您可以授予Simple Log Service的日誌洞察應用使用服務關聯角色AliyunServiceRoleForSLSSecurityLens來訪問您在其他雲產品中的資源。本文介紹AliyunServiceRoleForSLSSecurityLens角色的應用情境和權限原則。
應用情境
當您通過安全日誌洞察應用採集安全類雲產品日誌時,Simple Log Service會調用相關雲產品的OpenAPI介面擷取採集帳號下的雲產品資訊。此過程中,Simple Log Service需要通過AliyunServiceRoleForSLSSecurityLens角色擷取安全類雲產品的部分讀取許可權及日誌採集相關的部分修改許可權。更多資訊,請參見服務關聯角色。
權限原則
權限原則:
{ "Version": "1", "Statement": [ { "Action": [ "kms:ListKmsInstances", "kms:GetKmsInstance" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "log:CreateProject", "log:GetProject", "log:ListProject", "log:ListLogStores", "log:GetLogStore", "log:CreateIndex", "log:UpdateIndex", "log:GetIndex", "log:CreateDashboard", "log:UpdateDashboard", "log:ListDashboard", "log:CreateLogStore", "log:CreateSavedSearch", "log:UpdateSavedSearch" ], "Resource": "acs:log:*:*:project/*", "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "securitylens.log.aliyuncs.com" } } } ] }