If you enable the real-time logs feature in Dynamic Route of CDN (DCDN), the system automatically creates the service-linked role (SLR) AliyunServiceRoleForDCDNRealTimeLogDelivery. The SLR is used to authorize DCDN to access resources in Log Service.
AliyunServiceRoleForDCDNRealTimeLogDelivery
AliyunServiceRoleForDCDNRealTimeLogDelivery is an SLR of DCDN. If the real-time logs feature is enabled, DCDN assumes the SLR to access resources in Log Service. This way, DCDN can deliver logs to Log Service. For more information about SLRs, see Service-linked roles.
Create AliyunServiceRoleForDCDNRealTimeLogDelivery
- Create and query Logstores.
- Create indexes.
- Configure templates for visualized analysis.
The following code block shows the content of the permission policy:
{
"Version": "1",
"Statement": [
{
"Action": [
"log:PostLogStoreLogs",
"log:GetLogStore",
"log:CreateProject",
"log:CreateLogStore",
"log:CreateIndex",
"log:UpdateIndex",
"log:GetIndex",
"log:CreateDashboard",
"log:UpdateDashboard",
"log:CreateSavedSearch",
"log:UpdateSavedSearch"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "realtimelogdelivery.dcdn.aliyuncs.com"
}
}
}
]
}
Delete AliyunServiceRoleForDCDNRealTimeLogDelivery
If you no longer require the real-time logs feature, and you want to delete the SLR AliyunServiceRoleForDCDNRealTimeLogDelivery, perform the following steps:
- Delete all real-time log delivery projects.
- Log on to the DCDN console.
- Choose .
- In the list of real-time log delivery projects, delete all projects.
- Delete AliyunServiceRoleForDCDNRealTimeLogDelivery.