When you use Container Compute Service (ACS) for the first time, you must assign default roles to ACS with your Alibaba Cloud account. Only after you assign these roles to ACS, ACS can use resources in other cloud services to create clusters or store log files. These cloud services include Elastic Compute Service (ECS), Object Storage Service (OSS), Apsara File Storage NAS (NAS), Cloud Parallel File Storage (CPFS), and Server Load Balancer (SLB). This topic describes how to assign default roles to ACS and activate the associated cloud services when you use ACS for the first time.
Step 1: Activate ACS
Go to the ACS activation page.
Click Activate. On the page that appears, click Buy Now.
Step 2: Assign default roles to ACS
When you use ACS for the first time, you must assign default roles to ACS with your Alibaba Cloud account.
You can use Alibaba Cloud accounts or Resource Access Management (RAM) users that have administrator permissions to assign default roles to ACS.
Log on to the ACS console and click Go to RAM console. On the Cloud Resource Access Authorization, click Confirm Authorization Policy.
After you assign the RAM roles to ACS, log on to the ACS console again to get started with ACS.
For more information about the best practices of RAM authorization for ACS, see ACS authorization best practices.
Step 3: Activate the associated cloud services
Some features provided by ACS are reliant on or associated with other cloud services. Therefore, you must activate the cloud services before you can use these features.
You must use your Alibaba Cloud account to activate cloud services. RAM users are not allowed to activate cloud services.
Log on to the Alibaba Cloud official website with your Alibaba Cloud account and activate the following cloud services based on your requirements.
Required: the cloud services that you must activate. These services must be activated so that ACS clusters can function as normal.
Recommended: the cloud services that we recommend you to activate. You can choose to use these services when you create ACS clusters and manage applications.
Optional: the cloud services that you can activate based on your business architecture and O&M requirements.
Service | Service link | Activation | Description |
Container Service for Kubernetes (ACK) | Required | This service allows you to create and manage ACS clusters. | |
Virtual Private Cloud (VPC) | Required | This service can be used to build networks and create routing rules for clusters. | |
Server Load Balancer (SLB) | Required | This service allows you to enable load balancing for ACK clusters. | |
NAT Gateway | Recommended | This service enables Internet access for clusters and allows clusters to pull images over the Internet. | |
Container Registry | Recommended | This service ensures the security of cloud-native applications that are fully managed on the cloud and allows you to manage the lifecycle of these applications. | |
Simple Log Service | Recommended | This service allows you to collect and query the log data of components and applications in ACS clusters. | |
CloudMonitor | Recommended | This service allows you to monitor the status of nodes and applications in ACS clusters. | |
Managed Service for Prometheus | Recommended | This service allows you to monitor ACS clusters and generate alerts when exceptions are detected. | |
Apsara File Storage NAS (NAS) | Optional | This service allows you to store application data in NAS file systems. | |
CPFS | Optional | This service allows you to store application data in a CPFS file system. | |
Alibaba Cloud DNS PrivateZone | Optional | This service is intended for resolving private domain names in VPCs. You can use this service to resolve the domain names of applications in ACS clusters. |
ACS default roles
Role | Description |
AliyunServiceRoleForAcc | This role is a service-linked role. ACS assumes this role to access your resources in other Alibaba Cloud services during cluster management, such as ACK, ECS, VPC, SLB, and Application Real-Time Monitoring Service (ARMS). |
AliyunCCCSIPluginRole | By default, an ACS cluster assumes this role to access your resources in cloud disks or in storage services, such as NAS. |
AliyunCCCCMServiceRole | By default, an ACS cluster assumes this role to access your resources in load balancing services, such as SLB and Application Load Balancer (ALB). |
AliyunCCNECRole | By default, an ACS cluster assumes this role to access your resources in network services, such as VPC and ECS, and create and use an elastic IP address (EIP). |
AliyunCCKubernetesAuditRole | By default, an ACS cluster assumes this role to access your resources in Simple Log Service (SLS) and collect and display Kubernetes audit logs. |
AliyunCCManagedLogRole | By default, an ACS cluster assumes this role to access your resources in SLS and collect and display ACS audit logs. |
AliyunCCManagedArmsRole | By default, an ACS cluster assumes this role to access your resources in ARMS, collect and display various resource metrics of ACS, and monitor application performance. |
AliyunCCCISDefaultRole | By default, an ACS cluster assumes this role to access your resources in cloud services, such as ECS, ACK, VPC, and SLB, and check the health status of Kubernetes and related components on a regular basis. |
AliyunCCManagedAcrRole | By default, an ACS cluster assumes this role to access Container Registry (ACR) to obtain a pair of temporary username and password that is used to start an ACS pod. |
AliyunCCForResourceProviderRole | By default, an ACS cluster assumes this role to access the cloud resources that are required for creating container instances. These cloud resources include SLB, VPC, and vSwitches. |
AliyunCCManagedVirtualNodeRole | By default, an ACS cluster assumes this role to access the cloud resources that are required for creating virtual nodes. These cloud resources include Alibaba Cloud DNS PrivateZone and VPC. |
AliyunCCManagedACSBrokerRole | By default, an ACS cluster assumes this role to access the cloud resources that are required for reporting O&M information, such as the states of container instances. |
References
For more information about ACS, see Product introduction.
You can quickly deploy and monitor applications in an ACS cluster. For more information, see Build generative conversational applications quickly by using ACS computing power, Use kubectl to quickly use ACS, and Deploy stateless applications by using NGINX images supported by ACS.