tencent cloud

Feedback

Elasticsearch Service

Last updated: 2024-11-20 09:38:06

    Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

    Product Role Name Role Types Role Entity
    Elasticsearch Service ES_QCSLinkedRoleInAccessCos Service-Related Roles acesscos.es.cloud.tencent.com
    Elasticsearch Service ES_QCSLinkedRoleInDataImport Service-Related Roles dataimport.es.cloud.tencent.com
    Elasticsearch Service ES_QCSLinkedRoleInLogSyncCls Service-Related Roles logsynccls.es.cloud.tencent.com
    Elasticsearch Service ES_QCSLinkedRoleInVpcOperate Service-Related Roles vpcoperate.es.cloud.tencent.com
    Elasticsearch Service ES_QCSLinkedRoleInBeatsCollector Service-Related Roles beatscollector.es.cloud.tencent.com

    ES_QCSLinkedRoleInAccessCos

    Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForEsLinkedRoleInCosAcess
    • Policy Information:
    {
        "statement": [
            {
                "action": [
                    "cos:GetBucket",
                    "cos:HeadBucket",
                    "cos:GetObject",
                    "cos:HeadObject",
                    "cos:PutObject",
                    "cos:PostObject",
                    "cos:InitiateMultipartUpload",
                    "cos:ListMultipartUploads",
                    "cos:ListParts",
                    "cos:UploadPart",
                    "cos:CompleteMultipartUpload",
                    "cos:DeleteObject",
                    "cos:DeleteMultipleObjects"
                ],
                "effect": "allow",
                "resource": "*"
            }
        ],
        "version": "2.0"
    }
    

    ES_QCSLinkedRoleInDataImport

    Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy
    Authorization Polices

    • Policy Name: QcloudAccessForESLinkedRoleInDataImport
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "action": [
                    "ckafka:DescribeInstancesDetail",
                    "ckafka:DescribeInstances",
                    "ckafka:CreateTopic",
                    "ckafka:DescribeTopicDetail",
                    "ckafka:DescribeTopic",
                    "ckafka:DescribeRoute",
                    "ckafka:CreateDatahubTopic",
                    "ckafka:DescribeDatahubTopic",
                    "ckafka:CreateConnectResource",
                    "ckafka:DescribeConnectResource",
                    "ckafka:CreateDatahubTask",
                    "ckafka:DescribeDatahubTask",
                    "tat:RunCommand",
                    "tat:DescribeInvocations",
                    "tat:DescribeAutomationAgentStatus",
                    "tke:DescribeClusters",
                    "tke:DescribeClusterReleases",
                    "tke:CreateClusterRelease",
                    "tke:UpgradeClusterRelease",
                    "tke:UninstallClusterRelease",
                    "tke:CancelClusterRelease",
                    "ckafka:DeleteDatahubTopic",
                    "ckafka:DeleteConnectResource",
                    "ckafka:DeleteDatahubTask",
                    "ckafka:DeleteDatahubGroup",
                    "ckafka:ModifyGroupOffsets",
                    "ckafka:ModifyDatahubResource",
                    "cvm:DescribeInstances",
                    "emr:DescribeClusterLogInfo",
                    "emr:NotifyEmr"
                ],
                "resource": "*",
                "effect": "allow"
            }
        ]
    }
    

    ES_QCSLinkedRoleInLogSyncCls

    Use Cases: The current role is the Elasticsearch Serivce(ES) service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForESLinkedRoleInLogSyncCls
    • Policy Information:
    {
        "statement": [
            {
                "action": [
                    "cls:ModifyTopic",
                    "emr:AddClusterLogsToCls",
                    "emr:RemoveClusterLogsToCls",
                    "emr:DescribeInstances",
                    "cls:RealtimeProducer"
                ],
                "effect": "allow",
                "resource": "*"
            }
        ],
        "version": "2.0"
    }
    

    ES_QCSLinkedRoleInVpcOperate

    Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForESLinkedRoleInVpcOperate
    • Policy Information:
    {
        "version": "1.0",
        "statement": [
            {
                "action": [
                    "vpc:DescribeVpcEx",
                    "vpc:DescribeSubnetEx",
                    "vpc:CreateCcn",
                    "vpc:AttachCcnInstances",
                    "vpc:DeleteCcn",
                    "vpc:DetachCcnInstances",
                    "vpc:DescribeNetworkInterfaces",
                    "vpc:CreateNetworkInterface",
                    "vpc:DeleteNetworkInterface",
                    "vpc:DescribeVpcTaskResult",
                    "vpc:CreateVpcEndPoint",
                    "vpc:DescribeVpcEndPoint",
                    "vpc:ModifyVpcEndPointAttribute",
                    "vpc:DeleteVpcEndPoint",
                    "vpc:DisassociateVpcEndPointSecurityGroups",
                    "cvm:DescribeSecurityGroups"
                ],
                "resource": "*",
                "effect": "allow"
            }
        ]
    }
    

    ES_QCSLinkedRoleInBeatsCollector

    Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForESLinkedRoleInBeatsCollector
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "tat:RunCommand",
                    "tat:DescribeInvocations",
                    "tat:DescribeAutomationAgentStatus",
                    "tke:DescribeClusters",
                    "tke:DescribeClusterReleases",
                    "tke:CreateClusterRelease",
                    "tke:UpgradeClusterRelease",
                    "tke:UninstallClusterRelease",
                    "tke:CancelClusterRelease",
                    "cvm:DescribeInstances",
                    "emr:DescribeClusterLogInfo",
                    "emr:NotifyEmr"
                ],
                "resource": [
                    "*"
                ]
            }
        ]
    }
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support