日志服务的日志洞察应用,需要扮演服务关联角色AliyunServiceRoleForSLSStorageLens来访问您在其他云产品中的资源。本文介绍AliyunServiceRoleForSLSStorageLens角色的应用场景和权限策略。
使用场景
当您通过存储日志洞察应用采集存储类云产品日志时,日志服务会调用相关云产品的OpenAPI接口获取采集账号下的云产品信息。此过程中,日志服务需要扮演AliyunServiceRoleForSLSStorageLens角色,获取存储类云产品的部分读取权限及日志采集相关的部分修改权限。更多信息,请参见服务关联角色。
AliyunServiceRoleForSLSStorageLens角色说明
权限策略内容
{ "Version": "1", "Statement": [ { "Action": [ "nas:DescribeFileSystems" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "log:CreateProject", "log:GetProject", "log:ListProject", "log:ListLogStores", "log:GetLogStore", "log:CreateIndex", "log:UpdateIndex", "log:GetIndex", "log:CreateDashboard", "log:UpdateDashboard", "log:ListDashboard", "log:CreateLogStore", "log:CreateSavedSearch", "log:UpdateSavedSearch", "log:CreateLogtailPipelineConfig", "log:GetLogtailPipelineConfig", "log:ListLogtailPipelineConfig", "log:DeleteLogtailPipelineConfig", "log:UpdateLogtailPipelineConfig", "log:CreateMachineGroup", "log:RemoveConfigFromGroup", "log:ApplyConfigToGroup", "log:GetMachineGroup", "log:ListTagResources", "log:TagResources" ], "Resource": [ "acs:log:*:*:project/*" ], "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "storagelens.log.aliyuncs.com" } } } ] }
文档内容是否对您有帮助?