The first time that you log on to the Data Transmission Service (DTS) console, you are prompted to assign the AliyunDTSDefaultRole role to DTS. With this role, DTS can access the resources owned by the current Alibaba Cloud account during data replication.
Note
If no authorization message is displayed when you log on to the DTS console, this indicates that DTS has already been authorized. You can skip the steps that are described in this topic.
Procedure
- Log on to the DTS console.
- In the Information message, click Authorize Role in RAM Console.
- In the Cloud Resource Access Authorization dialog box, click Confirm Authorization Policy.
Permission policy
The AliyunDTSDefaultRole policy is attached to the default role of DTS. This policy allows DTS to access ApsaraDB for RDS, ECS, DataHub, Elasticsearch, DRDS, ApsaraDB for PolarDB, ApsaraDB for MongoDB, ApsaraDB for Redis, and HybridDB for MySQL. The policy is defined as follows:
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:Describe*",
"rds:CreateDBInstance",
"rds:CreateAccount*",
"rds:CreateDataBase*",
"rds:ModifySecurityIps",
"rds:GrantAccountPrivilege"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeInstances",
"ecs:DescribeRegions",
"ecs:AuthorizeSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dhs:ListProject",
"dhs:GetProject",
"dhs:CreateTopic",
"dhs:ListTopic",
"dhs:GetTopic",
"dhs:UpdateTopic",
"dhs:ListShard",
"dhs:MergeShard",
"dhs:SplitShard",
"dhs:PutRecords",
"dhs:GetRecords",
"dhs:GetCursors"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"elasticsearch:DescribeInstance",
"elasticsearch:ListInstance",
"elasticsearch:UpdateAdminPwd",
"elasticsearch:UpdatePublicNetwork",
"elasticsearch:UpdateBlackIps",
"elasticsearch:UpdateKibanaIps",
"elasticsearch:UpdatePublicIps",
"elasticsearch:UpdateWhiteIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"drds:DescribeDrds*",
"drds:ModifyDrdsIpWhiteList",
"drds:DescribeRegions",
"drds:DescribeRdsList",
"drds:CeateDrdsDB",
"drds:DescribeShardDBs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeDBClusterIPArrayList",
"polardb:DescribeDBClusterNetInfo",
"polardb:DescribeDBClusters",
"polardb:DescribeRegions",
"polardb:ModifySecurityIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeDBInstanceAttribute",
"dds:DescribeReplicaSetRole",
"dds:DescribeSecurityIps",
"dds:DescribeDBInstances",
"dds:ModifySecurityIps",
"dds:DescribeRegions"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeSecurityIps",
"kvstore:DescribeInstances",
"kvstore:DescribeRegions",
"kvstore:ModifySecurityIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"petadata:DescribeInstanceInfo",
"petadata:DescribeSecurityIPs",
"petadata:DescribeInstances",
"petadata:ModifySecurityIPs"
],
"Resource": "*",
"Effect": "Allow"
}
]
}