初次使用云数据库RDS的备份恢复服务时,您需要将数据灾备服务关联角色(AliyunServiceRoleForDBS)授权给数据灾备,以允许数据灾备访问、查询和管理您的云数据库。
前提条件
已注册阿里云账号。具体操作,请参见注册阿里云账号。
授权的阿里云账号为主账号。
操作步骤
自动授权
访问RDS实例列表,在上方选择地域,然后单击目标实例ID。
在左侧导航栏中单击备份恢复。
在弹出的对话框中,单击一键授权。
说明数据灾备服务关联角色(AliyunServiceRoleForDBS)的详细权限信息,请参见AliyunServiceRoleForDBS介绍。
单击确定。
此时,您已创建数据灾备服务关联角色(AliyunServiceRoleForDBS),若您需要删除该服务关联角色,请参见删除RAM角色。
手动授权
使用阿里云账号登录RAM控制台。
在左侧导航栏,选择。
在权限策略页面,单击创建权限策略。
在创建权限策略页面,单击脚本编辑页签。
输入权限策略内容,然后单击确定。
说明权限策略内容,请参见AliyunServiceRoleForDBS。
更多关于权限策略语法结构的详情,请参见权限策略语法和结构。
输入权限策略名称和备注。
单击确定。
附录:AliyunServiceRoleForDBS介绍
角色名称:AliyunServiceRoleForDBS
角色权限策略:AliyunServiceRolePolicyForDBS
权限说明:
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:DescribeDBInstanceNetInfo",
"rds:DescribeDBInstanceNetInfoForChannel",
"rds:DescribeTasks",
"rds:DescribeDBInstances",
"rds:DescribeFilesForSQLServer",
"rds:DescribeImportsForSQLServer",
"rds:DescribeSlowLogRecords",
"rds:DescribeBinlogFiles",
"rds:DescribeSQLLogRecords",
"rds:DescribeParameters",
"rds:DescribeParameterTemplates",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeDatabases",
"rds:DescribeAccounts",
"rds:DescribeSecurityIPList",
"rds:DescribeSecurityIps",
"rds:DescribeDBInstanceIPArray",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeDBInstanceSSL",
"rds:DescribeDBInstanceTDE",
"rds:CreateDBInstance",
"rds:CreateAccount",
"rds:CreateDatabase",
"rds:ModifySecurityIps",
"rds:GrantAccountPrivilege",
"rds:CreateMigrateTask",
"rds:CreateOnlineDatabaseTask",
"rds:DescribeMigrateTasks",
"rds:DescribeOssDownloads",
"rds:CreateBackup",
"rds:DescribeBackups",
"rds:DescribeBackupPolicy",
"rds:ModifyBackupPolicy",
"rds:DescribeBackupTasks",
"rds:DescribeBinlogFiles"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeInstance",
"ecs:DescribeInstances",
"ecs:DescribeVpcs",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:JoinSecurityGroup",
"ecs:RevokerSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kms:ListKeys"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:PutEventRule",
"cms:PutEventTargets",
"cms:ListEventRules",
"cms:ListEventTargetsByRule",
"cms:DeleteEventRule",
"cms:DeleteEventTargets"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeDBClusterIPArrayList",
"polardb:DescribeDBClusterNetInfo",
"polardb:DescribeDBClusters",
"polardb:ModifySecurityIps",
"polardb:DescribeDBClusterEndpoints",
"polardb:DescribeDBClusterAccessWhitelist",
"polardb:ModifyDBClusterAccessWhitelist"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeDBInstanceAttribute",
"dds:DescribeReplicaSetRole",
"dds:DescribeSecurityIps",
"dds:DescribeDBInstances",
"dds:ModifySecurityIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeSecurityIps",
"kvstore:DescribeInstances",
"kvstore:DescribeAccounts",
"kvstore:DescribeDBInstanceNetInfo",
"kvstore:CreateAccount",
"kvstore:ModifySecurityIps",
"kvstore:DescribeInstanceAttribute",
"kvstore:AllocateInstancePrivateConnection",
"kvstore:DescribeLogicInstanceTopology"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"drds:DescribeDrdsDB",
"drds:DescribeDrdsDBs",
"drds:DescribeDrdsDbInstance",
"drds:DescribeDrdsDbInstances",
"drds:DescribeDrdsDBIpWhiteList",
"drds:DescribeDrdsInstances",
"drds:ModifyDrdsIpWhiteList",
"drds:CreateDrdsDB",
"drds:DescribeTable",
"drds:DescribeTables",
"drds:ModifyRdsReadWeight",
"drds:ChangeAccountPassword",
"drds:CreateDrdsInstance",
"drds:CreateInstanceAccount",
"drds:CreateInstanceInternetAddress",
"drds:DescribeInstanceAccounts"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"bssapi:QueryResourcePackageInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "hdm:AddHDMInstance",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "dbs.aliyuncs.com"
}
}
}
]
}该文章对您有帮助吗?