Service-linked role for using EventBridge in DataWorks -

This topic describes the service-linked role that is created when you grant DataWorks permission to use EventBridge.

Background

To subscribe to and consume event messages from DataWorks using EventBridge, you must first grant DataWorks permission to access your EventBridge resources. After you grant the permission, a service-linked role named AliyunServiceRoleForDataWorksOpenPlatform is automatically created in the Resource Access Management (RAM) console. This service-linked role is used by DataWorks Open Platform to access your resources in other Alibaba Cloud services. For more information, see Service-linked roles.

Permissions of AliyunServiceRoleForDataWorksOpenPlatform

Log on to the Resource Access Management (RAM) console. In the navigation pane on the left, choose Identities > Roles.
On the Roles page, enter AliyunServiceRoleForDataWorksOpenPlatform in the search box. The RAM role named AliyunServiceRoleForDataWorksOpenPlatform appears.
Click the role name AliyunServiceRoleForDataWorksOpenPlatform to view its basic information.

On the role details page, click the Permissions tab. On the Permissions tab, you can view the details of the AliyunServiceRolePolicyForDataWorksOpenPlatform access policy granted to the role.

{    
   "Version": "1",    
   "Statement":[        
     {
       "Effect": "Allow",  
       "Action": [
         "eventbridge:GetEventBus",
         "eventbridge:GetRule",
         "eventbridge:CreateEventBus",
         "eventbridge:DeleteEventBus",
         "eventbridge:PutEvents",
         "eventbridge:ListEventBuses"
       ],
       "Resource": "*"

     },
     {
        "Action":"ram:DeleteServiceLinkedRole",
        "Resource":"*",
        "Effect":"Allow",
        "Condition":{
          "StringEquals": {
            "ram:ServiceName": "openplatform.dataworks.aliyuncs.com"
          }
        }  
     }    
   ]   
}

Delete the AliyunServiceRoleForDataWorksOpenPlatform role

Log on to the RAM console. In the navigation pane on the left, choose Identities > Roles.
On the Roles page, enter AliyunServiceRoleForDataWorksOpenPlatform in the search box. The RAM role named AliyunServiceRoleForDataWorksOpenPlatform appears.
In the Actions column, click Delete Role.

FAQ

Why is my Resource Access Management (RAM) user unable to automatically create the AliyunServiceRoleForDataWorksOpenPlatform service-linked role?

To automatically create or delete the AliyunServiceRoleForDataWorksOpenPlatform role, your RAM user must have specific permissions. If a RAM user is unable to automatically create the AliyunServiceRoleForDataWorksOpenPlatform role, grant the following access policy to the RAM user.

{
    "Statement": [
       {
        "Action": [                
                "ram:CreateServiceLinkedRole"
            ],
          "Resource": "acs:ram:*:Alibaba Cloud account ID:role/*",
          "Effect": "Allow",
           "Condition": {
               "StringEquals": {
                    "ram:ServiceName": [
                        "openplatform.dataworks.aliyuncs.com"                
                   ]
                }           
           }
     }
  ],
  "Version": "1"
}

Note

Replace Alibaba Cloud account ID with your Alibaba Cloud account ID.