If you use a Resource Access Management (RAM) user to log on to the Simple Log Service console and Simple Log Service needs to access other cloud resources, you must authorize Simple Log Service to access the cloud resources. This topic describes how to authorize Simple Log Service to access cloud resources.
Procedure
Step 1: Create a custom policy by using an Alibaba Cloud account
Log on to the RAM console by using your Alibaba Cloud account.
Create a policy.
In the left-side navigation pane, choose .
On the Policies page, click Create Policy.
On the Create Policy page, click the JSON tab, replace the existing script in the code editor with the following policy document, and then click Next to edit policy information.
{ "Version": "1", "Statement": [ { "Action": [ "ram:CreateRole", "ram:GetRole", "ram:AttachPolicyToRole" ], "Resource": [ "acs:ram:*:system:policy/AliyunLogRolePolicy", "acs:ram:*:*:role/AliyunLogDefaultRole" ], "Effect": "Allow" } ] }Configure the Name parameter and click OK.
Step 2: Attach the custom policy to a RAM user
In the left-side navigation pane, choose .
On the Users page, find the RAM user to which you want to attach the custom policy and click Add Permissions in the Actions column.
In the Policy section of the Grant Permission panel, select Custom Policy from the filter drop-down list, select the custom policy that you created in Step 1, and then click Grant permissions.
Step 3: Authorize Simple Log Service to access other cloud resources
Log on to the RAM console by using the RAM user.
Click Cloud Resource Access Authorization to complete the authorization.
NoteIf the Alibaba Cloud account does not have the
AliyunLogDefaultRoledefault role, the role is created the first time you click the link after the logon. Simple Log Service assumes theAliyunLogDefaultRoledefault role to access resources in other cloud services. For more information about the permissions of theAliyunLogDefaultRoledefault role, see AliyunLogDefaultRole.