All Products
Search
Document Center

AliyunServiceRoleForOpenSearch

Last Updated: Sep 09, 2021

AliyunServiceRoleForOpenSearch is the RAM role that is linked to OpenSearch. This topic describes the scenarios of the RAM role and shows you how to delete the RAM role.

Background information

To use an OpenSearch feature, access to other cloud services may be required. To this end, Alibaba Cloud provides the AliyunServiceRoleForOpenSearch role that allows OpenSearch to access other cloud services. For more information, see Service-linked roles.

Scenarios

To configure data sources in OpenSearch, you must be granted permissions to access the resources of ApsaraDB RDS, PolarDB, or PolarDB-X data sources. In this case, the AliyunServiceRoleForOpenSearch role can be used to obtain permissions to access the data sources.

Description

Role name: AliyunServiceRoleForOpenSearch. Role policy: AliyunServiceRolePolicyForOpenSearch. Sample authorization policy:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "rds:DescribeDBInstanceAttribute",
        "rds:DescribeDBInstances",
        "rds:DescribeDatabases",
        "rds:DescribeDBInstanceIPArrayList",
        "rds:DescribeAccounts",
        "rds:DescribeAbnormalDBInstances",
        "rds:ModifySecurityIps",
        "rds:DescribeResourceUsage"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "polardb:DescribeDBClusterAttribute",
        "polardb:DescribeDBClusterEndpoints",
        "polardb:ModifyDBClusterAccessWhitelist",
        "polardb:DescribeDBClusterAccessWhitelist",
        "polardb:DescribeDBClusterParameters"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "drds:DescribeDrdsInstance",
        "drds:ModifyDrdsIpWhiteList",
        "drds:DescribeDrdsDBIpWhiteList",
        "drds:DescribeRdsList",
        "drds:DescribeDrdsDB"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "opensearch.aliyuncs.com"
        }
      }
    }
  ]
}

Delete the AliyunServiceRoleForOpenSearch role

If you need to delete the AliyunServiceRoleForOpenSearch role, you must release the application that is associated with this RAM role. For more information about how to delete a service-linked role, see the Delete a service-linked role section of the "Service-linked roles" topic.