All Products
Search
Document Center

Authorize the DTS service account

Last Updated: May 08, 2018

If you use DTS for the first time, you need to assign the system default role AliyunDTSDefaultRole to the DTS service account, so that DTS can access your RDS, ECS, and other cloud resources for subsequent data transmission.

Role definition

The AliyunDTSDefaultRole role includes the permissions to access users’ RDS, ECS, and Datahub APIs. The permisions allow DTS to transfer data and are defined as follows:

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Action": [
  6. "rds:Describe*",
  7. "rds:CreateDBInstance",
  8. "rds:CreateAccont",
  9. "rds:CreateDataBase",
  10. "rds:ModifySecrityIps",
  11. "rds:GrantAccountPrivilege"
  12. ],
  13. "Resource": "*",
  14. "Effect": "Allow"
  15. },
  16. {
  17. "Action": [
  18. "ecs:DescribeInstances",
  19. "ecs:DescribeSecurityGroup",
  20. "ecs:JoinSecurityGroup",
  21. "ecs:RevokerSecurityGroup"
  22. ],
  23. "Resource": "*",
  24. "Effect": "Allow"
  25. },
  26. {
  27. "Action": "dhs:*",
  28. "Effect": "Allow",
  29. "Resource": "*"
  30. }
  31. ]
  32. }

You can also view the permission definition of this role on the Role Management page of the RAM console. Do not modify the permission definition. Otherwise, data transmission task configurations may fail.

Authorization procedure

  1. Log on to the DTS Console.

    If you log on to the DTS console for the first time and have not assigned the AliyunDTSDefaultRole role to the DTS service account, DTS displays the following message.

    prompt

  2. Click Go to RAM Role Authorization.

    agree

  3. Click Agree to Authorize to assign the service role to the DTS service account.

    Now you can start using DTS to create and manage data transmission tasks.