Home PageSimple Log ServiceSecurity and ComplianceUse RAM for access controlService-linked rolesManage the AliyunServiceRoleForSLSStorageLens service-linked role
Search for Help Content

Manage the AliyunServiceRoleForSLSStorageLens service-linked role

Updated at: 2024-01-15 08:53
Product
Community

To access the resources of other cloud services by using a CloudLens application, you must assign the AliyunServiceRoleForSLSStorageLens service-linked role to the application. This topic describes the scenarios and policy of the AliyunServiceRoleForSLSStorageLens service-linked role.

Scenarios

When you collect the logs from specific storage services in a CloudLens application, Simple Log Service calls the API operations of the storage services to obtain the relevant information. To read resource data from the storage services and modify the log collection settings, Simple Log Service must assume the AliyunServiceRoleForSLSStorageLens service-linked role. For more information, see Service-linked roles.

Description

  • Role name: AliyunServiceRoleForSLSStorageLens

  • Policy attached to the role: AliyunServiceRolePolicyForSLSStorageLens

  • Policy document:

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "nas:DescribeFileSystems"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "log:CreateProject",
                "log:GetProject",
                "log:ListProject",
                "log:ListLogStores",
                "log:GetLogStore",
                "log:CreateIndex",
                "log:UpdateIndex",
                "log:GetIndex",
                "log:CreateDashboard",
                "log:UpdateDashboard",
                "log:ListDashboard",
                "log:CreateLogStore",
                "log:CreateSavedSearch",
                "log:UpdateSavedSearch",
                "log:CreateLogtailPipelineConfig",
                "log:GetLogtailPipelineConfig",
                "log:ListLogtailPipelineConfig",
                "log:DeleteLogtailPipelineConfig",
                "log:UpdateLogtailPipelineConfig",
                "log:CreateMachineGroup",
                "log:RemoveConfigFromGroup",
                "log:ApplyConfigToGroup",
                "log:GetMachineGroup",
                "log:ListTagResources",
                "log:TagResources"
            ],
            "Resource": [
                "acs:log:*:*:project/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "storagelens.log.aliyuncs.com"
                }
            }
        }
    ]
}
Previous: Manage the AliyunServiceRoleForSLSAlert service-linked roleNext: Manage the AliyunServiceRoleForSLSAILens service-linked role
  • On this page (1, T)
  • Scenarios
  • Description
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare