This article describes the AliyunServiceRoleForIoTLogExport service linked role and how to delete the role.

Description

IoT Platform provides the log dump feature. This feature allows you to export the operations log of IoT Platform to a Logstore of Log Service. To implement the feature, you must obtain access to Log Service. When you enable the feature, Alibaba Cloud creates the AliyunServiceRoleForIoTLogExport service linked role. You can assign the role to IoT Platform.

Role name:

AliyunServiceRoleForIoTLogExport

Role policy:

AliyunServiceRolePolicyForIoTLogExport

Policy document:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        log:PostLogStoreLogs
        "log:CreateProject",
        "log:GetLogStore",
        "log:CreateLogStore",
        "log:GetLogStore",
        "log:ListLogStores",
        "log:CreateLogStore",
        log:CreateConfig
        log:UpdateConfig
        "log:GetConfig",
        "log:CreateIndex",
        "log:GetIndex",
        "log:UpdateIndex",
        log:CreateSavedSearch
        log:UpdateSavedSearch
        "log:GetSavedSearch",
        log:DeleteSavedSearch
        "log:GetSavedSearch",
        "log:CreateDashboard",
        "log:UpdateDashboard"
        "log:GetDashboard",
        log:DeleteDashboard
        log:ListDashboard
      ],
      "Resource": "acs:log:*:*:project/*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "log-export.iot.aliyuncs.com"
        }
      }
    }
  ]
}

Delete the role

If you no longer use the AliyunServiceRoleForIoTLogExport role, delete the role.

  1. Disable the log dump feature for all products step by step. For more information about how to disable the log dump feature for a product, see Dump logs.
  2. Delete the role. For more information, see Delete a service linked role.