If you enable the real-time logs feature in Dynamic Route of CDN (DCDN), the system automatically creates the service-linked role (SLR) AliyunServiceRoleForDCDNRealTimeLogDelivery. The SLR is used to authorize DCDN to access resources in Log Service.

AliyunServiceRoleForDCDNRealTimeLogDelivery

AliyunServiceRoleForDCDNRealTimeLogDelivery is an SLR of DCDN. If the real-time logs feature is enabled, DCDN assumes the SLR to access resources in Log Service. This way, DCDN can deliver logs to Log Service. For more information about SLRs, see Service-linked roles.

Create AliyunServiceRoleForDCDNRealTimeLogDelivery

The first time you enable the real-time logs feature in DCDN, the system automatically creates the SLR AliyunServiceRoleForDCDNRealTimeLogDelivery, and then attaches the permission policy to the SLR. After you enable the real-time logs feature, DCDN assumes the SLR to access resources in Log Service. Then, you can perform the following operations in Log Service:
  • Create and query Logstores.
  • Create indexes.
  • Configure templates for visualized analysis.
Notice If AliyunServiceRoleForDCDNRealTimeLogDelivery is created for DCDN, the system does not create the SLR again.

The following code block shows the content of the permission policy:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "log:PostLogStoreLogs",
        "log:GetLogStore",
        "log:CreateProject",
        "log:CreateLogStore",
        "log:CreateIndex",
        "log:UpdateIndex",
        "log:GetIndex",
        "log:CreateDashboard",
        "log:UpdateDashboard",
        "log:CreateSavedSearch",
        "log:UpdateSavedSearch"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "realtimelogdelivery.dcdn.aliyuncs.com"
        }
      }
    }
  ]
}

Delete AliyunServiceRoleForDCDNRealTimeLogDelivery

If you no longer require the real-time logs feature, and you want to delete the SLR AliyunServiceRoleForDCDNRealTimeLogDelivery, perform the following steps:

  1. Delete all real-time log delivery projects.
    1. Log on to the DCDN console.
    2. Choose Logs > Real-time Logs.
    3. In the list of real-time log delivery projects, delete all projects.
  2. Delete AliyunServiceRoleForDCDNRealTimeLogDelivery.
    1. Log on to the RAM console.
    2. In the left-side navigation pane, choose Identities > Roles.
    3. In the Role Name column, find the SLR AliyunServiceRoleForDCDNRealTimeLogDelivery and click Delete.
      Note If the SLR fails to be deleted, check whether all real-time log delivery projects are deleted.