Log Service supports alerts triggered by logs with specified content. To read logs, you must authorize a Resource Access Management (RAM) role to access logs. If you have read this topic and completed the specified authorization, you can skip the following steps and create alert rules.

Create a RAM role

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click RAM Roles.
  3. Click Create RAM Role, select Alibaba Cloud Service, and then click Next.
  4. Specify the RAM Role Name and Note parameters.
  5. Select Log Service from the Select Trusted Service drop-down list, and click OK.

Authorize a RAM role to access logs

  1. In the left-side navigation pane, click RAM Roles.
  2. In the RAM Role Name column, find the target RAM role.
  3. Find aliyunlogreadrole in the RAM Role Name column.
  4. Click Add Permissions. On the page that appears, the principle is automatically filled in.
  5. In the Policy Name column, click AliyunLogReadOnlyAccess to grant the permission specified in the policy to the specified RAM role.
  6. Click OK.
  7. Click Finished.

Now, the RAM role for Log Service has the permission to read logs from a specific Logstore. Logs with specified content can trigger alerts.