All Products
Search
Document Center

Simple Log Service:Authorize a RAM user to ship data to OSS

Last Updated:Jan 19, 2025

Before you can use a Resource Access Management (RAM) user to use the data shipping feature of the new version to ship data to Object Storage Service (OSS), you must complete authorization. This topic describes how to authorize a RAM user to ship data to OSS.

Prerequisites

A RAM user is created. For more information, see Create a RAM user.

Procedure

  1. Log on to the RAM console by using your Alibaba Cloud account or a RAM user who has administrative rights.

  2. Create a custom policy. On the JSON tab, replace the existing contents in the editor with the following script. For more information, see Create a custom policy in script edit mode.

    Important
    • Replace ProjectName and LogstoreName in the script based on your actual situation.

    • If you want to use a RAM user to configure alerts for OSS data shipping jobs, you must authorize the RAM user to manage alerts. For more information, see Authorize a RAM user to manage alerts.

    {
      "Version": "1",
      "Statement": [{
        "Effect": "Allow",
        "Action": [
          "log:GetLogStore",
          "log:GetIndex",
          "log:GetLogStoreHistogram",
          "log:GetLogStoreLogs"
        ],
        "Resource": [
          "acs:log:*:*:project/ProjectName/logstore/LogstoreName",
          "acs:log:*:*:project/ProjectName/logstore/internal-diagnostic_log"
        ]
      },
        {
          "Effect": "Allow",
          "Action": [
            "log:CreateJob",
            "log:UpdateJob",
            "log:DeleteJob",
            "log:ListJobs",
            "log:GetJob"
          ],
          "Resource": "acs:log:*:*:project/ProjectName/job/*"
        },
        {
          "Effect": "Allow",
          "Action": [
            "log:ListLogStores",
            "log:ListDashboard",
            "log:ListSavedSearch"
          ],
          "Resource": "acs:log:*:*:project/ProjectName/*"
        },
        {
          "Effect": "Allow",
          "Action": [
            "ram:PassRole",
            "ram:GetRole",
            "ram:ListRoles"
          ],
          "Resource": "*"
        }
      ]
    }
  3. Add the created custom policy to the RAM user. For more information, see Grant permissions to a RAM user.