In a minor version later than E-MapReduce (EMR) V3.32.0 or EMR V4.5.0 and EMR 5.X series, MetaService is replaced with the Elastic Compute Service (ECS) application role AliyunECSInstanceForEMRRole. This role is automatically assigned to each ECS instance in your EMR cluster when you create or scale out the cluster. Applications that run on your EMR cluster use this role to access other Alibaba Cloud resources without an AccessKey pair. This avoids the disclosure of the AccessKey pair in a configuration file.
Prerequisites
This role is authorized. For more information, see Assign roles to an Alibaba Cloud account.
Permissions
The role AliyunECSInstanceForEMRRole is configured with the policy AliyunECSInstanceForEMRRolePolicy. The following table describes permissions related to Object Storage Service (OSS) and Data Lake Formation (DLF) in this role.
Permission (Action) | Description |
oss:GetObject | Uploads a file or folder. |
oss:ListObjects | Queries a file or folder. |
oss:PutObject | Queries files. |
oss:DeleteObject | Deletes a file. |
oss:ListBuckets | Queries buckets. |
oss:AbortMultipartUpload | Terminates a multipart upload event. |
oss:ListMultipartUploads | Queries all ongoing multipart upload events. |
oss:RestoreObject | Restores an Archive or Cold Archive object. |
oss:GetBucketInfo | Queries the information about a bucket. |
oss:ListObjectVersions | Queries the versions of all objects in a bucket, including delete markers. |
oss:DeleteObjectVersion | Deletes a specific version of an object. |
oss:PostDataLakeStorageFileOperation | Accesses OSS-HDFS. |
ots:CreateTable | Creates a table based on the specified table schema. |
ots:DeleteTable | Deletes a specific table from the current instance. |
ots:GetRow | Reads data in a single row based on a specific primary key. |
ots:PutRow | Inserts data into a specific row. |
ots:UpdateRow | Updates data in a specific row. |
ots:DeleteRow | Deletes a row of data. |
ots:GetRange | Reads data within a specific value range of the primary key. |
ots:BatchWriteRow | Inserts, modifies, or deletes multiple rows of data from one or more tables at a time. |
ots:BatchGetRow | Reads multiple rows of data from one or more tables at a time. |
ots:ComputeSplitPointsBySize | Logically splits data in a table into several shards whose sizes are close to the specified size, and returns the split points between the shards and the prompt about hosts where the partitions reside. |
ots:StartLocalTransaction | Creates a local transaction based on a specified partition key value and queries the ID of the local transaction. |
ots:CommitTransaction | Commits a local transaction. |
ots:AbortTransaction | Aborts a local transaction. |
dlf:BatchCreatePartitions | Creates multiple partitions at a time. |
dlf:BatchCreateTables | Creates multiple tables at a time. |
dlf:BatchDeletePartitions | Deletes multiple partitions at a time. |
dlf:BatchDeleteTables | Deletes multiple tables at a time. |
dlf:BatchGetPartitions | Queries information about multiple partitions at a time. |
dlf:BatchGetTables | Queries information about multiple tables at a time. |
dlf:BatchUpdatePartitions | Updates multiple partitions at a time. |
dlf:BatchUpdateTables | Updates multiple tables at a time. |
dlf:CreateDatabase | Creates a database. |
dlf:CreateFunction | Creates a function. |
dlf:CreatePartition | Creates a partition. |
dlf:CreateTable | Create a table. |
dlf:DeleteDatabase | Deletes a database. |
dlf:DeleteFunction | Deletes a function. |
dlf:DeletePartition | Deletes a partition. |
dlf:DeleteTable | Deletes a table. |
dlf:GetDatabase | Queries information about a database. |
dlf:GetFunction | Queries information about a function. |
dlf:GetPartition | Queries information about a partition. |
dlf:GetTable | Queries information about a table. |
dlf:ListCatalogs | Queries catalogs. |
dlf:ListDatabases | Queries databases. |
dlf:ListFunctionNames | Queries the names of the functions. |
dlf:ListFunctions | Queries functions. |
dlf:ListPartitionNames | Queries the names of the partitions. |
dlf:ListPartitions | Queries partitions. |
dlf:ListPartitionsByExpr | Queries metadata table partitions by conditions. |
dlf:ListPartitionsByFilter | Queries metadata table partitions by conditions. |
dlf:ListTableNames | Queries the names of tables. |
dlf:ListTables | Queries tables. |
dlf:RenamePartition | Renames a partition. |
dlf:RenameTable | Renames a table. |
dlf:UpdateDatabase | Updates a database. |
dlf:UpdateFunction | Updates a function. |
dlf:UpdateTable | Updates a table. |
dlf:UpdateTableColumnStatistics | Updates the statistics of a metadata table. |
dlf:GetTableColumnStatistics | Queries the statistics of a metadata table. |
dlf:DeleteTableColumnStatistics | Deletes the statistics of a metadata table. |
dlf:UpdatePartitionColumnStatistics | Updates the statistics of a partition. |
dlf:GetPartitionColumnStatistics | Queries the statistics of a partition. |
dlf:DeletePartitionColumnStatistics | Deletes the statistics of a partition. |
dlf:BatchGetPartitionColumnStatistics | Queries the statistics of multiple partitions at a time. |
dlf:CreateLock | Creates a metadata lock. |
dlf:UnLock | Unlocks a specific metadata lock. |
dlf:AbortLock | Aborts a metadata lock. |
dlf:RefreshLock | Refreshes a metadata lock. |
dlf:GetLock | Queries information about a metadata lock. |
dlf:GetAsyncTaskStatus | Queries the status of an asynchronous task. |
dlf:DeltaGetPermissions | Queries permissions. |
dlf:GetPermissions | Queries information about data permissions. |
dlf:GetServiceInfo | Queries information about a service. |
dlf:GetRoles | Queries information about roles in data permissions. |
dlf:CheckPermissions | Verifies data permissions. |
Modify or delete the AliyunECSInstanceForEMRRole role with caution. Otherwise, your cluster fails to be created or jobs fail to be run.
Use the ECS application role to obtain an STS temporary credential
You can use a Security Token Service (STS) temporary credential to access other Alibaba Cloud services within your account. For more information, see Use instance RAM roles to access other Alibaba Cloud resources.