本文为您介绍API网关 - 为用户配置SLS日志同步的服务关联角色(AliyunServiceRoleForApigatewayConfigSLS)的应用场景以及如何删除API网关 - 为用户配置SLS日志同步的服务关联角色。
背景信息
API网关 - 为用户配置SLS日志同步的服务关联角色(AliyunServiceRoleForApigatewayConfigSLS)是API网关为了在SLS侧为用户设置的LogStore配置数据同步任务而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色。
应用场景
创建SLS日志同步配置时,API网关会提示用户创建服务关联角色,得到用户的许可后,系统会自动创建一个名称为AliyunServiceRoleForApigatewayConfigSLS的服务关联角色,并为该角色添加名称为AliyunServiceRolePolicyForApigatewayConfigSLS的权限策略,以授予API网关访问其他云资源的权限。
AliyunServiceRoleForApigatewayConfigSLS 介绍
角色名称:AliyunServiceRoleForApigatewayConfigSLS 角色权限策略:AliyunServiceRolePolicyForApigatewayConfigSLS 权限说明:
{
"Version": "1",
"Statement": [
{
"Action": "log:CreateProject",
"Resource": "acs:log:*:*:project/*",
"Effect": "Allow"
},
{
"Action": "log:CreateLogStore",
"Resource": "acs:log:*:*:project/*/logstore/*",
"Effect": "Allow"
},
{
"Action": "log:GetLogStore",
"Resource": "acs:log:*:*:project/*/logstore/*",
"Effect": "Allow"
},
{
"Action": "log:UpdateLogStore",
"Resource": "acs:log:*:*:project/*/logstore/*",
"Effect": "Allow"
},
{
"Action": "log:GetIndex",
"Resource": "acs:log:*:*:project/*/logstore/*",
"Effect": "Allow"
},
{
"Action": "log:CreateIndex",
"Resource": "acs:log:*:*:project/*/logstore/*",
"Effect": "Allow"
},
{
"Action": "log:UpdateIndex",
"Resource": "acs:log:*:*:project/*/logstore/*",
"Effect": "Allow"
},
{
"Action": "log:CreateDashboard",
"Resource": "acs:log:*:*:project/*/dashboard/*",
"Effect": "Allow"
},
{
"Action": "log:UpdateDashboard",
"Resource": "acs:log:*:*:project/*/dashboard/*",
"Effect": "Allow"
},
{
"Action": "log:CreateSavedSearch",
"Resource": "acs:log:*:*:project/*/savedsearch/*",
"Effect": "Allow"
},
{
"Action": "log:UpdateSavedSearch",
"Resource": "acs:log:*:*:project/*/savedsearch/*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "sls.apigateway.aliyuncs.com"
}
}
}
]
}删除服务关联角色
如果您需要删除AliyunServiceRoleForApigatewayConfigSLS(服务关联角色),需要先删除依赖这个服务关联角色的SLS日志同步配置。操作步骤如下:
文档内容是否对您有帮助?