Embed console pages and share log data - Log Service - Alibaba Cloud Documentation Center

Log Service allows you to embed console pages into a self-managed website. The pages include query and analysis pages and dashboard pages in the Log Service console. This way, you can easily view log data.

Background information

After you configure collection and index settings in the Log Service console, you can use the query and analysis pages and dashboard pages. In addition, you can share the pages to other users so that the users can view data on the pages. However, the share method involves multiple RAM users, which increases the costs of Resource Access Management (RAM) user management. Therefore, Log Service provides the feature that allows you to embed query and analysis pages and dashboard pages into a self-managed website. This way, you can access the pages without the need to log on to the Log Service console. You can also use RAM to control access to the pages. For example, you can grant read-only permissions to a RAM user that accesses the pages. For more information, see Step 2: Grant permissions to the RAM user.

The following figure shows the access process.

Procedure

Log on to your self-managed website and use Security Token Service (STS) to obtain a temporary AccessKey pair and an STS token.
- For more information about STS, see Use STS to enable cross-account access to Log Service resources.
- For more information about how to grant the permissions to access a Logstore, see Create a RAM user and authorize the RAM user to access Log Service and Create a RAM role whose trusted entity is an Alibaba Cloud account and authorize the RAM role to access Log Service.

Call STS SDK to generate a logon token that is used to log on to Log Service.

Note The STS token may contain special characters. Before you use the STS token, you must URL encode the special characters.

Sample request:

http://signin-intl.aliyun.com/federation?Action=GetSigninToken
                    &AccessKeyId=<The AccessKey ID of the temporary AccessKey pair that is returned by STS>
                    &AccessKeySecret=<The AccessKey secret of the temporary AccessKey pair that is returned by STS>
                    &SecurityToken=<The token that is returned by STS>
                    &TicketType=mini

Change the validity period of the logon token.

By default, the validity period of a logon token ranges from 15 minutes to 60 minutes. You can perform the following operations to change the maximum validity period of your logon token to 12 hours:
1. In the RAM console, change the value of the Maximum Session Duration parameter to 12 hours for the RAM role that you use.
2. In the RAM console, change the value of the Logon Session Validity Period parameter to 12 hours for the RAM user that you use.
3. Change the value of the setDurationSeconds field that is included in the logon-free code to 43200L.
  The following example shows the logon-free code that is written in Java. For more information, visit Java code.
```
AssumeRoleRequest assumeRoleReq = new AssumeRoleRequest();
assumeRoleReq.setRoleArn(roleArn);
assumeRoleReq.setRoleSessionName(roleSession);
assumeRoleReq.setMethod(MethodType.POST);
assumeRoleReq.setDurationSeconds(43200L);
```

Generate a logon-free URL.

Obtain the URL of the Log Service page that you want to use.

Complete query and analysis page:

https://sls4service.console.aliyun.com/lognext/project/<Project name>/logsearch/<Logstore name>?hideTopbar=true&hideSidebar=true

Query page:

https://sls4service.console.aliyun.com/lognext/project/<Project name>/logsearch/<Logstore name>?isShare=true&hideTopbar=true&hideSidebar=true

Dashboard page:
```
https://sls4service.console.aliyun.com/lognext/project/<Project name>/dashboard/<Dashboard ID>?isShare=true&hideTopbar=true&hideSidebar=true
```
Note The preceding Dashboard ID appears only in the URL of a dashboard page. The ID is not the name that appears on the dashboard.

Generate a logon-free URL by using the logon token and the page URL.

Sample request:

http://signin-intl.aliyun.com/federation?Action=Login
                            &LoginUrl=<The URL to which you are redirected when your logon fails. Generally, specify the URL to which you are redirected when the HTTP status code 302 is returned on your self-managed website. You must use encodeURL to transcode the URL. >
                            &Destination=<The URL of a query and analysis page or a dashboard page in the Log Service console. If parameters exist, you must use encodeURL to transcode the parameters. >
                            &SigninToken=<The logon token that is obtained. You must use encodeURL to transcode the token. >

Examples

The following links provide sample code that is written in PHP, Python, and Go:

Java

<dependency>
    <groupId>com.aliyun</groupId>
    <artifactId>aliyun-java-sdk-sts</artifactId>
    <version>3.0.0</version>
</dependency>
<dependency>
    <groupId>com.aliyun</groupId>
    <artifactId>aliyun-java-sdk-core</artifactId>
    <version>3.5.0</version>
</dependency>
<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpclient</artifactId>
    <version>4.5.5</version>
</dependency>
<dependency>
    <groupId>com.alibaba</groupId>
    <artifactId>fastjson</artifactId>
    <version>1.2.68.noneautotype</version>
</dependency>

PHP
Python
Go