Tencent Cloud Notices > Notice Details
[DTS] DTS Service Role Upgrade Notice
2026-06-03 11:21:17
To improve DTS service quality, Tencent Cloud Data Transfer Service will add a new service-linked role DTS_QCSLinkedRoleInResourceAccess and its associated preset policy QcloudAccessForDTSLinkedRoleInResourceAccess to call cloud APIs, replacing the previous authentication method.
Upgrade Time: June 03, 2026 (Wednesday) (UTC+8)
Upgrade Impact: This service-linked role and policy change has no impact on your existing business, and no action is required from your side. During the upgrade period, existing DTS migration, synchronization, and subscription tasks will not be interrupted, and the new task creation process remains unchanged. After the upgrade, DTS will access relevant cloud resources under your account through the standard CAM service-linked role, making the authentication chain more standardized, transparent, and auditable. You can view the DTS_QCSLinkedRoleInResourceAccess role and its permission details at CAM.
Note:
If you need to grant the permission manually, you can use the root account to perform the authorization operation.
Upgrade Details:
1. New Service-Linked Role
Role Name | Description |
DTS_QCSLinkedRoleInResourceAccess | The service-linked role required for DTS to access other cloud resources under your account (Cloud Database MySQL, CKafka, VPC, Tencent Cloud Distributed Cache etc.). |
2. API Permissions Included in the New Preset Policy QcloudAccessForDTSLinkedRoleInResourceAccess
2.1. DTS APIs (for instance information query)
Interface Name | Description |
dts:DescribeMigrateDBInstances | Query database instances associated with migration tasks. |
dts:DescribeSyncDbInstances | Query database instances associated with sync tasks. |
2.2. Cloud Database MySQL APIs (for source/target metadata retrieval, account authentication, and password rotation)
Interface Name | Description |
cdb:DescribeDBInstances | Query Cloud Database MySQL instance list. |
cdb:DescribeInstanceInfo | Query Cloud Database MySQL instance details. |
cdb:DescribeCdbZoneConfig | Query Cloud Database MySQL availability zone configuration. |
cdb:DescribeDBRoutes | Query Cloud Database MySQL network routes. |
cdb:DescribeDatabases | Query database list under Cloud Database MySQL instance. |
cdb:DescribeTables | Query table list under Cloud Database MySQL instance. |
cdb:DescribeAccounts | Query Cloud Database MySQL accounts. |
cdb:DescribeAccountPrivileges | Query Cloud Database MySQL account privileges. |
cdb:ModifyAccountPrivileges | Modify Cloud Database MySQL account privileges (for DTS task configuration). |
cdb:ResetRootAccount | Reset Cloud Database MySQL Root account (for password rotation). |
cdb:DescribeAsyncRequestInfo | Query async task results of Cloud Database MySQL . |
2.3. Message Queue CKafka APIs (for subscription/sync to CKafka scenarios)
Interface Name | Description |
ckafka:ListInstance | Query CKafka instance list. |
ckafka:DescribeInstanceAttributes | Query CKafka instance attributes. |
ckafka:DescribeInstancesDetail | Query CKafka instance details. |
ckafka:ListTopic | Query topic list. |
ckafka:DescribeTopic | Query topic information. |
ckafka:DescribeTopicAttributes | Query topic attributes. |
ckafka:ListRoute / ckafka:DescribeRoute | Query CKafka access routes. |
ckafka:CreateRoute / ckafka:AddRoute | Create CKafka access route (for DTS access connectivity). |
ckafka:DeleteRoute | Delete CKafka access route. |
2.4. Virtual Private Cloud VPC APIs (for cross-VPC access capability)
Interface Name | Description |
vpc:DescribeCcnAttachedInstances | Query CCN-attached instances. |
2.5. Tencent Cloud Distributed CacheAPIs (for Tencent Cloud Distributed Cache link instance information retrieval)
Interface Name | Description |
redis:DescribeInstances | Query Tencent Cloud Distributed Cache instance list. |
