Log Service currently offers an alarm function that works with your log contents. To read log data, the service account of Log Service must be given explicit authorization to access your data. If you have read this document and completed the authorization, skip the following sections and create alarm rules directly. For how to authorize a service role, see the following sections.
Create a Resource Access Management (RAM) role
- Log on to the Resource Access Management (RAM) console. Click Roles in the left-side navigation pane and click Create Role in the upper-right corner. The Create Role dialog box appears. Select Service Role in the Select Role Type step.
- Select LOG Log Service in the Enter Type step.
- Enter aliyunlogreadrole in the Role Name field. (By default, this role is assumed to access data. Therefore, do not change this role name.) Then, click Create.
Authorize the role to access log data
Then, Log Service has the permissions to regularly read data from specified Logstores to perform alarm checks.