E-MapReduce (EMR) service roles allow you to use EMR to access other Alibaba Cloud services when you configure resources or perform service-level operations on your EMR cluster. For example, the AliyunEMRDefaultRole service role can be used to create an Elastic Compute Service (ECS) instance when you start an EMR cluster. This topic describes the EMR service roles AliyunEMRDefaultRole and AliyunEMRManagedCostRole and the policies of the roles.
Usage notes
- The name of the EMR service role cannot be changed.
- Do not delete or modify system policies of this role in the RAM console.
Service roles and policies
AliyunEMRDefaultRole
Action | Description |
ecs:CreateInstance | Creates an ECS instance. |
ecs:RunInstances | Creates and starts multiple ECS instances at the same time. |
ecs:RenewInstance | Renews an ECS instance. |
ecs:DescribeRegions | Queries the region information about an ECS instance. |
ecs:DescribeZones | Queries the zone information about an ECS instance. |
ecs:DescribeImages | Queries the image information about an ECS instance. |
ecs:CreateSecurityGroup | Creates a security group. |
ecs:AllocatePublicIpAddress | Assigns a public IP address to an ECS instance. |
ecs:DeleteInstance | Deletes an ECS instance. |
ecs:StartInstance | Starts an ECS instance. |
ecs:StopInstance | Stops an ECS instance. |
ecs:DescribeInstances | Queries ECS instances. |
ecs:DescribeDisks | Queries the disk information about an ECS instance. |
ecs:AuthorizeSecurityGroup | Specifies inbound rules for a security group. |
ecs:AuthorizeSecurityGroupEgress | Specifies outbound rules for a security group. |
ecs:DescribeSecurityGroupAttribute | Queries the details of a security group. |
ecs:DescribeSecurityGroups | Queries security groups. |
ecs:DescribeInstanceHistoryEvents | Queries the system events of an ECS instance. |
ecs:DescribeInstancesFullStatus | Queries the full status information about one or more ECS instances. |
ecs:DescribeDisksFullStatus | Queries the full status information about one or more Elastic Block Storage (EBS) devices. |
ecs:ModifyInstanceChargeType | Changes the billing method of one or more ECS instances. |
ecs:ModifyPrepayInstanceSpec | Upgrades the instance type of a subscription ECS instance. |
ecs:DescribeResourcesModification | Queries available resources within a specific zone when you upgrade instance types or replace system disks. |
ecs:DescribeAvailableResource | Queries resources within a specific zone. |
ecs:DescribeBandwidthLimitation | Queries the maximum public bandwidth that you can purchase or upgrade to for different instance types. |
ecs:CreateNetworkInterface | Creates an elastic network interface (ENI). |
ecs:DeleteNetworkInterface | Deletes an ENI. |
ecs:DescribeNetworkInterfaces | Queries the details of one or more ENIs. |
ecs:CreateNetworkInterfacePermission | Grants permissions to create an ENI. |
ecs:DescribeNetworkInterfacePermissions | Queries permissions on an ENI. |
ecs:DeleteNetworkInterfacePermission | Grants permissions to delete an ENI. |
ecs:DescribeKeyPairs | Queries one or more key pairs. |
ecs:DescribePrice | Queries the most recent prices of ECS resources. |
ecs:RebootInstance | Restarts an ECS instance that is in the Running state. |
ecs:AssignIpv6Addresses | Assigns one or more IPv6 addresses to an ENI. |
ecs:DescribeInstanceHistoryEvents | Queries the system events of an ECS instance. |
ecs:AcceptInquiredSystemEvent | Accepts the default operation for a system event in the Inquiring state and authorizes the system to perform the default operation. |
ecs:RedeployInstance | Redeploys an ECS instance when the instance receives a system event notification. |
ecs:DescribeTasks | Queries the progress of one or more asynchronous requests of an ECS instance. |
ecs:TagResources | Creates and adds tags to an ECS instance. |
ecs:UntagResources | Removes tags from an ECS instance. |
ecs:ListTagResources | Queries tags that are added to an ECS instance. |
ecs:JoinResourceGroup | Adds an ECS instance to a resource group. |
ecs:ReportInstancesStatus | Reports an exception on one or more ECS instances. |
ecs:ModifyInstanceAttribute | Modifies the information about an ECS instance. |
ecs:DeleteInstances | Releases one or more pay-as-you-go ECS instances. |
ecs:RebootInstances | Restarts one or more ECS instances that are in the Running state. |
ecs:StartInstances | Starts one or more ECS instances that are in the Stopped state. |
ecs:StopInstances | Stops one or more ECS instances that are in the Running state. |
ecs:AttachInstanceRamRole | Attaches an instance RAM role to one or more ECS instances. |
ecs:DescribeLocalDiskRepairActivities | Queries the repair activities of a local disk. |
ecs:CreateAutoProvisioningGroup | Creates an auto provisioning group. |
ecs:DescribeDeploymentSets | Queries the attributes of one or more deployment sets. |
oss:PutObject | Uploads a file or folder. |
oss:GetObject | Queries a file or folder. |
oss:ListObjects | Queries the information about all objects in a bucket. |
vpc:DescribeVSwitches | Queries vSwitches in a VPC. |
vpc:DescribeVpcs | Queries a specified VPC. |
vpc:AllocateEipAddress | Applies for an elastic IP address (EIP). |
vpc:AssociateEipAddress | Associates an EIP with a cloud resource that is deployed in the same region as the EIP. |
vpc:UnassociateEipAddress | Disassociates an EIP from a cloud resource. |
vpc:ReleaseEipAddress | Releases an EIP. |
vpc:DescribeEipAddresses | Queries EIPs in a region. |
cms:CreateAlarm | Creates an event-triggered task. |
cms:DeleteAlarm | Deletes an event-triggered task. |
cms:QueryAlarm | Queries an alert. |
cms:QueryMetricList | Queries the monitoring data of an instance over a specific period of time. |
cms:CreateAlert | Creates an alert. |
cms:CreateDimensions | Creates monitoring metric configurations. |
cms:DeleteAlert | Deletes an alert. |
cms:DisableAlarm | Disables an event-triggered task. |
cms:UpdateAlarm | Updates an alert. |
cms:DeleteAlarm | Deletes an alert. |
cms:ListAlarmHistory | Queries the historical settings of a specified alert rule or all alert rules. |
cms:DescribeMonitorGroups | Queries application groups. |
cms:CreateMonitorGroup | Creates an application group. |
cms:DeleteMonitorGroup | Deletes an application group. |
cms:ApplyMetricRuleTemplate | Applies an alert template to an application group to generate an alert rule. |
cms:ModifyMonitorGroupInstances | Changes the resources that are added to an application group. |
cms:DescribeMetricRuleTemplateList | Queries alert templates. |
cms:CreateMonitoringTemplate | Creates a monitoring template. |
cms:DescribeEventRuleList | Queries event-triggered alert rules. |
cms:DescribeMetricRuleList | Queries alert rules. |
ess:CreateScalingGroup | Creates a scaling group. |
ess:ModifyScalingGroup | Modifies a scaling group. |
ess:EnableScalingGroup | Enables a scaling group. |
ess:DisableScalingGroup | Disables a scaling group. |
ess:DeleteScalingGroup | Deletes a scaling group. |
ess:DescribeScalingGroups | Queries scaling groups. |
ess:DescribeScalingInstances | Queries information about the ECS instances in a scaling group. |
ess:DescribeScalingActivities | Queries scaling activities. |
ess:CreateScalingConfiguration | Creates a scaling configuration. |
ess:DescribeScalingConfigurations | Queries scaling configurations. |
ess:DeleteScalingConfiguration | Deletes a scaling configuration. |
ess:CreateScalingRule | Creates a scaling rule. |
ess:ModifyScalingRule | Modifies a scaling rule. |
ess:DescribeScalingRules | Queries information about the scaling rules in a scaling group. |
ess:DeleteScalingRule | Deletes a scaling rule. |
ess:CreateScheduledTask | Creates a scheduled task. |
ess:ModifyScheduledTask | Modifies a scheduled task. |
ess:DescribeScheduledTasks | Queries scheduled tasks. |
ess:DeleteScheduledTask | Deletes a scheduled task. |
ess:RemoveInstances | Removes one or more ECS instances from a scaling group. |
ess:CreateLifecycleHook | Creates one or more lifecycle hooks for a scaling group. |
ess:DescribeLifecycleHooks | Queries lifecycle hooks. |
ess:ModifyLifecycleHook | Modifies a lifecycle hook. |
ess:DeleteLifecycleHook | Deletes a lifecycle hook. |
ess:CompleteLifecycleAction | Takes a scaling activity out of the wait state in advance. |
ess:RecordLifecycleActionHeartbeat | Extends the timeout period of the lifecycle hook that is triggered for an ECS instance. |
ess:CreateNotificationConfiguration | Creates a notification for scaling activities and resource changes. |
ess:DescribeNotificationConfigurations | Queries notifications that you create for scaling activities and resource changes. |
ess:DescribeRegions | Queries the regions in which Auto Scaling is available. |
ess:SetInstancesProtection | Enables or disables protection for one or more ECS instances in a scaling group. |
ecs:ResizeDisk | Resizes a disk. |
ess:ExecuteScalingRule | Executes a scaling rule. |
ess:DetachInstances | Disassociates one or more ECS instances from a scaling group. |
ess:ModifyScalingConfiguration | Modifies a scaling configuration. |
ess:DescribeScalingActivityDetail | Queries the details of a scaling activity. |
ess:ScaleWithAdjustment | Scales instances in a scaling group based on the specified scaling policy. |
ram:GetUser | Queries the information about a RAM user. |
ram:GetRole | Queries the information about a RAM role. |
log:ListProject | Queries the projects that meet specified conditions. |
log:GetProject | Queries the details of a project. |
log:CreateProject | Creates a project. |
log:GetLogStore | Queries the details of a Logstore. |
log:CreateLogStore | Creates a Logstore. |
log:GetConfig | Queries the details of a Logtail configuration file. |
log:CreateConfig | Creates a Logtail configuration file. |
log:GetIndex | Queries the indexes of a specified Logstore. |
log:CreateIndex | Creates indexes for a specified Logstore. |
log:GetAppliedMachineGroups | Queries the machine groups to which a Logtail configuration file is applied. |
log:ApplyConfigToMachineGroup | Applies a Logtail configuration file to a machine group. |
log:ApplyConfigToGroup | Applies a Logtail configuration file to a machine group. |
cs:CreateCluster | Creates a Container Service for Kubernetes (ACK) cluster. |
cs:GetClusters | Queries the details of all ACK clusters. |
cs:AttachInstances | Adds existing ECS instances to an ACK cluster. |
arms:AddIntegration | Integrates the dashboard and collection rules of Prometheus Service. |
arms:AddGrafana | Integrates the dashboard of Prometheus Service. |
arms:ListDashboards | Queries the Grafana dashboards of an ACK cluster. |
arms:GetPrometheusApiToken | Queries the token required for integrating Prometheus Service. |
rds:DescribeDBInstances | Queries the ApsaraDB RDS instances that meet specified conditions or the ApsaraDB RDS instances on which a specified RAM user has permissions. |
rds:DescribeDBInstanceAttribute | Queries the details of one or more ApsaraDB RDS instances. |
rds:DescribeDatabase | Queries the details of the databases that are created on an ApsaraDB RDS instance. |
quotas:ListProductQuotas | Queries the quotas of ECS. |
kms:ListKeys | Queries all customer master keys (CMKs) of the current Alibaba Cloud account. |
AliyunEMRManagedCostRole
Action | Description |
bssapi:DescribeInstanceBill | Queries your bill details in the billing management center. |