OpenSearch-召回引擎版服务关联角色

背景信息

OpenSearch-召回引擎版服务关联角色(AliyunServiceRoleForSearchEngine)是在某些情况下,为了完成OpenSearch-召回引擎版自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色

应用场景

OpenSearch-召回引擎版的数据源功能需要访问云服务OSS的资源,通过服务关联角色功能获取访问权限。

AliyunServiceRoleForSearchEngine介绍

角色名称:AliyunServiceRoleForSearchEngine

角色权限策略:AliyunServiceRoleForSearchEngine授权策略:

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "oss:ListObjects",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "oss:Prefix": [
                        "*opensearch*"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "oss:GetObject",
                "oss:GetObjectAcl"
            ],
            "Resource": "acs:oss:*:*:*/*opensearch*/*"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "searchengine.aliyuncs.com"
                }
            }
        }
    ]
}