tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
TDMQ for CKafka
    Documentation
    Download PDF

    Authorization Instructions for Access to CLS and COS Services Through Connectors

    Last updated: 2024-09-09 21:46:31
    Download PDF

      Overview

      When the CKafka connector is used to access services like CLS and COS, users need to grant the connector permissions to access these services under their accounts. If the CKafka sub-account has the CAM policy permissions (QcloudCamRoleFullAccess), select Role Authorization when a CKafka task is created, and the connector will automatically complete the authorization for you. Otherwise, a user with AdministratorAccess need to grant the necessary permissions before a connector task is created through the sub-account.
      

      List of Services Requiring Authorization

      Service Requiring Authorization
      Associated Role
      Required Policy Permission
      Cloud Log Service (CLS)
      Datahub_QcsRole
      QcloudCLSFullAccess
      Cloud Object Storage (COS)
      Datahub_QcsRole
      QcloudCOSFullAccess

      Authorization Steps

      If the sub-account creating the connector task does not have the CAM policy permissions (QcloudCamRoleFullAccess), you may encounter prompts about missing CreateRole or AttachRolePolicy permissions. If your account does not yet have the Datahub_QcsRole role, see Creating Role for authorization instructions. If the account has the Datahub_QcsRole role, see Authorizing Role for authorization instructions.

      Creating a Role

      1. If you encounter a prompt about missing CreateRole policy permissions, a user with AdministratorAccess is required to go to the CAM console, enter the role page, and click Create Role.
      
      2. On the Select Role Entity page, select Tencent Cloud product service:
      
      3. Proceed to the Enter Role Entity Information step, and select **Message Service (ckafka)**:
      
      4. In the Configure Role Policy step, select the policy corresponding to the service that the connector task needs to access. Here, the policies for CLS and COS are selected:
      
      5. In the Configure Role Tag step, you can configure the appropriate tags for the role, but this step can be skipped.
      6. In the Review step, name the role as Datahub_QcsRole:
      
      7. Once the role is successfully created, the sub-account can proceed with creating the corresponding connector tasks.

      Authorize the Role

      1. If you encounter a prompt about missing AttachRolePolicy policy permissions, a user with AdministratorAccess needs to go to the CAM console, enter the role page, and find the role corresponding to the service. Here, the Datahub_QcsRole role is taken as an example.
      
      2. Click the role name to enter the role management details page. In the permissions section, click Associate Policy:
      
      3. Find the policy related to the service you need to authorize. Here, take the CLS service as an example, click Confirm to complete the authorization:
      
      4. Once the role has the permissions to access the respective service, the sub-account can successfully create the corresponding connector tasks.
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy