您可以授予日志服务应用(例如日志审计服务、CloudLens等)使用SLS日志服务关联角色(AliyunServiceRoleForSLSMiddlewareLens)来获取中间件云产品的资源。本文介绍AliyunServiceRoleForSLSMiddlewareLens角色的应用场景和权限策略。
应用场景
当您通过日志服务应用(例如日志审计服务、CloudLens等)采集中间件云产品日志时,日志服务会调用相关云产品的OpenAPI接口获取采集账号下的云产品信息。此过程中,日志服务需要通过AliyunServiceRoleForSLSMiddlewareLens角色获取中间件云产品的部分读取及日志采集相关的部分修改权限。更多信息,请参见服务关联角色。
权限策略
- 角色名称:AliyunServiceRoleForSLSMiddlewareLens
- 角色权限策略名称:AliyunServiceRolePolicyForSLSMiddlewareLens
- 权限策略:
{ "Version": "1", "Statement": [ { "Action": [ "sae:DescribeApplicationConfig" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "log:CreateProject", "log:GetProject", "log:ListProject", "log:ListLogStores", "log:GetLogStore", "log:CreateIndex", "log:UpdateIndex", "log:GetIndex", "log:CreateDashboard", "log:UpdateDashboard", "log:ListDashboard", "log:CreateLogStore", "log:CreateSavedSearch", "log:UpdateSavedSearch" ], "Resource": [ "acs:log:*:*:project/*" ], "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "middlewarelens.log.aliyuncs.com" } } } ] }
该文章对您有帮助吗?
- 本页导读 (1)
- 应用场景
- 权限策略
