All Products
Search

This Product

    ApsaraDB RDS:Authorize DTS to access cloud resources

    Document Center

    ApsaraDB RDS:Authorize DTS to access cloud resources

    Last Updated:Aug 26, 2025

    If this is the first time you use a global active database cluster for your ApsaraDB RDS for MySQL instance, you must create a default role named AliyunDTSDefaultRole and attach the AliyunDTSRolePolicy policy to the role. This ensures that the global active database cluster can be used as expected and does not affect the performance of your RDS instance.

    Note

    If you use an Alibaba Cloud account to log on to the Resource Access Management (RAM) console and identify that the required permissions is granted to the account, skip operations in this topic and create a global active database cluster. For more information, see Create a global active database cluster.

    Prerequisites

    • An Alibaba Cloud account is created. For more information, see Create an Alibaba Cloud account.

    • Your Alibaba Cloud account is used to authorize DTS to access cloud resources.

    Policy description

    The AliyunDTSRolePolicy policy is used to grant permissions to the default role AliyunDTSDefaultRole. These permissions allow DTS to manage multiple cloud resources such as ApsaraDB for RDS, ECS, PolarDB, ApsaraDB for MongoDB, ApsaraDB for Redis, PolarDB-X, DataHub, and Elasticsearch. For more information, see AliyunDTSRolePolicy.

    Note

    For more information about policies, see Policy structure and syntax.

    Method 1 (recommend): Use a shortcut to RAM to perform the authorization

    Use your Alibaba Cloud account to access the Cloud Resource Access Authorization page and click Confirm Authorization Policy. If a message indicating that the authorization is successful is displayed, the authorization is complete.

    Method 2: Use the RAM console to perform the authorization

    1. Find the default role.

      1. Log on to the RAM console.

      2. Optional: In the left-side navigation pane, choose Identities > Roles.

      3. In the text box next to Create Role, enter AliyunDTSDefaultRole, and click the search icon.

        Note

        If the role AliyunDTSDefaultRole is not found, we recommend that you use Method 1 of this topic for authorization.

    2. Click the role name in the search results.

    3. Grant the required permissions to the RAM role.

      1. On the Permissions tab, click Precise Permission.

        image

      2. Optional. In the Precise Permission panel, select System Policy for the Type parameter.

        4-1

      3. In the Policy Name field, enter AliyunDTSRolePolicy.

      4. Click OK.

        To verify the authorization, click the image icon on the right side of the Permissions tab to refresh the page.

    4. After the required permissions are granted, click Close.

    What to do next

    Create a global active database cluster