Saat pertama kali menggunakan E-MapReduce (EMR) Workbench Workflow, pastikan akun Alibaba Cloud Anda memiliki peran default. Topik ini menjelaskan cara menetapkan peran default ke akun Alibaba Cloud dan kebijakan yang terkait dengan peran tersebut.
Batasan
Saat pertama kali menggunakan EMR Workbench Workflow, pastikan akun Alibaba Cloud Anda telah diberi peran RAM default dengan izin pada EMR Workbench Workflow. Jika tidak, akun Alibaba Cloud Anda dan pengguna RAM di dalamnya tidak dapat menggunakan EMR Workbench Workflow.
Jika Anda ingin menghapus peran default, pastikan sumber daya yang menggunakan peran tersebut telah dilepaskan. Jika tidak, penggunaan EMR Workbench Workflow akan terpengaruh.
Prosedur
null
Saat pertama kali menggunakan EMR Workbench Workflow, gunakan akun Alibaba Cloud Anda untuk menyelesaikan penugasan peran berikut. Tidak perlu mengonfigurasi izin secara manual. Setelah itu, Anda tidak perlu mengulangi operasi penugasan peran saat menggunakan EMR lagi.
Masuk ke Konsol EMR menggunakan akun Alibaba Cloud Anda.
Di panel navigasi sebelah kiri, pilih EMR Workbench > Workflow.
Buka halaman Dependency Check, temukan item pemeriksaan yang diinginkan, lalu klik Authorize Now di kolom Tindakan.
Di halaman yang muncul, klik Agree to Authorization.
Setelah penugasan peran, EMR Workbench Workflow dapat mengakses sumber daya cloud Anda.
Kebijakan
AliyunEMRWorkflowDefaultRole
Kebijakan AliyunEMRWorkflowDefaultRolePolicy dilampirkan pada peran AliyunEMRWorkflowDefaultRole. Kode berikut menunjukkan isi kebijakan:
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVSwitches",
"vpc:CreateRouteTable",
"vpc:DeleteRouteTable",
"vpc:UnassociateRouteTable",
"vpc:AssociateRouteTable",
"vpc:DescribeRouteTableList",
"vpc:CreateRouteEntry",
"vpc:DeleteRouteEntry",
"vpc:DescribeRouteEntryList",
"emr:ListClusterHost",
"emr:DescribeCluster",
"emr:DescribeClusterV2",
"emr:ListClusters",
"emr:DescribeFlowAgentToken",
"emr:ListClusterServiceQuickLink",
"emr:DescribeClusterServiceConfig",
"emr:ListClusterHostComponent",
"emr:DescribeClusterServiceConfig",
"emr:GetClusterClientMeta",
"emr:ListApplicationConfigFiles",
"emr:GetApplicationConfigFile",
"emr:ListNodeGroups",
"emr:ListNodes",
"emr:ListClusterTemplates",
"emr:DescribeClusterTemplate",
"emr:DescribeFlowProject",
"emr:ListFlow",
"emr:DescribeFlow",
"emr:DescribeFlowJob",
"emr:ListFlowJob",
"emr:ListFlowProject",
"emr:ListFlowCategory",
"emr:DescribeFlowVariableCollection",
"dlf:BatchCreatePartitions",
"dlf:BatchCreateTables",
"dlf:BatchDeletePartitions",
"dlf:BatchDeleteTables",
"dlf:BatchGetPartitions",
"dlf:BatchGetTables",
"dlf:BatchUpdatePartitions",
"dlf:BatchUpdateTables",
"dlf:CreateDatabase",
"dlf:CreateFunction",
"dlf:CreatePartition",
"dlf:CreateTable",
"dlf:DeleteDatabase",
"dlf:DeleteFunction",
"dlf:DeletePartition",
"dlf:DeleteTable",
"dlf:GetDatabase",
"dlf:GetFunction",
"dlf:GetPartition",
"dlf:GetTable",
"dlf:ListCatalogs",
"dlf:ListDatabases",
"dlf:ListFunctionNames",
"dlf:ListFunctions",
"dlf:ListPartitionNames",
"dlf:ListPartitions",
"dlf:ListPartitionsByExpr",
"dlf:ListPartitionsByFilter",
"dlf:ListTableNames",
"dlf:ListTables",
"dlf:RenamePartition",
"dlf:RenameTable",
"dlf:UpdateDatabase",
"dlf:UpdateFunction",
"dlf:UpdateTable",
"dlf:UpdateTableColumnStatistics",
"dlf:GetTableColumnStatistics",
"dlf:DeleteTableColumnStatistics",
"dlf:UpdatePartitionColumnStatistics",
"dlf:GetPartitionColumnStatistics",
"dlf:DeletePartitionColumnStatistics",
"dlf:BatchGetPartitionColumnStatistics",
"dlf:CreateLock",
"dlf:UnLock",
"dlf:AbortLock",
"dlf:RefreshLock",
"dlf:GetLock",
"dlf:GetAsyncTaskStatus"
],
"Resource": "*",
"Effect": "Allow"
}
]
}AliyunStreamAsiDefaultRole
Kebijakan AliyunStreamAsiDefaultRolePolicy dilampirkan pada peran AliyunStreamAsiDefaultrole yang bergantung pada layanan Flink yang sepenuhnya dikelola. Kode berikut menunjukkan isi kebijakan:
{
"Version": "1",
"Statement": [
{
"Action": [
"oss:ListBuckets",
"oss:GetBucketInfo",
"oss:GetObjectMetadata",
"oss:GetObject",
"oss:ListObjects",
"oss:PutObject",
"oss:CopyObject",
"oss:CompleteMultipartUpload",
"oss:AbortMultipartUpload",
"oss:InitiateMultipartUpload",
"oss:UploadPartCopy",
"oss:UploadPart",
"oss:DeleteObject",
"oss:PutBucketcors",
"oss:GetBucketCors"
],
"Resource": "acs:oss:*:*:*",
"Effect": "Allow"
},
{
"Action": [
"ecs:AssociateEipAddress",
"ecs:AttachNetworkInterface",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:CreateNetworkInterface",
"ecs:CreateNetworkInterfacePermission",
"ecs:CreateSecurityGroup",
"ecs:DeleteNetworkInterface",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DeleteSecurityGroup",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroupReferences",
"ecs:DescribeSecurityGroups",
"ecs:DetachNetworkInterface",
"ecs:JoinSecurityGroup",
"ecs:LeaveSecurityGroup",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:ModifySecurityGroupAttribute",
"ecs:ModifySecurityGroupPolicy",
"ecs:ModifySecurityGroupPolicy",
"ecs:ModifySecurityGroupRule",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:UnassociateEipAddress"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"slb:AddBackendServers",
"slb:AddListenerWhiteListItem",
"slb:AddTags",
"slb:AddVServerGroupBackendServers",
"slb:CreateLoadBalancer",
"slb:CreateLoadBalancerHTTPListener",
"slb:CreateLoadBalancerHTTPSListener",
"slb:CreateLoadBalancerTCPListener",
"slb:CreateLoadBalancerUDPListener",
"slb:CreateRules",
"slb:CreateVServerGroup",
"slb:DeleteLoadBalancer",
"slb:DeleteLoadBalancerListener",
"slb:DeleteRules",
"slb:DeleteVServerGroup",
"slb:DescribeHealthStatus",
"slb:DescribeListenerAccessControlAttribute",
"slb:DescribeLoadBalancerAttribute",
"slb:DescribeLoadBalancerHTTPListenerAttribute",
"slb:DescribeLoadBalancerHTTPListenerAttributes",
"slb:DescribeLoadBalancerHTTPSListenerAttribute",
"slb:DescribeLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerUDPListenerAttribute",
"slb:DescribeLoadBalancers",
"slb:DescribeRegions",
"slb:DescribeRules",
"slb:DescribeTags",
"slb:DescribeVServerGroupAttribute",
"slb:DescribeVServerGroups",
"slb:ModifyLoadBalancerInstanceSpec",
"slb:ModifyLoadBalancerInternetSpec",
"slb:ModifyLoadBalancerInstanceChargeType",
"slb:ModifyLoadBalancerPayType",
"slb:RemoveBackendServers",
"slb:RemoveListenerWhiteListItem",
"slb:RemoveVServerGroupBackendServers",
"slb:SetBackendServers",
"slb:SetListenerAccessControlStatus",
"slb:SetLoadBalancerHTTPListenerAttribute",
"slb:SetLoadBalancerHTTPSListenerAttribute",
"slb:SetLoadBalancerName",
"slb:SetLoadBalancerStatus",
"slb:SetLoadBalancerTCPListenerAttribute",
"slb:SetLoadBalancerUDPListenerAttribute",
"slb:SetRule",
"slb:SetServerCertificateName",
"slb:SetVServerGroupAttribute",
"slb:StartLoadBalancerListener",
"slb:StopLoadBalancerListener",
"slb:SetLoadBalancerDeleteProtection",
"slb:RemoveTags",
"slb:DescribeLoadBalancerListeners",
"slb:ModifyVServerGroupBackendServers",
"slb:SetLoadBalancerModificationProtection",
"slb:CreateLoadBalancerForCloudService"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"arms:ListDashboards",
"arms:CreateContact",
"arms:DeleteContact",
"arms:SearchContact",
"arms:UpdateContact",
"arms:CreateContactGroup",
"arms:DeleteContactGroup",
"arms:SearchContactGroup",
"arms:UpdateContactGroup",
"arms:SearchAlertRules",
"arms:CreateAlertRules",
"arms:UpdateAlertRules",
"arms:DeleteAlertRules",
"arms:StartAlertRule",
"arms:StopAlertRule",
"arms:SearchAlarmHistories",
"arms:OpenArmsService",
"arms:CreateWehook",
"arms:UpdateWebhook",
"arms:CreateDispatchRule",
"arms:ListDispatchRule",
"arms:DeleteDispatchRule",
"arms:UpdateDispatchRule",
"arms:DescribeDispatchRule",
"arms:GetAlarmHistories",
"arms:SendCustomIncidents",
"arms:SaveAlert",
"arms:DeleteAlert",
"arms:GetAlert"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcAttribute",
"vpc:DescribeVpcs",
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVSwitches",
"vpc:DescribeRouteTableList",
"vpc:DescribeRouteTables",
"vpc:DescribeRouteEntryList",
"vpc:DescribeRouterInterfaceAttribute",
"vpc:DescribeRouterInterfaces",
"vpc:DescribeVRouters",
"vpc:ModifyBypassToaAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ims:ListUserBasicInfos"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"tag:ListTagResources",
"tag:ListTagKeys",
"tag:ListTagValues"
],
"Resource": "*",
"Effect": "Allow"
}
]
}