EMR on ACK runs on Container Service for Kubernetes (ACK) cluster nodes. These nodes use the cluster's Worker RAM role as their identity when calling other Alibaba Cloud services. To let EMR on ACK components access Object Storage Service (OSS) and Data Lake Formation (DLF) without an AccessKey, grant the AliyunOSSFullAccess and AliyunDLFFullAccess system policies to the Worker RAM role.
Prerequisites
Before you begin, ensure that you have:
-
An ACK cluster. For more information, see Create an ACK dedicated cluster (discontinued) or Create an ACK managed cluster
Grant permissions
-
Log on to the ACK console.
-
On the Clusters page, find the target cluster and click Details in the Actions column.
-
On the Basic Information page, go to the Cluster Resources area and click the link next to Worker RAM Role.
-
On the Roles page, click Grant Permission.
-
In the Grant Permission panel, select and add the AliyunOSSFullAccess and AliyunDLFFullAccess system policies.
-
Click Grant permissions.