調用ALIYUN::ACTIONTRAIL::TrailLogging建立跟蹤 - Resource Orchestration Service

ALIYUN::ACTIONTRAIL::Trail類型用於建立跟蹤，將事件投遞到Log ServiceSLS或Object Storage Service。

文法

{
  "Type": "ALIYUN::ACTIONTRAIL::Trail",
  "Properties": {
    "Name": String,
    "OssBucketName": String,
    "RoleName": String,
    "OssKeyPrefix": String,
    "EventRW": String,
    "SlsProjectArn": String,
    "SlsWriteRoleArn": String
  }
}

屬性

屬性名稱	類型	必須	允許更新	描述	約束
Name	String	是	否	跟蹤名稱。	長度為6～36個字元，必須以英文字母開頭，可包含英文字母、數字、短劃線（-）和底線（_）。說明同一個阿里雲帳號內跟蹤名稱不可重複。
EventRW	String	否	是	投遞事件的讀寫類型。	取值： Read：讀類型。 Write（預設值）：寫類型。 All：讀類型和寫類型。
OssBucketName	String	否	是	跟蹤投遞的OSS儲存空間名稱。	長度為3～63個字元，必須以小寫英文字母或者數字開頭，可包含小寫英文字母、數字和短劃線（-）。說明請確保您已經建立Object Storage Service的儲存空間。具體操作，請參見建立儲存空間。 OssBucketName和SlsProjectArn需至少指定其中一個參數。
OssKeyPrefix	String	否	是	跟蹤投遞的OSS儲存空間檔案名稱的首碼。	長度為6～32個字元，必須以英文字母開頭，可包含英文字母、數字、短劃線（-）、正斜線（/）和底線（_）。
RoleName	String	否	是	Action Trail服務關聯角色名稱。	預設值：AliyunServiceRoleForActionTrail。
SlsProjectArn	String	否	是	跟蹤投遞的Log Service專案的ARN。	請確保您已經建立SLS的Project和LogStore。其中LogStore需要以`actiontrail_<跟蹤名稱>`命名。具體操作，請參見建立Project和建立Logstore。說明 OssBucketName和SlsProjectArn需至少指定其中一個參數。
SlsWriteRoleArn	String	否	是	Action Trail向Log Service專案投遞操作事件時，扮演的角色ARN。	無

傳回值

Fn::GetAtt

Name：跟蹤名稱。

樣本

`YAML`格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters: {}
Resources:
  Role:
    Type: ALIYUN::RAM::Role
    Properties:
      RoleName: TestRole
      Policies:
        - PolicyName:
            Fn::Sub: ActionTrailPolicy-${ALIYUN::StackId}
          PolicyDocument:
            Version: '1'
            Statement:
              - Action:
                  - oss:GetBucketLocation
                  - oss:ListObjects
                  - oss:PutObject
                Resource:
                  - '*'
                Effect: Allow
              - Action:
                  - log:PostLogStoreLogs
                  - log:CreateLogstore
                  - Log:GetLogstore
                Resource:
                  - '*'
                Effect: Allow
              - Action:
                  - mns:PublishMessage
                Resource:
                  - '*'
                Effect: Allow
      AssumeRolePolicyDocument:
        Version: '1'
        Statement:
          - Action: sts:AssumeRole
            Effect: Allow
            Principal:
              Service:
                - actiontrail.aliyuncs.com
  Bucket:
    Type: ALIYUN::OSS::Bucket
    Properties:
      AccessControl: private
      BucketName: MyTestBucket
      DeletionForce: true
  SlsProject:
    Type: ALIYUN::SLS::Project
    Properties:
      Name: DemoSls
  SlsLogStore:
    Type: ALIYUN::SLS::Logstore
    DependsOn: SlsProject
    Properties:
      LogstoreName: ActiontrailTestTrail
      PreserveStorage: true
      ProjectName:
        Fn::GetAtt:
          - SlsProject
          - Name
      AppendMeta: true
      MaxSplitShard: 64
      AutoSplit: true
      EnableTracking: false
      ShardCount: 2
  Trail:
    DependsOn:
      - Role
      - Bucket
      - SlsLogStore
    Type: ALIYUN::ACTIONTRAIL::Trail
    Properties:
      SlsProjectArn:
        Fn::Sub: acs:log:${ALIYUN::Region}::project/DemoSls
      RoleName:
        Fn::GetAtt:
          - Role
          - RoleName
      EventRW: All
      OssKeyPrefix: TestFile
      OssBucketName:
        Fn::GetAtt:
          - Bucket
          - Name
      SlsWriteRoleArn:
        Fn::Sub: acs:ram::${ALIYUN::TenantId}:role/${Role.RoleName}
      Name: TestTrail
  TrailLogging:
    Type: ALIYUN::ACTIONTRAIL::TrailLogging
    Properties:
      Name:
        Fn::GetAtt:
          - Trail
          - Name
      Enable: true
Outputs:
  Name:
    Value:
      Fn::GetAtt:
        - Trail
        - Name

`JSON`格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {},
  "Resources": {
    "Role": {
      "Type": "ALIYUN::RAM::Role",
      "Properties": {
        "RoleName": "TestRole",
        "Policies": [
          {
            "PolicyName": {
              "Fn::Sub": "ActionTrailPolicy-${ALIYUN::StackId}"
            },
            "PolicyDocument": {
              "Version": "1",
              "Statement": [
                {
                  "Action": [
                    "oss:GetBucketLocation",
                    "oss:ListObjects",
                    "oss:PutObject"
                  ],
                  "Resource": [
                    "*"
                  ],
                  "Effect": "Allow"
                },
                {
                  "Action": [
                    "log:PostLogStoreLogs",
                    "log:CreateLogstore",
                    "Log:GetLogstore"
                  ],
                  "Resource": [
                    "*"
                  ],
                  "Effect": "Allow"
                },
                {
                  "Action": [
                    "mns:PublishMessage"
                  ],
                  "Resource": [
                    "*"
                  ],
                  "Effect": "Allow"
                }
              ]
            }
          }
        ],
        "AssumeRolePolicyDocument": {
          "Version": "1",
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "actiontrail.aliyuncs.com"
                ]
              }
            }
          ]
        }
      }
    },
    "Bucket": {
      "Type": "ALIYUN::OSS::Bucket",
      "Properties": {
        "AccessControl": "private",
        "BucketName": "MyTestBucket",
        "DeletionForce": true
      }
    },
    "SlsProject": {
      "Type": "ALIYUN::SLS::Project",
      "Properties": {
        "Name": "DemoSls"
      }
    },
    "SlsLogStore": {
      "Type": "ALIYUN::SLS::Logstore",
      "DependsOn": "SlsProject",
      "Properties": {
        "LogstoreName": "ActiontrailTestTrail",
        "PreserveStorage": true,
        "ProjectName": {
          "Fn::GetAtt": [
            "SlsProject",
            "Name"
          ]
        },
        "AppendMeta": true,
        "MaxSplitShard": 64,
        "AutoSplit": true,
        "EnableTracking": false,
        "ShardCount": 2
      }
    },
    "Trail": {
      "DependsOn": [
        "Role",
        "Bucket",
        "SlsLogStore"
      ],
      "Type": "ALIYUN::ACTIONTRAIL::Trail",
      "Properties": {
        "SlsProjectArn": {
          "Fn::Sub": "acs:log:${ALIYUN::Region}::project/DemoSls"
        },
        "RoleName": {
          "Fn::GetAtt": [
            "Role",
            "RoleName"
          ]
        },
        "EventRW": "All",
        "OssKeyPrefix": "TestFile",
        "OssBucketName": {
          "Fn::GetAtt": [
            "Bucket",
            "Name"
          ]
        },
        "SlsWriteRoleArn": {
          "Fn::Sub": "acs:ram::${ALIYUN::TenantId}:role/${Role.RoleName}"
        },
        "Name": "TestTrail"
      }
    },
    "TrailLogging": {
      "Type": "ALIYUN::ACTIONTRAIL::TrailLogging",
      "Properties": {
        "Name": {
          "Fn::GetAtt": [
            "Trail",
            "Name"
          ]
        },
        "Enable": true
      }
    }
  },
  "Outputs": {
    "Name": {
      "Value": {
        "Fn::GetAtt": [
          "Trail",
          "Name"
        ]
      }
    }
  }
}

文法

屬性

傳回值

樣本

YAML格式

JSON格式

`YAML`格式

`JSON`格式