Regular service roles are a type of RAM role that authorizes Alibaba Cloud services to access each other securely. This guide provides a step-by-step approach to creating and managing a regular service role for Alibaba Cloud Elasticsearch to upload plug-ins or dictionary files from your Object Storage Service (OSS) securely.
A regular service role in Alibaba Cloud is a RAM role authorized to act on behalf of other Alibaba Cloud services. This role ensures seamless and secure integration between two Alibaba Cloud services without changing public read permissions.
If the regular service role does not exist when you upload a dictionary via an OSS URL, you must create this role and attach the required policy.
1)Trusted Service Name: elasticsearch.aliyuncs.com
2)Role Name: AliyunElasticsearchAccessingOSSRole
3)Policy Name: AliyunElasticsearchAccessingOSSRolePolicy
1{
2 "Version": "1",
3 "Statement": [
4 {
5 "Action": [
6 "oss:GetObject",
7 "oss:GetObjectMetadata",
8 "oss:GetObjectMeta"
9 ],
10 "Resource": "*",
11 "Effect": "Allow"
12 }
13 ]
14}Log in to the RAM console and attach the above policy to the AliyunElasticsearchAccessingOSSRole. This enables Elasticsearch to assume this role to access files in the OSS URL and update dictionaries based on the file, ensuring data security.
To create more secure and granulated permissions, you can create a custom RAM policy and attach it to the regular service role.
1{
2 "Version": "1",
3 "Statement": [
4 {
5 "Action": [
6 "oss:GetObject",
7 "oss:GetObjectMetadata",
8 "oss:GetObjectMeta"
9 ],
10 "Resource": [
11 "acs:oss:*:193248xxxxxxx:*"
12 ],
13 "Effect": "Allow",
14 "Condition": {
15 "StringEquals": {
16 "oss:BucketTag/key1":"value1"
17 }
18 }
19 }
20 ]
21}To manage permissions efficiently, you can add tags to buckets and control access based on these tags.
1)Log on to the OSS console.
2)In the left-side navigation pane, click Buckets. Find and click the desired bucket.
3)Choose Bucket Settings > Bucket Tagging from the left-side navigation tree.
4)On the Bucket Tagging page, click Create Tag and add the desired tag to the bucket.
To upload a dictionary file from OSS:
1)Log in to the Elasticsearch console.
2)Use the OSS URL of the file to upload the plug-in or dictionary file.
If you need to delete the regular service role, you can do so in the RAM console. Note that after deletion, features depending on this role will cease to function.
For more detailed information, visit RAM role overview and Alibaba Cloud Elasticsearch.
A: For Elasticsearch clusters using the cloud-native control architecture, only the regular service role for Elasticsearch can enable the clusters to read dictionary files stored in OSS. You must complete the authorization on the authorization page. This role is necessary for scenarios such as updating OSS-based synonym dictionaries, standard rolling updates of IK dictionaries, and dictionary updating for the analysis-aliws plug-in.
Using regular service roles ensures secure and efficient integration between Alibaba Cloud Elasticsearch and OSS, allowing you to upload and manage dictionary files seamlessly without compromising on data security.
Ready to start your journey with Elasticsearch on Alibaba Cloud? Explore our tailored Cloud solutions and services to take the first step towards transforming your data into a visual masterpiece.
Simplified Cluster Management in Alibaba Cloud Elasticsearch: A Guide to Resource-based Permissions
Data Geek - July 4, 2024
Data Geek - June 18, 2024
Data Geek - July 2, 2024
Alibaba Clouder - December 30, 2020
Alibaba Clouder - September 26, 2019
Data Geek - April 25, 2024
Alibaba Cloud Elasticsearch
Alibaba Cloud Elasticsearch helps users easy to build AI-powered search applications seamlessly integrated with large language models, and featuring for the enterprise: robust access control, security monitoring, and automatic updates.
Learn More
Data Security on the Cloud Solution
This solution helps you easily build a robust data security framework to safeguard your data assets throughout the data security lifecycle with ensured confidentiality, integrity, and availability of your data.
Learn More
Security Solution
Alibaba Cloud is committed to safeguarding the cloud security for every business.
Learn More
Cloud Hardware Security Module (HSM)
Industry-standard hardware security modules (HSMs) deployed on Alibaba Cloud.
Learn MoreMore Posts by Data Geek
