Simple Log Service provides the Security Log Insight application. You can assign the AliyunServiceRoleForSLSSecurityLens service-linked role to Security Log Insight. Then, Security Log Insight has the permissions to access the resources of other cloud services. This topic describes the scenarios and policy of the AliyunServiceRoleForSLSSecurityLens role.
Scenarios
When you use Security Log Insight to collect logs from security cloud services, Simple Log Service calls the API operations of the cloud services to obtain the information about the cloud services within your account. During this process, Simple Log Service uses the AliyunServiceRoleForSLSSecurityLens role to obtain the required permissions to read the resources of the security cloud services and modify the log collection configurations. For more information, see Service-linked roles.
Policy
Role name: AliyunServiceRoleForSLSSecurityLens
Policy name: AliyunServiceRolePolicyForSLSSecurityLens
Policy document:
{ "Version": "1", "Statement": [ { "Action": [ "kms:ListKmsInstances", "kms:GetKmsInstance" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "log:CreateProject", "log:GetProject", "log:ListProject", "log:ListLogStores", "log:GetLogStore", "log:CreateIndex", "log:UpdateIndex", "log:GetIndex", "log:CreateDashboard", "log:UpdateDashboard", "log:ListDashboard", "log:CreateLogStore", "log:CreateSavedSearch", "log:UpdateSavedSearch" ], "Resource": "acs:log:*:*:project/*", "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "securitylens.log.aliyuncs.com" } } } ] }