Layanan Alibaba Cloud mungkin perlu mengakses layanan lainnya untuk mengimplementasikan fitur tertentu. Dalam hal ini, layanan tersebut harus menggunakan peran terkait layanan untuk mengakses layanan lainnya. Peran terkait layanan adalah Peran RAM (Resource Access Management). Untuk menggunakan semua fitur yang disediakan oleh Distributed Cloud Container Platform for Kubernetes (ACK One), Anda harus menetapkan peran terkait layanan yang diperlukan ke ACK One. Topik ini menjelaskan peran terkait layanan untuk ACK One dan izin yang terkait.
Cara menetapkan peran terkait layanan
Jika ini pertama kalinya Anda menggunakan ACK One, selesaikan otorisasi dengan akun Alibaba Cloud atau administrator akun RAM.
Anda tidak perlu membuat peran terkait layanan secara manual. Saat pertama kali membuka Konsol ACK One, sistem akan meminta Anda untuk menyelesaikan otorisasi terlebih dahulu. Ikuti petunjuk di layar untuk menyelesaikan proses otorisasi.
Penting Hanya akun Alibaba Cloud dan administrator akun RAM yang dapat menyelesaikan otorisasi peran. Pengguna RAM biasa tidak memiliki izin untuk melakukan operasi ini. Jika sistem memberi tahu bahwa Anda tidak memiliki izin, gunakan akun Alibaba Cloud atau administrator akun RAM.
Peran terkait layanan untuk ACK One
Nama Peran | Izin |
AliyunCSDefaultRole | ACK One dapat mengasumsikan peran ini untuk mengakses sumber daya cloud Anda selama pengelolaan kluster, seperti sumber daya dalam Elastic Compute Service (ECS), Virtual Private Cloud (VPC), Server Load Balancer (SLB), Resource Orchestration Service (ROS), dan Auto Scaling. Untuk menggunakan fitur yang disediakan oleh ACK One, peran ini diperlukan.
|
AliyunServiceRoleForAdcp | ACK One dapat mengasumsikan peran ini untuk mengakses sumber daya cloud Anda selama pengelolaan kluster, seperti sumber daya dalam ECS, VPC, dan SLB. Untuk menggunakan fitur yang disediakan oleh ACK One, peran ini diperlukan.
|
AliyunAdcpServerlessKubernetesRole | Instans fleet dan kluster Kubernetes untuk alur kerja Argo terdistribusi ACK One mengasumsikan peran ini untuk mengakses sumber daya cloud dalam VPC, ECS, Alibaba Cloud DNS PrivateZone, Elastic Container Instance, dan Simple Log Service. Untuk menggunakan fitur yang disediakan oleh ACK One, peran ini diperlukan.
|
AliyunAdcpManagedMseRole | Instans fleet ACK One mengasumsikan peran ini untuk mengakses sumber daya dalam Microservices Engine (MSE). Peran ini diperlukan saat Anda menggunakan gateway multi-kluster. Peran ini tidak memengaruhi penggunaan fitur lainnya.
|
AliyunCSManagedKubernetesRole | Instans fleet ACK One mengasumsikan peran ini untuk mengakses sumber daya dalam ACK Anda. |
AliyunCSManagedLogRole | Komponen logging ACK One mengasumsikan peran ini untuk mengakses sumber daya Anda dalam layanan Alibaba Cloud lainnya. |
AliyunCSManagedCmsRole | Komponen Content Management System (CMS) ACK One mengasumsikan peran ini untuk mengakses sumber daya Anda dalam layanan Alibaba Cloud lainnya. |
AliyunCSManagedArmsRole | Plugin Application Real-Time Monitoring Service (ARMS) ACK One mengasumsikan peran ini untuk mengakses sumber daya Anda dalam layanan Alibaba Cloud lainnya. |
Izin peran terkait layanan
AliyunServiceRoleForAdcp
Izin terkait ECS
ecs:CreateSecurityGroup
ecs:CreateSecurityGroupPermissions
ecs:DeleteSecurityGroup
ecs:DescribeAccountAttributes
ecs:DescribeSecurityGroups
ecs:AuthorizeSecurityGroup
ecs:RevokeSecurityGroup
ecs:AuthorizeSecurityGroupEgress
ecs:RevokeSecurityGroupEgress
ecs:DescribeNetworkInterfaces
ecs:DescribeZones
Izin terkait VPC
vpc:DescribeVpcAttribute
vpc:DescribeVSwitchAttributes
vpc:AllocateEipAddress
vpc:AssociateEipAddress
vpc:UnassociateEipAddress
vpc:ReleaseEipAddress
vpc:DescribeEipAddresses
vpc:TagResources
vpc:DeletionProtection
vpc:DescribeRouteTableList
vpc:CreateRouteEntry
vpc:DeleteRouteEntry
vpc:AcceptVpcPeerConnection
vpc:GetVpcPeerConnectionAttribute
vpc:DescribeVSwitches
vpc:DescribeVpcs
Izin terkait SLB
slb:DescribeLoadBalancerAttribute
slb:CreateLoadBalancer
slb:DeleteLoadBalancer
slb:StartLoadBalancerListener
slb:StopLoadBalancerListener
slb:CreateLoadBalancerTCPListener
slb:CreateLoadBalancerHTTPListener
slb:DeleteLoadBalancerListener
slb:AddTags
slb:RemoveTags
slb:SetLoadBalancerDeleteProtection
slb:SetLoadBalancerModificationProtection
slb:DescribeZones
slb:CreateAccessControlList
slb:DescribeAccessControlLists
slb:AddAccessControlListEntry
slb:RemoveAccessControlListEntry
slb:SetLoadBalancerTCPListenerAttribute
Izin Terkait ASM
servicemesh:CreateServiceMesh
servicemesh:DeleteServiceMesh
servicemesh:DescribeServiceMeshDetail
servicemesh:DescribeServiceMeshes
servicemesh:DescribeServiceMeshKubeconfig
servicemesh:DescribeServiceMeshLogs
servicemesh:ModifyServiceMesh
servicemesh:ModifyServiceMeshName
servicemesh:DescribeClustersInServiceMesh
servicemesh:AddClusterIntoServiceMesh
servicemesh:RemoveClusterFromServiceMesh
servicemesh:UpdateMeshFeature
servicemesh:DescribeRegions
servicemesh:DescribeServiceMeshUpgradeStatus
servicemesh:DescribeVersions
servicemesh:RevokeKubeconfig
servicemesh:UpdateServiceMeshOwner
AliyunAdcpServerlessKubernetesRole
Izin Terkait ECS
ecs:DescribeSecurityGroups
ecs:CreateNetworkInterface
ecs:CreateNetworkInterfacePermission
ecs:DescribeNetworkInterfaces
ecs:AttachNetworkInterface
ecs:DetachNetworkInterface
ecs:DeleteNetworkInterface
ecs:DeleteNetworkInterfacePermission
Izin Terkait ARMS
arms:GetManagedPrometheusStatus
arms:InstallManagedPrometheus
arms:UninstallManagedPrometheus
Izin Terkait Alibaba Cloud DNS PrivateZone
Izin Terkait Elastic Container Instance
eci:CreateContainerGroup
eci:DeleteContainerGroup
eci:DescribeContainerGroups
eci:DescribeContainerGroupStatus
eci:DescribeContainerGroupEvents
eci:DescribeContainerLog
eci:UpdateContainerGroup
eci:UpdateContainerGroupByTemplate
eci:CreateContainerGroupFromTemplate
eci:RestartContainerGroup
eci:ExportContainerGroupTemplate
eci:DescribeContainerGroupMetric
eci:DescribeMultiContainerGroupMetric
eci:ResizeContainerGroupVolume
eci:ExecContainerCommand
eci:CreateImageCache
eci:DescribeImageCaches
eci:DeleteImageCache
Izin Terkait Simple Log Service
Izin Terkait RAM
ram:CreateServiceLinkedRole
AliyunAdcpManagedMseRole
Izin Terkait MSE
mse:AddBlackWhiteList
mse:AddGateway
mse:AddServiceSource
mse:CreateApplication
mse:DeleteGateway
mse:DeleteServiceSource
mse:GetBlackWhiteList
mse:GetGateway
mse:GetGatewayDetail
mse:GetGatewayOption
mse:ListServiceSource
mse:ListTagResources
mse:ModifyLosslessRule
mse:TagResources
mse:UntagResources
mse:UpdateBlackWhiteList
mse:UpdateGatewayOption
mse:UpdateServiceSource
Izin Terkait Simple Log Service
log:CloseProductDataCollection
log:OpenProductDataCollection
log:GetProductDataCollection
Izin Terkait RAM
ram:CreateServiceLinkedRole
AliyunCSManagedKubernetesRole
Izin Terkait ECS
ecs:Describe*
ecs:CreateRouteEntry
ecs:DeleteRouteEntry
ecs:CreateNetworkInterface
ecs:DeleteNetworkInterface
ecs:CreateNetworkInterfacePermission
ecs:DeleteNetworkInterfacePermission
ecs:ModifyInstanceAttribute
ecs:AttachKeyPair
ecs:StopInstance
ecs:StartInstance
ecs:ReplaceSystemDisk
Izin Terkait SLB
slb:Describe*
slb:CreateLoadBalancer
slb:DeleteLoadBalancer
slb:ModifyLoadBalancerInternetSpec
slb:RemoveBackendServers
slb:AddBackendServers
slb:RemoveTags
slb:AddTags
slb:TagResources
slb:UnTagResources
slb:ListTagResources
slb:StopLoadBalancerListener
slb:StartLoadBalancerListener
slb:SetLoadBalancerHTTPListenerAttribute
slb:SetLoadBalancerHTTPSListenerAttribute
slb:SetLoadBalancerTCPListenerAttribute
slb:SetLoadBalancerUDPListenerAttribute
slb:CreateLoadBalancerHTTPSListener
slb:CreateLoadBalancerHTTPListener
slb:CreateLoadBalancerTCPListener
slb:CreateLoadBalancerUDPListener
slb:DeleteLoadBalancerListener
slb:CreateVServerGroup
slb:DescribeVServerGroups
slb:DeleteVServerGroup
slb:SetVServerGroupAttribute
slb:DescribeVServerGroupAttribute
slb:ModifyVServerGroupBackendServers
slb:AddVServerGroupBackendServers
slb:ModifyLoadBalancerInstanceSpec
slb:ModifyLoadBalancerInternetSpec
slb:SetLoadBalancerModificationProtection
slb:SetLoadBalancerDeleteProtection
slb:SetLoadBalancerName
slb:ModifyLoadBalancerInstanceChargeType
slb:RemoveVServerGroupBackendServers
Izin Terkait VPC
vpc:Describe*
vpc:DeleteRouteEntry
vpc:CreateRouteEntry
Izin Terkait Simple Log Service
log:CreateProject
log:GetProject
log:GetProductDataCollection
log:OpenProductDataCollection
log:CloseProductDataCollection
log:GetLogStoreHistogram
log:AnalyzeProductLog
log:CreateIndex
log:UpdateIndex
log:DeleteIndex
log:CreateLogStore
log:UpdateLogStore
log:DeleteLogStore
log:CreateDashboard
log:UpdateDashboard
log:DeleteDashboard
log:SetGeneralDataAccessConfig
Izin Terkait ALB
alb:EnableLoadBalancerIpv6Internet
alb:DisableLoadBalancerIpv6Internet
alb:CreateAcl
alb:DeleteAcl
alb:ListAcls
alb:ListAclRelations
alb:AddEntriesToAcl
alb:AssociateAclsWithListener
alb:ListAclEntries
alb:RemoveEntriesFromAcl
alb:DissociateAclsFromListener
alb:TagResources
alb:UnTagResources
alb:ListServerGroups
alb:ListServerGroupServers
alb:AddServersToServerGroup
alb:RemoveServersFromServerGroup
alb:ReplaceServersInServerGroup
alb:CreateLoadBalancer
alb:DeleteLoadBalancer
alb:UpdateLoadBalancerAttribute
alb:UpdateLoadBalancerEdition
alb:EnableLoadBalancerAccessLog
alb:DisableLoadBalancerAccessLog
alb:EnableDeletionProtection
alb:DisableDeletionProtection
alb:ListLoadBalancers
alb:GetLoadBalancerAttribute
alb:ListListeners
alb:CreateListener
alb:GetListenerAttribute
alb:UpdateListenerAttribute
alb:ListListenerCertificates
alb:AssociateAdditionalCertificatesWithListener
alb:DissociateAdditionalCertificatesFromListener
alb:DeleteListener
alb:CreateRule
alb:DeleteRule
alb:UpdateRuleAttribute
alb:CreateRules
alb:UpdateRulesAttribute
alb:DeleteRules
alb:ListRules
alb:UpdateListenerLogConfig
alb:CreateServerGroup
alb:DeleteServerGroup
alb:UpdateServerGroupAttribute
alb:UpdateLoadBalancerAddressTypeConfig
alb:AttachCommonBandwidthPackageToLoadBalancer
alb:DetachCommonBandwidthPackageFromLoadBalancer
alb:UpdateServerGroupServersAttribute
alb:MoveResourceGroup
alb:ListAScripts
alb:CreateAScripts
alb:UpdateAScripts
alb:DeleteAScripts
alb:LoadBalancerJoinSecurityGroup
alb:LoadBalancerLeaveSecurityGroup
alb:DescribeZones
Izin Terkait NLB
nlb:TagResources
nlb:UnTagResources
nlb:ListTagResources
nlb:CreateLoadBalancer
nlb:DeleteLoadBalancer
nlb:GetLoadBalancerAttribute
nlb:ListLoadBalancers
nlb:UpdateLoadBalancerAttribute
nlb:UpdateLoadBalancerAddressTypeConfig
nlb:UpdateLoadBalancerZones
nlb:CreateListener
nlb:DeleteListener
nlb:ListListeners
nlb:UpdateListenerAttribute
nlb:StopListener
nlb:StartListener
nlb:GetListenerAttribute
nlb:GetListenerHealthStatus
nlb:CreateServerGroup
nlb:DeleteServerGroup
nlb:UpdateServerGroupAttribute
nlb:AddServersToServerGroup
nlb:RemoveServersFromServerGroup
nlb:UpdateServerGroupServersAttribute
nlb:ListServerGroups
nlb:ListServerGroupServers
nlb:LoadBalancerLeaveSecurityGroup
nlb:LoadBalancerJoinSecurityGroup
nlb:DisableLoadBalancerIpv6Internet
nlb:EnableLoadBalancerIpv6Internet
nlb:UpdateLoadBalancerProtection
nlb:AttachCommonBandwidthPackageToLoadBalancer
nlb:DetachCommonBandwidthPackageFromLoadBalancer
nlb:GetJobStatus
Izin Terkait ACR
cr:Get*
cr:List*
cr:PullRepository
AliyunCSManagedLogRole
Izin Terkait Simple Log Service
log:CreateProject
log:GetProject
log:DeleteProject
log:CreateLogStore
log:GetLogStore
log:UpdateLogStore
log:DeleteLogStore
log:CreateConfig
log:UpdateConfig
log:GetConfig
log:DeleteConfig
log:CreateMachineGroup
log:UpdateMachineGroup
log:GetMachineGroup
log:DeleteMachineGroup
log:ApplyConfigToGroup
log:GetAppliedMachineGroups
log:GetAppliedConfigs
log:RemoveConfigFromMachineGroup
log:RemoveConfigFromGroup
log:CreateIndex
log:GetIndex
log:UpdateIndex
log:DeleteIndex
log:CreateSavedSearch
log:GetSavedSearch
log:UpdateSavedSearch
log:DeleteSavedSearch
log:CreateDashboard
log:GetDashboard
log:UpdateDashboard
log:DeleteDashboard
log:CreateJob
log:GetJob
log:DeleteJob
log:UpdateJob
log:PostLogStoreLogs
log:CreateSortedSubStore
log:GetSortedSubStore
log:ListSortedSubStore
log:UpdateSortedSubStore
log:DeleteSortedSubStore
log:CreateApp
log:UpdateApp
log:GetApp
log:DeleteApp
log:GetLogStoreLogs
log:TagResources
log:ListJobs
log:ListTagResources
log:UntagResources
log:CreateResourceRecord
log:UpdateResourceRecord
log:UpsertResourceRecord
log:GetResourceRecord
log:DeleteResourceRecord
log:ListResourceRecords
log:ListResources
log:GetResource
log:PutLogs
log:UpdateLogStoreMeteringMode
log:GetLogStoreMeteringMode
log:CreateLogtailPipelineConfig
log:DeleteLogtailPipelineConfig
log:GetLogtailPipelineConfig
log:UpdateLogtailPipelineConfig
log:ListLogtailPipelineConfig
log:CreateSubStore
cs:UpdateContactGroup
cs:DescribeTemplates
cs:DescribeTemplateAttribute
eventbridge:PutEvents
AliyunCSManagedCmsRole
Izin Terkait CMS
cms:DescribeMonitorGroups
cms:DescribeMonitorGroupInstances
cms:CreateMonitorGroup
cms:DeleteMonitorGroup
cms:ModifyMonitorGroupInstances
cms:CreateMonitorGroupInstances
cms:DeleteMonitorGroupInstances
cms:TaskConfigCreate
cms:TaskConfigList
cms:DescribeMetricList
cms:QueryMetricList
cms:CreateDynamicTagGroup
cms:PutGroupMetricRule
cms:DescribeMetricRuleList
cms:DeleteMetricRules
cs:DescribeMonitorToken
ahas:GetSentinelAppSumMetric
log:GetLogStoreLogs
slb:DescribeMetricList
sls:GetLogs
sls:PutLogs
AliyunCSManagedArmsRole
Izin Terkait ARMS
arms:CMonitorCloudInstances
arms:CMonitorRegister
arms:ConfigAgentLabel
arms:CreateAlertRules
arms:CreateAlertTemplate
arms:CreateApp
arms:CreateContact
arms:CreateContactGroup
arms:CreateDispatchRule
arms:CreateOrUpdateIMRobot
arms:CreateOrUpdateWebhookContact
arms:CreateProm
arms:CreatePrometheusAlertRule
arms:DeleteAlert
arms:DeleteAlertContact
arms:DeleteAlertContactGroup
arms:DeleteAlertRules
arms:DeleteAlertTemplate
arms:DeleteApp
arms:DeleteContact
arms:DeleteContactGroup
arms:DeleteContactLink
arms:DeleteContactMember
arms:DeleteDispatchRule
arms:DeleteIMRobot
arms:DeletePrometheusAlertRule
arms:DeleteWebhookContact
arms:DescribeDispatchRule
arms:DescribeIMRobots
arms:DescribePrometheusAlertRule
arms:DescribeWebhookContacts
arms:DisableAlertTemplate
arms:EnableAlertTemplate
arms:GetAlarmHistories
arms:GetAlert
arms:GetAlertEvents
arms:GetAlertRules
arms:GetAlertRulesByPage
arms:GetAssumeRoleCredentials
arms:GetCommercialStatus
arms:InstallEventer
arms:InstallManagedPrometheus
arms:ListActivatedAlerts
arms:ListAlertTemplates
arms:ListDashboards
arms:ListDispatchRule
arms:ListEscalationPolicies
arms:ListOnCallSchedules
arms:ListPrometheusAlertRules
arms:ListPrometheusAlertTemplates
arms:QueryAlarmHistory
arms:QueryAlarmName
arms:SaveAlert
arms:SaveContactGroup
arms:SaveContactMember
arms:SaveTraceAppConfig
arms:SearchAlarmHistories
arms:SearchAlertRules
arms:SearchContact
arms:SearchContactGroup
arms:SearchEvents
arms:SendTTSVerifyLink
arms:StartAlert
arms:StartAlertRule
arms:StopAlert
arms:StopAlertRule
arms:UninstallManagedPrometheus
arms:UpdateAlertRules
arms:UpdateAlertTemplate
arms:UpdateContact
arms:UpdateContactGroup
arms:UpdateContactMember
arms:UpdateDispatchRule
arms:UpdatePrometheusAlertRule
arms:UpgradeAddonRelease
arms:CheckServiceStatus
arms:GetClusterAllUrl
arms:GetClusterInfoForArms
arms:GetExploreUrl
arms:GetIntegrationState
arms:GetManagedPrometheusStatus
arms:ListAlertEvents
arms:QueryMetric
arms:QueryPromInstallStatus
arms:SearchAlertContactGroup
arms:SearchAlertHistories
arms:CreateAlertContact
arms:CreateAlertContactGroup
arms:ImportCustomAlertRules
arms:SearchAlertContact
arms:UpdateAlertContact
arms:UpdateAlertContactGroup
arms:UpdateAlertRule
arms:UpdateWebhook
arms:InnerFetchContactGroupByArmsContactGroupId
xtrace:GetToken
arms:ListEnvironments
arms:DescribeAddonRelease
arms:InstallAddon
arms:DeleteAddonRelease
arms:ListEnvironmentDashboards
arms:ListAddonReleases
arms:CreateEnvironment
arms:InitEnvironment
arms:DescribeEnvironment
arms:InstallEnvironmentFeature
arms:ListEnvironmentFeatures
arms:UpdateEnvironment
arms:GetPrometheusInstance
arms:GetPrometheusApiToken
Izin Terkait Simple Log Service