子账号使用负载均衡访问日志功能前,需要主账号对其进行授权。

操作步骤

  1. 创建授权策略:
    1. 使用主账号登录访问控制RAM控制台。
    2. 在左侧导航栏,单击策略管理,然后单击新建授权策略


    3. 单击空白模板


    4. 输入策略名称,如SlbAccessLogPolicySet,然后输入以下策略内容,单击新建授权策略
      {
      "Statement": [
       {
         "Action": [
           "slb:Create*",
           "slb:List*"
         ],
         "Effect": "Allow",
         "Resource": "acs:log:*:*:project/*"
       },
       {
         "Action": [
           "log:Create*",
           "log:List*"
         ],
         "Effect": "Allow",
         "Resource": "acs:log:*:*:project/*"
       },
       {
         "Action": [
           "log:Create*",
           "log:List*",
           "log:Get*",
           "log:Update*"
         ],
         "Effect": "Allow",
         "Resource": "acs:log:*:*:project/*/logstore/*"
       },
       {
         "Action": [
           "log:Create*",
           "log:List*",
           "log:Get*",
           "log:Update*"
         ],
         "Effect": "Allow",
         "Resource": "acs:log:*:*:project/*/dashboard/*"
       },
       {
         "Action": "cms:QueryMetric*",
         "Resource": "*",
         "Effect": "Allow"
       },
       {
         "Action": [
           "slb:Describe*",
           "slb:DeleteAccessLogsDownloadAttribute",
           "slb:SetAccessLogsDownloadAttribute",
           "slb:DescribeAccessLogsDownloadAttribute"
         ],
         "Resource": "*",
         "Effect": "Allow"
       },
       {
         "Action": [
           "ram:Get*",
           "ram:ListRoles"
         ],
         "Effect": "Allow",
         "Resource": "*"
       }
      ],
      "Version": "1"
      }
    1. 单击关闭
  2. 给子账号授权:
    1. 在访问控制RAM控制台的左侧导航栏,单击用户管理
    2. 找到目标用户(需要使用访问日志功能的子账号),然后单击授权


    3. 搜索已创建的策略,然后选择该策略授权给目标用户。


    4. 单击确定


    5. 返回用户详情页面,查看用户已经拥有了新建的策略,可以使用负载均衡日志访问功能了。