文档

EMR Notebook角色授权

更新时间:

首次使用EMR Notebook前,需要授予您的阿里云账号AliyunEMRNotebookDefaultRole默认角色。本文为您介绍角色授权的操作,以及权限策略的内容。

注意事项

  • 首次使用EMR Notebook时,必须使用阿里云账号完成默认角色授权,否则RAM用户和阿里云账号不能使用EMR Notebook。

  • 如果删除默认角色,请确保使用该角色的资源已经释放,否则会影响EMR Notebook的正常使用。

授权操作

  1. 登录E-MapReduce控制台

  2. 在左侧导航栏,选择EMR Workbench > Notebook

  3. 在依赖检查页面,单击去授权

  4. 单击同意授权

    授权后,EMR Notebook拥有对您云资源相应的访问权限。

策略内容

AliyunEMRNotebookDefaultRole对应的权限策略为AliyunEMRNotebookDefaultRolePolicy。AliyunEMRNotebookDefaultRolePolicy是用于EMR Notebook服务角色的授权策略。策略内容如下所示。

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:CreateNetworkInterface",
                "ecs:DeleteNetworkInterface",
                "ecs:DescribeNetworkInterfaces",
                "ecs:CreateNetworkInterfacePermission",
                "ecs:DescribeNetworkInterfacePermissions",
                "ecs:DeleteNetworkInterfacePermission",
                "ecs:DescribeSecurityGroupAttribute",
                "ecs:DescribeSecurityGroups",
                "vpc:CreateRouteTable",
                "vpc:DeleteRouteTable",
                "vpc:UnassociateRouteTable",
                "vpc:AssociateRouteTable",
                "vpc:DescribeRouteTableList",
                "vpc:CreateRouteEntry",
                "vpc:DeleteRouteEntry",
                "vpc:DescribeRouteEntryList",
                "vpc:DescribeVpcs",
                "vpc:DescribeVSwitchAttributes",
                "vpc:DescribeVSwitches",
                "emr:ListClusterHost",
                "emr:DescribeCluster",
                "emr:DescribeClusterV2",
                "emr:ListClusters",
                "emr:DescribeFlowAgentToken",
                "emr:ListClusterServiceQuickLink",
                "emr:DescribeClusterServiceConfig",
                "emr:ListClusterHostComponent",
                "emr:DescribeClusterServiceConfig",
                "emr:GetClusterClientMeta",
                "emr:ListApplicationConfigFiles",
                "emr:GetApplicationConfigFile",
                "emr:ListNodeGroups",
                "emr:ListNodes",
                "ram:ListUsers",
                "ram:GetUser"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}