ApsaraDB RDS:Grant DTS permissions to access cloud resources

Prerequisites

Before you begin, make sure that you have:

• An Alibaba Cloud account. If you don't have one, create an Alibaba Cloud account.Create an Alibaba Cloud account

• Access to your Alibaba Cloud account (root account) to perform this authorization.

Policy description

The AliyunDTSRolePolicy policy grants the AliyunDTSDefaultRole role permission to manage the following cloud resources on behalf of DTS: ApsaraDB for RDS, ECS, PolarDB, ApsaraDB for MongoDB, ApsaraDB for Redis, PolarDB-X, DataHub, and Elasticsearch.

For the full policy document, see AliyunDTSRolePolicy.

For background on policy structure and syntax, see Policy structure and syntax.

Method 1 (recommended): Use the authorization shortcut

Log on to Alibaba Cloud using your Alibaba Cloud account and go to the Cloud Resource Access Authorization page. Click Confirm Authorization Policy. When a success message appears, the authorization is complete and you can proceed to create the cluster.

Method 2: Use the RAM console

1. Log on to the Resource Access Management (RAM) console.

2. Optional: In the left-side navigation pane, choose Identities > Roles.

3. In the search box next to Create Role, enter AliyunDTSDefaultRole and click the search icon.

   If the role is not found, use Method 1 instead.

4. Click the role name in the search results.

5. On the Permissions tab, click Precise Permission.

   

6. Optional: In the Precise Permission panel, select System Policy for the Type parameter.

   

7. In the Policy Name field, enter AliyunDTSRolePolicy.

8. Click OK.

9. To verify the authorization, click the icon on the right side of the Permissions tab to refresh the page.

10. Click Close.

What's next

Create a global active database cluster