All Products
Search

This Product

    OpenSearch:AliyunServiceRoleForOpenSearch

    Document Center

    OpenSearch:AliyunServiceRoleForOpenSearch

    Last Updated:Mar 08, 2023

    AliyunServiceRoleForOpenSearch is the RAM role that is linked to OpenSearch Industry Algorithm Edition. This topic describes the scenarios of the RAM role and shows you how to delete the RAM role.

    Background information

    To use an OpenSearch Industry Algorithm Edition feature, access to other cloud services may be required. To this end, Alibaba Cloud provides the AliyunServiceRoleForOpenSearch role that allows OpenSearch to access other cloud services. For more information, see Service-linked roles.

    Scenarios

    To configure data sources in OpenSearch Industry Algorithm Edition, you must be granted permissions to access the resources of ApsaraDB RDS, PolarDB, or Distributed Relational Database Service (DRDS) data sources. In this case, the AliyunServiceRoleForOpenSearch role can be used to obtain permissions to access the data sources.

    Description

    Role name: AliyunServiceRoleForOpenSearch. Role policy: AliyunServiceRolePolicyForOpenSearch. Sample authorization policy:

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "rds:DescribeDBInstanceAttribute",
                "rds:DescribeDBInstances",
                "rds:DescribeDatabases",
                "rds:DescribeDBInstanceIPArrayList",
                "rds:DescribeAccounts",
                "rds:DescribeAbnormalDBInstances",
                "rds:ModifySecurityIps",
                "rds:DescribeResourceUsage"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "polardb:DescribeDBClusterAttribute",
                "polardb:DescribeDBClusterEndpoints",
                "polardb:ModifyDBClusterAccessWhitelist",
                "polardb:DescribeDBClusterAccessWhitelist",
                "polardb:DescribeDBClusterParameters"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "drds:DescribeDrdsInstance",
                "drds:ModifyDrdsIpWhiteList",
                "drds:DescribeDrdsDBIpWhiteList",
                "drds:DescribeRdsList",
                "drds:DescribeDrdsDB"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "dts:ConfigureSubscriptionInstance",
                "dts:CreateConsumerGroup",
                "dts:StartSubscriptionInstance",
                "dts:DescribeSubscriptionInstanceStatus",
                "dts:DescribeConsumerGroup",
                "dts:DeleteConsumerGroup"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "opensearch.aliyuncs.com"
                }
            }
        }
    ]
}

    Delete the AliyunServiceRoleForOpenSearch role

    If you need to delete the AliyunServiceRoleForOpenSearch role, you must release the application that is associated with this RAM role. For more information about how to delete a service-linked role, see the Delete a service-linked role section of the "Service-linked roles" topic.