This guide walks you through activating Container Compute Service (ACS), assigning the required roles, and enabling associated cloud services so that you can create and manage clusters.
Before you begin
-
An Alibaba Cloud account. RAM users with administrator permissions can assign roles but cannot activate cloud services.
Step 1: Activate ACS
-
Log on to the ACS console. If this is your first time, the activation page appears.
-
Click Activate. On the page that appears, click Buy Now and follow the on-screen instructions to complete Resource Access Management (RAM) role authorization.
Step 2: Assign default roles to ACS
ACS requires default roles to access resources in other cloud services such as Elastic Compute Service (ECS), Object Storage Service (OSS), Apsara File Storage NAS, Cloud Parallel File Storage (CPFS), and Server Load Balancer (SLB). These roles allow ACS to create clusters and store log files.
Use an Alibaba Cloud account or a RAM user with administrator permissions to assign default roles.
-
Log on to the ACS console and click Go to RAM console. On the Cloud Resource Access Authorization page, click Confirm Authorization Policy.
-
After the roles are assigned, log on to the ACS console again to get started.
For more information, see ACS authorization best practices.
Step 3: Activate associated cloud services
Some ACS features depend on other cloud services. Activate these services before you use those features.
Only Alibaba Cloud accounts can activate cloud services. RAM users cannot activate cloud services.
Log on to the Alibaba Cloud website with your Alibaba Cloud account and activate the following services based on your requirements.
Required
These services must be activated for ACS clusters to function.
|
Service |
Description |
|
Creates and manages ACS clusters. |
|
|
Builds networks and routing rules for clusters. |
|
|
Enables load balancing for ACS clusters. |
Recommended
These services support cluster management and application operations.
|
Service |
Description |
|
Provides Internet access for clusters and allows clusters to pull images over the Internet. |
|
|
Manages the security and lifecycle of cloud-native applications. |
|
|
Collects and queries log data from components and applications in ACS clusters. |
|
|
Monitors the status of workloads and applications in ACS clusters. |
|
|
Monitors ACS clusters and generates alerts when exceptions are detected. |
Optional
Activate these services based on your architecture and operations and maintenance (O&M) requirements.
|
Service |
Description |
|
Stores application data in NAS file systems. |
|
|
Stores application data in a CPFS file system. |
|
|
Resolves private domain names in VPCs, including domain names of applications in ACS clusters. |
ACS default roles
The following table describes the default roles assigned to ACS during Step 2. Each role grants ACS access to specific cloud resources.
View all 12 default roles
|
Role |
Description |
|
AliyunServiceRoleForAcc |
Service-linked role. ACS assumes this role to access your resources in ACK, ECS, VPC, SLB, and Application Real-Time Monitoring Service (ARMS) during cluster management. |
|
AliyunCCCSIPluginRole |
ACS assumes this role to access your resources in cloud disks and storage services such as NAS. |
|
AliyunCCCCMServiceRole |
ACS assumes this role to access your resources in load balancing services such as SLB and Application Load Balancer (ALB). |
|
AliyunCCNECRole |
ACS assumes this role to access your resources in network services such as VPC and ECS, and to create and use an elastic IP address (EIP). |
|
AliyunCCKubernetesAuditRole |
ACS assumes this role to access your resources in SLS and to collect and display Kubernetes audit logs. |
|
AliyunCCManagedLogRole |
ACS assumes this role to access your resources in SLS and to collect and display ACS audit logs. |
|
AliyunCCManagedArmsRole |
ACS assumes this role to access your resources in ARMS, collect and display resource metrics, and monitor application performance. |
|
AliyunCCCISDefaultRole |
ACS assumes this role to access your resources in ECS, ACK, VPC, and SLB, and to check the health status of Kubernetes and related components on a regular basis. |
|
AliyunCCManagedAcrRole |
ACS assumes this role to access ACR and obtain a pair of temporary username and password used to start an ACS pod. |
|
AliyunCCForResourceProviderRole |
ACS assumes this role to access the cloud resources required for creating container instances, including SLB, VPC, and vSwitches. |
|
AliyunCCManagedVirtualNodeRole |
ACS assumes this role to access the cloud resources required for creating virtual nodes, including Alibaba Cloud DNS PrivateZone and VPC. |
|
AliyunCCManagedACSBrokerRole |
ACS assumes this role to access the cloud resources required for reporting O&M information, such as the states of container instances. |
What to do next
-
Product introduction -- Learn about ACS concepts and architecture.
-
Build generative conversational applications quickly by using ACS computing power -- Deploy a generative AI application on ACS.
-
Use kubectl to quickly use ACS -- Manage ACS clusters with kubectl.
-
Deploy stateless applications by using NGINX images supported by ACS -- Deploy and monitor a stateless application.