When you perform specific operations in PolarDB-X 1.0, API operations of ApsaraDB for RDS are called. Therefore, before you use Resource Access Management (RAM), you must activate the authorization for PolarDB-X 1.0 to access ApsaraDB for RDS and create a RAM role that PolarDB-X 1.0 can use to access ApsaraDB for RDS. This topic describes how to activate authorization in the console and by calling API operations of RAM.
Activate RAM authorization in the console
- Log on to the PolarDB for Xscale console.
- In the left-side navigation pane, click Resource Authorization.
- On the Cloud Resource Authorization Management page, click Activate Authorization.
- In the dialog box that appears, click Confirm Authorization Policy.
Warning When you activate authorization, a RAM role named AliyunDRDSDefaultRole is created by default in the RAM console. PolarDB-X 1.0 uses this RAM role to access the ApsaraDB RDS for MySQL resources of the corresponding account. PolarDB-X 1.0 is also authorized to access API operations of ApsaraDB for RDS. Exercise caution when you delete this RAM role.
Activate RAM authorization by calling API operations of RAM
If you cannot access the console temporarily, you can call the related API operation to create a RAM role. After the RAM role is created, the authorization for PolarDB-X 1.0 to access ApsaraDB RDS for MySQL resources is also activated.
- Create a RAM role named Jack.
- Call the CreateRole operation and specify the following parameters to create a RAM role.
Parameter Description Action CreateRole RoleName Jack AssumeRolePolicyDocument The trust policy, in the following format: { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": [ "drds.aliyuncs.com" ] } } ], "Version": "1" } - Use the SDK for Java to create a RAM role. The following code is a demo:
// Create a role. String rolePolicyDoc = "{\"Statement\":[{\"Action\": \"sts:AssumeRole\", \"Effect\": \"Allow\",\"Principal\":{\"Service\":[\"drds.aliyuncs.com\"]}}],\"Version\": \"1\"}"; String roleName = "Jack"; CreateRoleRequest request = new CreateRoleRequest(); request.setAssumeRolePolicyDocument(rolePolicyDoc); client.getAcsResponse(request); // Grant permissions to the role. AttachPolicyToRoleRequest attachRequest = new AttachPolicyToRoleRequest(); attachRequest.setPolicyType("System"); attachRequest.setPolicyName("AliyunDRDSRolePolicy"); attachRequest.setRoleName("AliyunDRDSDefaultRole"); client.getAcsResponse(attachRequest);
- Call the CreateRole operation and specify the following parameters to create a RAM role.
- Check whether the RAM role named Jack is created.
- Call the GetRole operation and specify the following parameters to query the details of the RAM role.
Parameter Description Action CreateRole RoleName Jack - Use the SDK for Java to query the details of the RAM role. The following code is a demo:
String roleName = "AliyunDRDSDefaultRole"; GetRoleRequest request = new GetRoleRequest(); request.setRoleName(roleName); GetRoleResponse resp = client.getAcsResponse(request); GetRoleResponse.Role role = resp.getRole();
- Call the GetRole operation and specify the following parameters to query the details of the RAM role.