You need to enable JavaScript to run this app.
E-MapReduce

E-MapReduce

请输入
  • 文档首页
    • E-MapReduceEMR on VKE 操作指南依赖的产品与授权
复制全文
我的收藏
EMR on VKE 操作指南
依赖的产品与授权
复制全文
我的收藏
依赖的产品与授权

首次开通使用 EMR on VKE 时,您需要根据界面提示完成跨服务访问请求的授权操作,完成授权后,才可以在后续的 EMR 使用过程中访问依赖的其他云产品。本文为您介绍依赖的云产品列表及权限范围。

跨服务访问授权方式

跨服务访问请求的授权基于访问控制(IAM)的角色实现权限管控,该角色将您的云资源权限授予当前云服务,当前服务将通过角色扮演来访问其他云服务资源。具体可参考"访问控制文档"
Image

  • EMR on VKE 的跨服务访问授权的角色名为 EMROnVKERole

依赖的云产品列表与权限范围

依赖的云产品列表

权限范围(权限策略)

策略名:EMROnVKERolePolicy

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "vke:ListNodePools",
        "vke:ListNodes",
        "vke:ForwardKubernetesApi",
        "vke:TagResources",
        "vke:UntagResources",
        "vke:ListClusters",
        "vke:UpdateNodePoolConfig",
        "vke:CreateCluster",
        "vke:DeleteCluster",
        "vke:DeleteNodePool",
        "vke:DeleteNodes",
        "vke:CreateAddon",
        "vke:CreateNodePool",
        "vke:UpdateAddonConfig",
        "vke:DeleteAddon",
        "vke:ListAddons",
        "vke:ListSupportedResourceTypes",
        "vke:ListScalingEvents",
        "vke:ListSupportedImages",
        "vke:UpdateClusterConfig"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "natgateway:DescribeNatGateways"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "ecs:CreateTags",
        "ecs:DescribeInstances",
        "ecs:DeleteTags",
        "ecs:DescribeAvailableResource"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "clb:DescribeLoadBalancers",
        "clb:TagResources"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "tos:ListBuckets",
        "tos:ListBucket",
        "tos:ListObjects",
        "tos:GetBucketTagging",
        "tos:PutBucketTagging",
        "tos:ListObjectsV2",
        "tos:GetObject",
        "tos:GetObjectVersion"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "dbw:DataConnectInstance",
        "dbw:DataCloseSession"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "rds_mysql:UpgradeAllowListVersion",
        "rds_mysql:DescribeDBInstance",
        "rds_mysql:AssociateAllowList",
        "rds_mysql:CreateAllowList",
        "rds_mysql:DescribeAllowLists",
        "rds_mysql:ListDBInstances",
        "rds_mysql:DescribeDBAccounts"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "quota:GetProductQuota",
        "quota:ListProductQuotas"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "storage_ebs:CreateTags",
        "storage_ebs:DeleteTags",
        "storage_ebs:DescribeVolumes",
        "storage_ebs:CalculatePrice",
        "storage_ebs:ServiceDescribeQuotaInfos"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "vpc:TagResources",
        "vpc:DescribeSubnetAttributes",
        "vpc:CreateVpc",
        "vpc:CreateSubnet",
        "vpc:DeleteVpc",
        "vpc:DeleteSubnet",
        "vpc:DescribeSubnets",
        "vpc:DescribeVpcs",
        "vpc:DescribeSecurityGroups",
        "vpc:DescribeEipAddresses",
        "vpc:TagResources",
        "vpc:UntagResources"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "Volc_Observe:GetMetricsData",
        "Volc_Observe:ListAlertGroup"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iam:GetUser",
        "iam:ListUsers",
        "iam:GetUserById"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
最近更新时间:2026.03.20 11:23:25
这个页面对您有帮助吗?
有用
有用
无用
无用