All Products
Search
Document Center

Container Compute Service:Quick start for first-time ACS users

Last Updated:Dec 25, 2024

When you use Container Compute Service (ACS) for the first time, you must assign default roles to ACS with your Alibaba Cloud account. Only after you assign these roles to ACS, ACS can use resources in other cloud services to create clusters or store log files. These cloud services include Elastic Compute Service (ECS), Object Storage Service (OSS), Apsara File Storage NAS (NAS), Cloud Parallel File Storage (CPFS), and Server Load Balancer (SLB). This topic describes how to assign default roles to ACS and activate the associated cloud services when you use ACS for the first time.

Step 1: Activate ACS

  1. Go to the ACS activation page.

  2. Click Activate. On the page that appears, click Buy Now.

Step 2: Assign default roles to ACS

When you use ACS for the first time, you must assign default roles to ACS with your Alibaba Cloud account.

Note

You can use Alibaba Cloud accounts or Resource Access Management (RAM) users that have administrator permissions to assign default roles to ACS.

  1. Log on to the ACS console and click Go to RAM console. On the Cloud Resource Access Authorization, click Confirm Authorization Policy.

  2. After you assign the RAM roles to ACS, log on to the ACS console again to get started with ACS.

    For more information about the best practices of RAM authorization for ACS, see ACS authorization best practices.

Step 3: Activate the associated cloud services

Some features provided by ACS are reliant on or associated with other cloud services. Therefore, you must activate the cloud services before you can use these features.

Note

You must use your Alibaba Cloud account to activate cloud services. RAM users are not allowed to activate cloud services.

Log on to the Alibaba Cloud official website with your Alibaba Cloud account and activate the following cloud services based on your requirements.

  • Required: the cloud services that you must activate. These services must be activated so that ACS clusters can function as normal.

  • Recommended: the cloud services that we recommend you to activate. You can choose to use these services when you create ACS clusters and manage applications.

  • Optional: the cloud services that you can activate based on your business architecture and O&M requirements.

Service

Service link

Activation

Description

Container Service for Kubernetes (ACK)

https://www.alibabacloud.com/product/kubernetes

Required

This service allows you to create and manage ACS clusters.

Virtual Private Cloud (VPC)

https://www.alibabacloud.com/product/vpc

Required

This service can be used to build networks and create routing rules for clusters.

Server Load Balancer (SLB)

https://www.alibabacloud.com/product/server-load-balancer

Required

This service allows you to enable load balancing for ACK clusters.

NAT Gateway

https://www.alibabacloud.com/product/nat

Recommended

This service enables Internet access for clusters and allows clusters to pull images over the Internet.

Container Registry

https://www.alibabacloud.com/product/container-registry

Recommended

This service ensures the security of cloud-native applications that are fully managed on the cloud and allows you to manage the lifecycle of these applications.

Simple Log Service

https://www.alibabacloud.com/product/log-service

Recommended

This service allows you to collect and query the log data of components and applications in ACS clusters.

CloudMonitor

https://www.alibabacloud.com/product/cloud-monitor

Recommended

This service allows you to monitor the status of nodes and applications in ACS clusters.

Managed Service for Prometheus

https://www.alibabacloud.com/product/prometheus

Recommended

This service allows you to monitor ACS clusters and generate alerts when exceptions are detected.

Apsara File Storage NAS (NAS)

https://www.alibabacloud.com/product/nas

Optional

This service allows you to store application data in NAS file systems.

CPFS

https://www.alibabacloud.com/product/cpfs

Optional

This service allows you to store application data in a CPFS file system.

Alibaba Cloud DNS PrivateZone

https://www.alibabacloud.com/products/private-zone

Optional

This service is intended for resolving private domain names in VPCs. You can use this service to resolve the domain names of applications in ACS clusters.

ACS default roles

Role

Description

AliyunServiceRoleForAcc

This role is a service-linked role. ACS assumes this role to access your resources in other Alibaba Cloud services during cluster management, such as ACK, ECS, VPC, SLB, and Application Real-Time Monitoring Service (ARMS).

AliyunCCCSIPluginRole

By default, an ACS cluster assumes this role to access your resources in cloud disks or in storage services, such as NAS.

AliyunCCCCMServiceRole

By default, an ACS cluster assumes this role to access your resources in load balancing services, such as SLB and Application Load Balancer (ALB).

AliyunCCNECRole

By default, an ACS cluster assumes this role to access your resources in network services, such as VPC and ECS, and create and use an elastic IP address (EIP).

AliyunCCKubernetesAuditRole

By default, an ACS cluster assumes this role to access your resources in Simple Log Service (SLS) and collect and display Kubernetes audit logs.

AliyunCCManagedLogRole

By default, an ACS cluster assumes this role to access your resources in SLS and collect and display ACS audit logs.

AliyunCCManagedArmsRole

By default, an ACS cluster assumes this role to access your resources in ARMS, collect and display various resource metrics of ACS, and monitor application performance.

AliyunCCCISDefaultRole

By default, an ACS cluster assumes this role to access your resources in cloud services, such as ECS, ACK, VPC, and SLB, and check the health status of Kubernetes and related components on a regular basis.

AliyunCCManagedAcrRole

By default, an ACS cluster assumes this role to access Container Registry (ACR) to obtain a pair of temporary username and password that is used to start an ACS pod.

AliyunCCForResourceProviderRole

By default, an ACS cluster assumes this role to access the cloud resources that are required for creating container instances. These cloud resources include SLB, VPC, and vSwitches.

AliyunCCManagedVirtualNodeRole

By default, an ACS cluster assumes this role to access the cloud resources that are required for creating virtual nodes. These cloud resources include Alibaba Cloud DNS PrivateZone and VPC.

AliyunCCManagedACSBrokerRole

By default, an ACS cluster assumes this role to access the cloud resources that are required for reporting O&M information, such as the states of container instances.

References