Jika Anda menggunakan fitur pencadangan dan pemulihan untuk instans ApsaraDB RDS untuk pertama kalinya, Anda harus membuat peran terkait layanan AliyunServiceRoleForDBS untuk Pemulihan Bencana Data. Peran ini memungkinkan Pemulihan Bencana Data mengakses, menanyakan, dan mengelola instans RDS Anda, sehingga memastikan bahwa fitur pencadangan dan pemulihan berfungsi sesuai harapan tanpa memengaruhi kinerja instans RDS.
Prasyarat
Akun Alibaba Cloud telah dibuat. Untuk informasi lebih lanjut, lihat Daftar dengan Alibaba Cloud.
Akun Alibaba Cloud account digunakan untuk membuat peran terkait layanan.
Prosedur
Otorisasi otomatis
Masuk ke Konsol ApsaraDB RDS dan buka halaman Instans. Di bilah navigasi atas, pilih wilayah tempat instans RDS berada. Kemudian, temukan instans RDS dan klik ID instans.
Di panel navigasi di sebelah kiri, klik Backup and Restoration.
Di kotak dialog yang muncul, klik Authorize.
CatatanUntuk informasi lebih lanjut tentang peran AliyunServiceRoleForDBS, lihat AliyunServiceRoleForDBS.
Klik OK.
Peran AliyunServiceRoleForDBS telah dibuat. Untuk informasi lebih lanjut tentang cara menghapus peran tersebut, lihat Hapus peran RAM.
Otorisasi manual
Masuk ke Konsol Resource Access Management (RAM) menggunakan akun Alibaba Cloud.
Di panel navigasi di sebelah kiri, pilih .
Di halaman Policies, klik Create Policy.
Di halaman Create Policy, klik tab JSON.
Masukkan isi kebijakan kustom Anda, lalu klik OK.
CatatanUntuk informasi lebih lanjut tentang isi kebijakan, lihat AliyunServiceRoleForDBS.
Untuk informasi lebih lanjut tentang sintaks dan struktur kebijakan RAM, lihat Struktur dan sintaks kebijakan.
Di kotak dialog Create Policy, konfigurasikan Policy Name dan Description untuk kebijakan tersebut dan klik OK.
AliyunServiceRoleForDBS
Nama peran: AliyunServiceRoleForDBS
Kebijakan yang disambungkan ke peran: AliyunServiceRolePolicyForDBS
Izin:
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:DescribeDBInstanceNetInfo",
"rds:DescribeDBInstanceNetInfoForChannel",
"rds:DescribeTasks",
"rds:DescribeDBInstances",
"rds:DescribeFilesForSQLServer",
"rds:DescribeImportsForSQLServer",
"rds:DescribeSlowLogRecords",
"rds:DescribeBinlogFiles",
"rds:DescribeSQLLogRecords",
"rds:DescribeParameters",
"rds:DescribeParameterTemplates",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeDatabases",
"rds:DescribeAccounts",
"rds:DescribeSecurityIPList",
"rds:DescribeSecurityIps",
"rds:DescribeDBInstanceIPArray",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeDBInstanceSSL",
"rds:DescribeDBInstanceTDE",
"rds:CreateDBInstance",
"rds:CreateAccount",
"rds:CreateDatabase",
"rds:ModifySecurityIps",
"rds:GrantAccountPrivilege",
"rds:CreateMigrateTask",
"rds:CreateOnlineDatabaseTask",
"rds:DescribeMigrateTasks",
"rds:DescribeOssDownloads",
"rds:CreateBackup",
"rds:DescribeBackups",
"rds:DescribeBackupPolicy",
"rds:ModifyBackupPolicy",
"rds:DescribeBackupTasks",
"rds:DescribeBinlogFiles"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeInstance",
"ecs:DescribeInstances",
"ecs:DescribeVpcs",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:JoinSecurityGroup",
"ecs:RevokerSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kms:ListKeys"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:PutEventRule",
"cms:PutEventTargets",
"cms:ListEventRules",
"cms:ListEventTargetsByRule",
"cms:DeleteEventRule",
"cms:DeleteEventTargets"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeDBClusterIPArrayList",
"polardb:DescribeDBClusterNetInfo",
"polardb:DescribeDBClusters",
"polardb:ModifySecurityIps",
"polardb:DescribeDBClusterEndpoints",
"polardb:DescribeDBClusterAccessWhitelist",
"polardb:ModifyDBClusterAccessWhitelist"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeDBInstanceAttribute",
"dds:DescribeReplicaSetRole",
"dds:DescribeSecurityIps",
"dds:DescribeDBInstances",
"dds:ModifySecurityIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeSecurityIps",
"kvstore:DescribeInstances",
"kvstore:DescribeAccounts",
"kvstore:DescribeDBInstanceNetInfo",
"kvstore:CreateAccount",
"kvstore:ModifySecurityIps",
"kvstore:DescribeInstanceAttribute",
"kvstore:AllocateInstancePrivateConnection",
"kvstore:DescribeLogicInstanceTopology"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"drds:DescribeDrdsDB",
"drds:DescribeDrdsDBs",
"drds:DescribeDrdsDbInstance",
"drds:DescribeDrdsDbInstances",
"drds:DescribeDrdsDBIpWhiteList",
"drds:DescribeDrdsInstances",
"drds:ModifyDrdsIpWhiteList",
"drds:CreateDrdsDB",
"drds:DescribeTable",
"drds:DescribeTables",
"drds:ModifyRdsReadWeight",
"drds:ChangeAccountPassword",
"drds:CreateDrdsInstance",
"drds:CreateInstanceAccount",
"drds:CreateInstanceInternetAddress",
"drds:DescribeInstanceAccounts"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"bssapi:QueryResourcePackageInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "hdm:AddHDMInstance",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "dbs.aliyuncs.com"
}
}
}
]
}