本文为您介绍实时计算的角色授权操作,包括自动化角色授予流程、重新初始化流程和常见问题。

您开通实时计算服务时,需要先为实时计算的服务账号,授予系统默认角色AliyunStreamDefaultRole

说明 仅当AliyunStreamDefaultRole被正确授予后,实时计算才能正常地调用相关服务(例如RDS)。

当前角色授权信息查看

  1. 登录RAM角色管理
  2. RAM角色管理页面底部的RAM角色名称列中单击AliyunStreamDefaultRole
  3. AliyunStreamDefaultRole页面中单击权限管理 > AliyunStreamRolePolicy
  4. 策略内容页签内查看实时计算当前策略信息,如下所示。
    {
      "Version": "1",
      "Statement": [
        {
          "Action": [
            "ots:List*",
            "ots:DescribeTable",
            "ots:Get*",
            "ots:*Row"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "dhs:Create*",
            "dhs:List*",
            "dhs:Get*",
            "dhs:PutRecords",
            "dhs:DeleteTopic"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "log:List*",
            "log:Get*",
            "log:Post*"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "mns:List*",
            "mns:Get*",
            "mns:Send*",
            "mns:Publish*",
            "mns:Subscribe"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "drds:DescribeDrdsInstance",
            "drds:ModifyDrdsIpWhiteList"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "rds:Describe*",
            "rds:ModifySecurityIps*"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "vpc:DescribeVpcs",
            "vpc:DescribeVSwitches"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "ecs:CreateSecurityGroup",
            "ecs:AuthorizeSecurityGroup",
            "ecs:CreateNetworkInterface",
            "ecs:DescribeNetworkInterfaces",
            "ecs:AttachNetworkInterface",
            "ecs:DescribeNetworkInterfacePermissions",
            "ecs:CreateNetworkInterfacePermission"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": "oss:*",
          "Resource": "*",
          "Effect": "Allow"
        }
      ]
    }