:CreateNetworkInterface",
"ecs:CreateNetworkInterfacePermission",
"ecs:CreateSecurityGroup",
"ecs:DeleteNetworkInterface",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DeleteSecurityGroup",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroupReferences",
"ecs:DescribeSecurityGroups",
"ecs:DetachNetworkInterface",
"ecs:JoinSecurityGroup",
"ecs:LeaveSecurityGroup",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:ModifySecurityGroupAttribute",
"ecs:ModifySecurityGroupPolicy",
"ecs:ModifySecurityGroupPolicy",
"ecs:ModifySecurityGroupRule",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:UnassociateEipAddress"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"slb:AddBackendServers",
"slb:AddListenerWhiteListItem",
"slb:AddTags",
"slb:AddVServerGroupBackendServers",
"slb:CreateLoadBalancer",
"slb:CreateLoadBalancerHTTPListener",
"slb:CreateLoadBalancerHTTPSListener",
"slb:CreateLoadBalancerTCPListener",
"slb:CreateLoadBalancerUDPListener",
"slb:CreateRules",
"slb:CreateVServerGroup",
"slb:DeleteLoadBalancer",
"slb:DeleteLoadBalancerListener",
"slb:DeleteRules",
"slb:DeleteVServerGroup",
"slb:DescribeHealthStatus",
"slb:DescribeListenerAccessControlAttribute",
"slb:DescribeLoadBalancerAttribute",
"slb:DescribeLoadBalancerHTTPListenerAttribute",
"slb:DescribeLoadBalancerHTTPListenerAttributes",
"slb:DescribeLoadBalancerHTTPSListenerAttribute",
"slb:DescribeLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerUDPListenerAttribute",
"slb:DescribeLoadBalancers",
"slb:DescribeRegions",
"slb:DescribeRules",
"slb:DescribeTags",
"slb:DescribeVServerGroupAttribute",
"slb:DescribeVServerGroups",
"slb:ModifyLoadBalancerInstanceSpec",
"slb:ModifyLoadBalancerInternetSpec",
"slb:ModifyLoadBalancerInstanceChargeType",
"slb:ModifyLoadBalancerPayType",
"slb:RemoveBackendServers",
"slb:RemoveListenerWhiteListItem",
"slb:RemoveVServerGroupBackendServers",
"slb:SetBackendServers",
"slb:SetListenerAccessControlStatus",
"slb:SetLoadBalancerHTTPListenerAttribute",
"slb:SetLoadBalancerHTTPSListenerAttribute",
"slb:SetLoadBalancerName",
"slb:SetLoadBalancerStatus",
"slb:SetLoadBalancerTCPListenerAttribute",
"slb:SetLoadBalancerUDPListenerAttribute",
"slb:SetRule",
"slb:SetServerCertificateName",
"slb:SetVServerGroupAttribute",
"slb:StartLoadBalancerListener",
"slb:StopLoadBalancerListener",
"slb:SetLoadBalancerDeleteProtection",
"slb:RemoveTags",
"slb:DescribeLoadBalancerListeners",
"slb:ModifyVServerGroupBackendServers",
"slb:SetLoadBalancerModificationProtection",
"slb:CreateLoadBalancerForCloudService"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"arms:ListDashboards",
"arms:CreateContact",
"arms:DeleteContact",
"arms:SearchContact",
"arms:UpdateContact",
"arms:CreateContactGroup",
"arms:DeleteContactGroup",
"arms:SearchContactGroup",
"arms:UpdateContactGroup",
"arms:SearchAlertRules",
"arms:CreateAlertRules",
"arms:UpdateAlertRules",
"arms:DeleteAlertRules",
"arms:StartAlertRule",
"arms:StopAlertRule",
"arms:SearchAlarmHistories",
"arms:OpenArmsService",
"arms:CreateWehook",
"arms:UpdateWebhook",
"arms:CreateDispatchRule",
"arms:ListDispatchRule",
"arms:DeleteDispatchRule",
"arms:UpdateDispatchRule",
"arms:DescribeDispatchRule",
"arms:GetAlarmHistories",
"arms:SendCustomIncidents",
"arms:SaveAlert",
"arms:DeleteAlert",
"arms:GetAlert"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcAttribute",
"vpc:DescribeVpcs",
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVSwitches",
"vpc:DescribeRouteTableList",
"vpc:DescribeRouteTables",
"vpc:DescribeRouteEntryList",
"vpc:DescribeRouterInterfaceAttribute",
"vpc:DescribeRouterInterfaces",
"vpc:DescribeVRouters",
"vpc:ModifyBypassToaAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ims:ListUserBasicInfos"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"tag:ListTagResources",
"tag:ListTagKeys",
"tag:ListTagValues"
],
"Resource": "*",
"Effect": "Allow"
}
]
}反馈
- 本页导读 (1)
文档反馈