When a user activates the E-MapReduce service, a system default role named AliyunEMRDefaultRole must be granted to the E-MapReduce service account. If the role is assigned correctly, E-MapReduce can then properly call relevant services (such as ECS and OSS), create the clusters, save the logs, and perform other related tasks.
Role authorization process
- When you create a cluster or an on-demand execution plan, if no default role is authorized correctly to the E-MapReduce service account, the following prompt is displayed. Click Go to RAM for authorization to perform role authorization.
- You are directed to RAM’s authorization page. Click Confirm Authorization Policy to authorize the default role AliyunE-MapReduceDefaultRole to E-MapReduce service account.
- Refresh the E-MapReduce console, and then perform relevant operations. If you want to view relevant detailed policy information of AliyunE-MapReduceDefaultRole, you can log on to the RAM console, or click View Link.
Default role permissions
- ECS related permissions:
Permission name (Action) Permission description ecs: CreateInstance Create ECS instances. ecs: RenewInstance Renew ECS instances. ecs: DescribeRegions Query ECS region information. ecs: DescribeZones Query Zone information. ecs: DescribeImages Query image information. ecs: CreateSecurityGroup Create security groups. ecs: AllocatePublicIpAddress Allocate a public network IP address. ecs: DeleteInstance Delete machine instances. ecs:StartInstance Start machine instances. ecs: StopInstance Stop machine instances. ecs: DescribeInstances Query machine instances. ecs: DescribeDisks Query relevant disk information of the machine. ecs: AuthorizeSecurityGroup Set security group input rules. ecs: AuthorizeSecurityGroupEgress Set security group output rules. ecs: DescribeSecurityGroupAttribute Query the security group details. ecs: DescribeSecurityGroups Query security group list information.
- OSS related permissions
Permission name (Action) Permission description oss: PutObject Upload file or folder objects. oss: GetObject Get file or folder objects. oss: ListObjects Query file list information.