Elasticsearch Service
Last updated: 2025-12-04 09:16:32
Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.
| Product | Role Name | Role Types | Role Entity |
|---|---|---|---|
| Elasticsearch Service | ES_QCSLinkedRoleInAuthCos | Service-Related Roles | authcos.es.cloud.tencent.com |
| Elasticsearch Service | ES_QCSLinkedRoleInAccessCos | Service-Related Roles | acesscos.es.cloud.tencent.com |
| Elasticsearch Service | ES_QCSLinkedRoleInDataImport | Service-Related Roles | dataimport.es.cloud.tencent.com |
| Elasticsearch Service | ES_QCSLinkedRoleInLogSyncCls | Service-Related Roles | logsynccls.es.cloud.tencent.com |
| Elasticsearch Service | ES_QCSLinkedRoleInVpcOperate | Service-Related Roles | vpcoperate.es.cloud.tencent.com |
| Elasticsearch Service | ES_QCSLinkedRoleInBeatsCollector | Service-Related Roles | beatscollector.es.cloud.tencent.com |
ES_QCSLinkedRoleInAuthCos
Use Cases: Get the role that accesses the user's cos data
Authorization Polices
- Policy Name: QcloudAccessForESLinkedRoleInAuthCos
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cos:List*", "cos:Get*", "cos:Head*", "cos:OptionsObject" ], "resource": "*" } ] }
ES_QCSLinkedRoleInAccessCos
Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForEsLinkedRoleInCosAcess
- Policy Information:
{ "statement": [ { "action": [ "cos:GetBucket", "cos:HeadBucket", "cos:GetObject", "cos:HeadObject", "cos:PutObject", "cos:PostObject", "cos:InitiateMultipartUpload", "cos:ListMultipartUploads", "cos:ListParts", "cos:UploadPart", "cos:CompleteMultipartUpload", "cos:DeleteObject", "cos:DeleteMultipleObjects" ], "effect": "allow", "resource": "*" } ], "version": "2.0" }
ES_QCSLinkedRoleInDataImport
Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy
Authorization Polices
- Policy Name: QcloudAccessForESLinkedRoleInDataImport
- Policy Information:
{ "version": "2.0", "statement": [ { "action": [ "ckafka:DescribeInstancesDetail", "ckafka:DescribeInstances", "ckafka:CreateTopic", "ckafka:DescribeTopicDetail", "ckafka:DescribeTopic", "ckafka:DescribeRoute", "ckafka:CreateDatahubTopic", "ckafka:DescribeDatahubTopic", "ckafka:CreateConnectResource", "ckafka:DescribeConnectResource", "ckafka:CreateDatahubTask", "ckafka:DescribeDatahubTask", "tat:RunCommand", "tat:DescribeInvocations", "tat:DescribeAutomationAgentStatus", "tke:DescribeClusters", "tke:DescribeClusterReleases", "tke:CreateClusterRelease", "tke:UpgradeClusterRelease", "tke:UninstallClusterRelease", "tke:CancelClusterRelease", "ckafka:DeleteDatahubTopic", "ckafka:DeleteConnectResource", "ckafka:DeleteDatahubTask", "ckafka:DeleteDatahubGroup", "ckafka:ModifyGroupOffsets", "ckafka:ModifyDatahubResource", "cvm:DescribeInstances", "emr:DescribeClusterLogInfo", "emr:NotifyEmr" ], "resource": "*", "effect": "allow" } ] }
ES_QCSLinkedRoleInLogSyncCls
Use Cases: The current role is the Elasticsearch Serivce(ES) service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForESLinkedRoleInLogSyncCls
- Policy Information:
{ "statement": [ { "action": [ "cls:ModifyTopic", "emr:AddClusterLogsToCls", "emr:RemoveClusterLogsToCls", "emr:DescribeInstances", "cls:RealtimeProducer" ], "effect": "allow", "resource": "*" } ], "version": "2.0" }
ES_QCSLinkedRoleInVpcOperate
Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForESLinkedRoleInVpcOperate
- Policy Information:
{ "version": "1.0", "statement": [ { "action": [ "vpc:DescribeVpcEx", "vpc:DescribeSubnetEx", "vpc:CreateCcn", "vpc:AttachCcnInstances", "vpc:DeleteCcn", "vpc:DetachCcnInstances", "vpc:DescribeNetworkInterfaces", "vpc:CreateNetworkInterface", "vpc:DeleteNetworkInterface", "vpc:DescribeVpcTaskResult", "vpc:CreateVpcEndPoint", "vpc:DescribeVpcEndPoint", "vpc:ModifyVpcEndPointAttribute", "vpc:DeleteVpcEndPoint", "vpc:DisassociateVpcEndPointSecurityGroups", "cvm:DescribeSecurityGroups" ], "resource": "*", "effect": "allow" } ] }
ES_QCSLinkedRoleInBeatsCollector
Use Cases: The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForESLinkedRoleInBeatsCollector
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "tat:RunCommand", "tat:DescribeInvocations", "tat:DescribeAutomationAgentStatus", "tke:DescribeClusters", "tke:DescribeClusterReleases", "tke:CreateClusterRelease", "tke:UpgradeClusterRelease", "tke:UninstallClusterRelease", "tke:CancelClusterRelease", "cvm:DescribeInstances", "emr:DescribeClusterLogInfo", "emr:NotifyEmr" ], "resource": [ "*" ] } ] }
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback