更新时间:2024-07-29 GMT+08:00
DLI连接参数说明
连接数据湖探索(DLI)服务时,相关参数如表1所示。
- 迁移数据到DLI时,DLI要在OBS的dli-trans*内部临时桶生成数据文件,因此在需要赋予DLI连接中使用AK/SK所在用户对dli-trans*桶的读、写、创建目录对象等权限,否则会导致迁移失败。dli-trans*内部临时桶的权限策略添加请参见新增dli-trans*内部临时桶授权策略。
参数名 |
说明 |
取值样例 |
|---|---|---|
名称 |
连接的名称,根据连接的数据源类型,用户可自定义便于记忆、区分的连接名。 |
dli_link |
访问标识(AK) |
访问DLI数据库时鉴权所需的AK和SK。 您需要先创建当前账号的访问密钥,并获得对应的AK和SK。
|
- |
密钥(SK) |
- |
|
项目ID |
DLI服务所在区域的项目ID。
项目ID表示租户的资源,账号ID对应当前账号,IAM用户ID对应当前用户。用户可在对应页面下查看不同Region对应的项目ID、账号ID和用户ID。
|
- |
新增dli-trans*内部临时桶授权策略
- 登录统一身份认证服务IAM控制台。
- 在左侧导航窗格中,选择页签,单击右上方的“创建自定义策略”。
图2 创建自定义策略
- 在自定义策略配置页面,策略配置方式切换至JSON视图,然后按照如下策略内容,创建obs_dli-trans自定义策略。
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "obs:object:GetObject", "obs:object:DeleteObjectVersion", "obs:bucket:GetBucketLocation", "obs:object:GetAccessLabel", "obs:bucket:PutEncryptionConfiguration", "obs:bucket:PutBucketStoragePolicy", "obs:object:DeleteAccessLabel", "obs:bucket:PutBucketCustomDomainConfiguration", "obs:bucket:GetLifecycleConfiguration", "obs:bucket:PutBucketInventoryConfiguration", "obs:bucket:DeleteDirectColdAccessConfiguration", "obs:object:AbortMultipartUpload", "obs:bucket:PutBucketLogging", "obs:bucket:DeleteBucketWebsite", "obs:object:DeleteObject", "obs:bucket:PutBucketVersioning", "obs:bucket:GetBucketWebsite", "obs:bucket:GetBucketLogging", "obs:bucket:DeleteBucketCustomDomainConfiguration", "obs:object:PutObject", "obs:object:RestoreObject", "obs:bucket:PutReplicationConfiguration", "obs:bucket:GetBucketQuota", "obs:object:GetObjectVersionAcl", "obs:bucket:DeleteBucket", "obs:bucket:CreateBucket", "obs:bucket:GetDirectColdAccessConfiguration", "obs:bucket:PutDirectColdAccessConfiguration", "obs:bucket:GetBucketAcl", "obs:bucket:GetBucketVersioning", "obs:bucket:GetBucketInventoryConfiguration", "obs:bucket:GetBucketStoragePolicy", "obs:bucket:GetEncryptionConfiguration", "obs:bucket:PutBucketCORS", "obs:bucket:PutBucketTagging", "obs:bucket:GetBucketTagging", "obs:bucket:PutLifecycleConfiguration", "obs:bucket:GetBucketCustomDomainConfiguration", "obs:object:ListMultipartUploadParts", "obs:object:ModifyObjectMetaData", "obs:bucket:ListBucketVersions", "obs:bucket:PutBucketQuota", "obs:object:PutAccessLabel", "obs:bucket:ListBucket", "obs:bucket:GetBucketCORS", "obs:bucket:DeleteBucketInventoryConfiguration", "obs:object:GetObjectVersion", "obs:bucket:PutBucketWebsite", "obs:bucket:DeleteReplicationConfiguration", "obs:object:GetObjectAcl", "obs:bucket:GetBucketNotification", "obs:bucket:PutBucketNotification", "obs:bucket:GetReplicationConfiguration", "obs:bucket:GetBucketPolicy", "obs:bucket:DeleteBucketTagging", "obs:bucket:GetBucketStorage" ], "Resource": [ "OBS:*:*:object:*", "OBS:*:*:bucket:dli-trans*" ] } ] }图3 配置obs_dli-trans自定义策略
- 单击“确定”,完成obs_dli-trans自定义策略创建。
- 在IAM左侧导航窗格中,选择“用户组”,找到DLI连接中使用AK/SK所在用户的归属用户组,单击授权,将obs_dli-trans自定义策略授权给该用户。
图4 为用户组授权obs_dli-trans自定义策略
父主题: 配置连接参数
