All Products
Document Center

Simple Log Service:PutProjectPolicy

Last Updated:Oct 26, 2023

Creates a project policy.

Usage notes

  • Host consists of a project name and a Log Service endpoint. You must specify a project in Host.
  • An AccessKey pair is created and obtained. For more information, see AccessKey pair.

    The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in Log Service is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. Make sure that the RAM user has the management permissions on Log Service resources. For more information, see Create a RAM user and authorize the RAM user to access Log Service.

  • The information that is required to query logs is obtained. The information includes the name of the project to which the logs belong, the region of the project, and the name of the Logstore to which the logs belong. For more information, see Manage a project and Manage a Logstore.
  • Alibaba Cloud Log Service allows you to configure project policies to perform authorization. You can configure a project policy to authorize other users to access specified Log Service resources.
    • You must configure a project policy based on policy syntax. Before you configure a project policy, you must understand the Action, Resource, and Condition elements. For more information, see RAM overview.
    • If you set the Principal element to an asterisk (*) and do not configure the Condition element when you configure a project policy, the policy applies to all users except for the project owner. If you set the Principal element to an asterisk (*) and configure the Condition element when you configure a project policy, the policy applies to all users including the project owner.
    • You can configure multiple project policies for a project. The total size of the policies cannot exceed 16 KB.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request headers

This operation uses only common request headers. For more information, see Common request headers.

Request syntax

POST /policy HTTP/1.1

Request parameters

Parameter Type Position Required Example Description
String Body No { "Version": "1", "Statement": [{ "Action": ["log:PostLogStoreLogs"], "Resource": "acs:log:*:*:project/exampleproject/*", "Effect": "Deny", "Condition": { "StringNotLike": { "acs:SourceVpc": ["vpc-*"] } } }] }

The content of the policy that you want to create.

project String Host No ali-test-project

The name of the project.

Response parameters

Parameter Type Example Description
Server String nginx

The name of the server.

Content-Type String application/json

The type of the response body. Valid values: application/json and application/x-protobuf.

Content-Length String 0

The length of the response body.

Connection String close

Indicates whether the connection is persistent. Valid values:

  • close: The connection is non-persistent. A new TCP connection is established for each HTTP request.
  • keep-alive: The connection is persistent. After a TCP connection is established, the connection remains open, and no more time or bandwidth is consumed to establish new connections.
Date String Sun, 27 May 2018 08:25:04 GMT

The time when the response was returned.

x-log-requestid String 5B0A6B60BB6EE39764D458B5

The request ID.


Sample requests

POST /policy HTTP/1.1

	"Version": "1",
	"Statement": [{
		"Action": ["log:PostLogStoreLogs"],
		"Resource": "acs:log:*:*:project/exampleproject/*",
		"Effect": "Deny",
		"Condition": {
			"StringNotLike": {
				"acs:SourceVpc": ["vpc-*"]

Sample success responses

JSON format

HTTP/1.1 200 OK

Error codes

For a list of error codes, visit the API Error Center.