The Log Audit Service application allows you to collect logs from Alibaba Cloud services across multiple Alibaba Cloud accounts. Before you can collect logs, you must authorize Log Service and the related accounts. To authorize Log Service, you can use the AccessKey pair of a RAM user who has the required permissions. You can also follow the steps described in this topic to create a custom policy in Resource Access Management (RAM).
Background information
Note When the AliyunServiceRoleForSLSAudit service-linked role is created, the current
Alibaba Cloud account is automatically authorized. For more information, see Initially configure Log Audit Service. If you want to authorize other Alibaba Cloud accounts by using a custom policy,
you can perform the steps described in this topic.
- You must authorize the current Alibaba Cloud account to receive logs from other Alibaba Cloud accounts. The logs are stored in the Logstore that is dedicated to audit logs.
- You must authorize other Alibaba Cloud accounts to synchronize logs to the current Alibaba Cloud account. The logs are stored in the Logstore that is dedicated to audit logs.
The Log Audit Service application of Log Service involves multiple roles and policies.
The following tables describes the relationships among the roles and policies.
- Current Alibaba Cloud account
Role Policy AliyunServiceRoleForSLSAudit AliyunServiceRolePolicyForSLSAudit - Other Alibaba Cloud accounts
Role Policy sls-audit-service-monitor