[Alibaba Cloud] [IoT Platform] [Rule Engine - Network configuration and RAM permission change of data forwarding to RDS / Lindorm / TSDB / Kafka]
Sep 13, 2022
IoT Platform
[Alibaba Cloud] [IoT Platform] [Rule Engine - Network configuration and RAM permission change of data forwarding to RDS / Lindorm / TSDB / Kafka]
Change time: The new rules will take effect at 10:00 on September 14, 2022, and rules that already exist will be revised at 10:00 on September 16, 2022.
Changes: Rule Engine - Network configuration and RAM permission change of data forwarding to RDS / Lindorm / TSDB / Kafka. The following operations are automatically completed by the system without user operation.
1. A managed security group needs to be created in the VPC network where the destination instance is located.
2. Two IP addresses need to be occupied in the vSwitch where the destination instance is located.
3. The network segment of the vSwitch needs to be added to the network white list of the destination instance (except for the Kafak instance).
4. The following VPC network and security group management related permissions need to be added to the system RAM permissions for data forwarding to other cloud products:
vpc:DescribeVSwitchAttributes、vpc:DescribeVSwitches、ecs:CreateNetworkInterface、ecs:DeleteNetworkInterface、ecs:DescribeNetworkInterfaces、ecs:CreateNetworkInterfacePermission、ecs:DescribeNetworkInterfacePermissions、ecs:AttachNetworkInterface、ecs:DetachNetworkInterface、ecs:CreateSecurityGroup、ecs:DeleteSecurityGroup、ecs:DescribeSecurityGroupAttribute、 ecs:AuthorizeSecurityGroupEgress、ecs:TagResources、ecs:ListTagResources.
If you have any questions, please feel free to contact us through the work order or service hotline.
Change time: The new rules will take effect at 10:00 on September 14, 2022, and rules that already exist will be revised at 10:00 on September 16, 2022.
Changes: Rule Engine - Network configuration and RAM permission change of data forwarding to RDS / Lindorm / TSDB / Kafka. The following operations are automatically completed by the system without user operation.
1. A managed security group needs to be created in the VPC network where the destination instance is located.
2. Two IP addresses need to be occupied in the vSwitch where the destination instance is located.
3. The network segment of the vSwitch needs to be added to the network white list of the destination instance (except for the Kafak instance).
4. The following VPC network and security group management related permissions need to be added to the system RAM permissions for data forwarding to other cloud products:
vpc:DescribeVSwitchAttributes、vpc:DescribeVSwitches、ecs:CreateNetworkInterface、ecs:DeleteNetworkInterface、ecs:DescribeNetworkInterfaces、ecs:CreateNetworkInterfacePermission、ecs:DescribeNetworkInterfacePermissions、ecs:AttachNetworkInterface、ecs:DetachNetworkInterface、ecs:CreateSecurityGroup、ecs:DeleteSecurityGroup、ecs:DescribeSecurityGroupAttribute、 ecs:AuthorizeSecurityGroupEgress、ecs:TagResources、ecs:ListTagResources.
If you have any questions, please feel free to contact us through the work order or service hotline.