Introduction

This document provides information regarding specific permissions required for discovering Alibaba resources. Instead of providing unrestricted read permissions in the Alibaba policy, a user can specify below set of permissions for Alibaba discovery:

“emr:ListClusters”,
“emr:GetCluster”,
“slb:DescribeLoadBalancers”,
“eci:DescribeContainerGroups”,
“cen:DescribeCens”,
“alb:ListLoadBalancers”,
“vpc:DescribeVpcs”,
“ecs:DescribeInstances”,
“cms:QueryMetricList”,
“oss:ListBuckets”,
“oss:GetBucketTags”,
“oss:GetBucketInfo”,
“cs:GetClusters”,
“rds:DescribeDBInstances”,
“rds:DescribeTags”,
“ess:DescribeScalingGroups”,
“ecs:DescribeRegions”,
“odps:ListProjects”,
“nas:DescribeFileSystems”,
“odps:GetProject”,
“apigateway:DescribeApiGroups”,
“apigateway:DescribeApis”,
“vpc:DescribeNatGateways”,
“vpc:DescribeEipAddresses”,
“cs:DescribeClustersV1”