Before a Resource Access Management (RAM) user can log on to Simple Log Service to access cloud resources, you must grant resource access authorization.
Step 1: Create a custom policy and grant permissions to a RAM user
-
Log on to the RAM console by using your Alibaba Cloud account or a RAM user who has administrative rights.
-
Create a custom policy. On the JSON tab of the Create Policy page, replace the existing script in the code editor with the following policy document. For more information, see Using the script editor.
{ "Version": "1", "Statement": [ { "Action": [ "ram:CreateRole", "ram:GetRole", "ram:AttachPolicyToRole" ], "Resource": [ "acs:ram:*:system:policy/AliyunLogRolePolicy", "acs:ram:*:*:role/AliyunLogDefaultRole" ], "Effect": "Allow" } ] } -
Attach the created custom policy to the RAM user. For more information, see Manage RAM user permissions.
Step 2: Grant resource access authorization
-
Use the RAM user to whom you granted permissions in the previous step to log on to the Alibaba Cloud Management Console.
-
Click Resource Access Authorization to complete the authorization.
Note-
If the Alibaba Cloud account does not have the default role
AliyunLogDefaultRole, the role is created the first time the RAM user clicks the link. -
Simple Log Service assumes the
AliyunLogDefaultRolerole to access your resources in other cloud products. -
For details about the access policy of
AliyunLogDefaultRole, see AliyunLogDefaultRole.
-