All Products
Search
Document Center

OpenSearch:Service-linked role for OpenSearch Vector Search Edition

最終更新日:Aug 27, 2024

This topic describes the scenarios of the service-linked role AliyunServiceRoleForSearchEngine for OpenSearch Vector Search Edition.

Background information

The service-linked role AliyunServiceRoleForSearchEngine is a Resource Access Management (RAM) role that OpenSearch Vector Search Edition can assume to access other Alibaba Cloud services. For more information, see Service-linked roles.

Scenarios

When you use the data source feature of OpenSearch Vector Search Edition, OpenSearch Vector Search Edition must be authorized to access the resources of Object Storage Service (OSS). In this case, you can use the AliyunServiceRoleForSearchEngine service-linked role to grant the access permissions.

Description

Role name: AliyunServiceRoleForSearchEngine

Role policy: AliyunServiceRoleForSearchEngine Sample policy:

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "oss:ListObjects",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "oss:Prefix": [
                        "*opensearch*"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "oss:GetObject",
                "oss:GetObjectAcl"
            ],
            "Resource": "acs:oss:*:*:*/*opensearch*/*"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "searchengine.aliyuncs.com"
                }
            }
        }
    ]
}