tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Access Management
    Documentation

    Elasticsearch Service

    Last updated: 2024-05-02 09:11:38

      Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

      Product Role Name Role Types Role Entity
      Elasticsearch Service ES_QCSLinkedRoleInAccessCos Service-Related Roles acesscos.es.cloud.tencent.com
      Elasticsearch Service ES_QCSLinkedRoleInDataImport Service-Related Roles dataimport.es.cloud.tencent.com
      Elasticsearch Service ES_QCSLinkedRoleInVpcOperate Service-Related Roles vpcoperate.es.cloud.tencent.com
      Elasticsearch Service ES_QCSLinkedRoleInBeatsCollector Service-Related Roles beatscollector.es.cloud.tencent.com

      ES_QCSLinkedRoleInAccessCos

      Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
      Authorization Polices

      • Policy Name: QcloudAccessForEsLinkedRoleInCosAcess
      • Policy Information:
      {
    "statement": [
        {
            "action": [
                "cos:GetBucket",
                "cos:HeadBucket",
                "cos:GetObject",
                "cos:HeadObject",
                "cos:PutObject",
                "cos:PostObject",
                "cos:InitiateMultipartUpload",
                "cos:ListMultipartUploads",
                "cos:ListParts",
                "cos:UploadPart",
                "cos:CompleteMultipartUpload",
                "cos:DeleteObject",
                "cos:DeleteMultipleObjects"
            ],
            "effect": "allow",
            "resource": "*"
        }
    ],
    "version": "2.0"
}

      ES_QCSLinkedRoleInDataImport

      Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy
      Authorization Polices

      • Policy Name: QcloudAccessForESLinkedRoleInDataImport
      • Policy Information:
      {
    "version": "2.0",
    "statement": [
        {
            "action": [
                "ckafka:DescribeInstancesDetail",
                "ckafka:DescribeInstances",
                "ckafka:CreateTopic",
                "ckafka:DescribeTopicDetail",
                "ckafka:DescribeTopic",
                "ckafka:DescribeRoute",
                "ckafka:CreateDatahubTopic",
                "ckafka:DescribeDatahubTopic",
                "ckafka:CreateConnectResource",
                "ckafka:DescribeConnectResource",
                "ckafka:CreateDatahubTask",
                "ckafka:DescribeDatahubTask",
                "tat:RunCommand",
                "tat:DescribeInvocations",
                "tat:DescribeAutomationAgentStatus",
                "tke:DescribeClusters",
                "tke:DescribeClusterReleases",
                "tke:CreateClusterRelease",
                "tke:UpgradeClusterRelease",
                "tke:UninstallClusterRelease",
                "tke:CancelClusterRelease",
                "ckafka:DeleteDatahubTopic",
                "ckafka:DeleteConnectResource",
                "ckafka:DeleteDatahubTask",
                "ckafka:DeleteDatahubGroup",
                "ckafka:ModifyGroupOffsets",
                "ckafka:ModifyDatahubResource",
                "cvm:DescribeInstances",
                "emr:DescribeClusterLogInfo",
                "emr:NotifyEmr"
            ],
            "resource": "*",
            "effect": "allow"
        }
    ]
}

      ES_QCSLinkedRoleInVpcOperate

      Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
      Authorization Polices

      • Policy Name: QcloudAccessForESLinkedRoleInVpcOperate
      • Policy Information:
      {
    "version": "1.0",
    "statement": [
        {
            "action": [
                "vpc:DescribeVpcEx",
                "vpc:DescribeSubnetEx",
                "vpc:CreateCcn",
                "vpc:AttachCcnInstances",
                "vpc:DeleteCcn",
                "vpc:DetachCcnInstances",
                "vpc:DescribeNetworkInterfaces",
                "vpc:CreateNetworkInterface",
                "vpc:DeleteNetworkInterface",
                "vpc:DescribeVpcTaskResult",
                "vpc:CreateVpcEndPoint",
                "vpc:DescribeVpcEndPoint",
                "vpc:ModifyVpcEndPointAttribute",
                "vpc:DeleteVpcEndPoint",
                "vpc:DisassociateVpcEndPointSecurityGroups",
                "cvm:DescribeSecurityGroups"
            ],
            "resource": "*",
            "effect": "allow"
        }
    ]
}

      ES_QCSLinkedRoleInBeatsCollector

      Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
      Authorization Polices

      • Policy Name: QcloudAccessForESLinkedRoleInBeatsCollector
      • Policy Information:
      {
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "tat:RunCommand",
                "tat:DescribeInvocations",
                "tat:DescribeAutomationAgentStatus",
                "tke:DescribeClusters",
                "tke:DescribeClusterReleases",
                "tke:CreateClusterRelease",
                "tke:UpgradeClusterRelease",
                "tke:UninstallClusterRelease",
                "tke:CancelClusterRelease",
                "cvm:DescribeInstances",
                "emr:DescribeClusterLogInfo",
                "emr:NotifyEmr"
            ],
            "resource": [
                "*"
            ]
        }
    ]
}
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy