When you perform specific operations in PolarDB-X 1.0, API operations of ApsaraDB RDS are called. Therefore, before you log on to the PolarDB-X console as a RAM role, you must activate authorization for PolarDB-X 1.0 instances and create a RAM role for PolarDB-X 1.0 instances to access ApsaraDB RDS resources. This topic describes how to activate the authorization in the PolarDB-X console or by calling API operations of Resource Access Management (RAM).

Activate authorization in the PolarDB-X console

  1. Log on to the PolarDB for Xscale console.
  2. In the left-side navigation pane, click Resource Authorization.
  3. On the Cloud Resource Authorization Management page, click Activate Authorization.
    1C
  4. In the dialog box that appears, click Confirm Authorization Policy.
    2c
    Warning When you activate the authorization, a RAM role named AliyunDRDSDefaultRole is created by default in the RAM console. The role is used for PolarDB-X 1.0 instances to access ApsaraDB RDS resources within the corresponding Alibaba Cloud account and call the API operations of ApsaraDB RDS. Do not delete this RAM role. Otherwise, the resources or API operations of ApsaraDB RDS cannot be used in PolarDB-X.

Activate the authorization by calling API operations of RAM

If you cannot access the PolarDB-X console, you can call an API operation to create the required RAM role. The authorization is automatically activated after the role is created.

  • Create a RAM role. In this example, the RAM role is named Jack.
    • Call the CreateRole operation and specify the following parameters to create a RAM role.
      ParameterDescription
      ActionCreateRole
      RoleNameJack
      AssumeRolePolicyDocumentThe trust policy, in the following format:
      {
        "Statement": [
          {
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
              "Service": [
                "drds.aliyuncs.com"
              ]
            }
          }
        ],
        "Version": "1"
      }         
    • Use the SDK for Java to create a RAM role. The following code is a demo:
      // Create a role.
      String rolePolicyDoc = "{\"Statement\":[{\"Action\": \"sts:AssumeRole\", \"Effect\": \"Allow\",\"Principal\":{\"Service\":[\"drds.aliyuncs.com\"]}}],\"Version\": \"1\"}";
      String roleName = "Jack";
      CreateRoleRequest request = new CreateRoleRequest();
      request.setAssumeRolePolicyDocument(rolePolicyDoc);
      client.getAcsResponse(request);
      // Attach a policy to the role.
      AttachPolicyToRoleRequest attachRequest = new AttachPolicyToRoleRequest();
      attachRequest.setPolicyType("System");
      attachRequest.setPolicyName("AliyunDRDSRolePolicy");
      attachRequest.setRoleName("AliyunDRDSDefaultRole");
      client.getAcsResponse(attachRequest);
  • Check whether the role named Jack is created.
    • Call the GetRole operation and specify the following parameters to view the role details.
      ParameterDescription
      ActionCreateRole
      RoleNameJack
    • Use the SDK for Java to view the details of the RAM role. The following code is a demo:
      String roleName = "AliyunDRDSDefaultRole";
      GetRoleRequest request = new GetRoleRequest();
      request.setRoleName(roleName);
      GetRoleResponse resp = client.getAcsResponse(request);
      GetRoleResponse.Role role = resp.getRole();