Creates a project policy.
Usage notes
- Host consists of a project name and a Log Service endpoint. You must specify a project in Host.
-
An AccessKey pair is created and obtained. For more information, see AccessKey pair.
The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in Log Service is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. Make sure that the RAM user has the management permissions on Log Service resources. For more information, see Create a RAM user and authorize the RAM user to access Log Service.
- The information that is required to query logs is obtained. The information includes the name of the project to which the logs belong, the region of the project, and the name of the Logstore to which the logs belong. For more information, see Manage a project and Manage a Logstore.
- Alibaba Cloud Log Service allows you to configure project policies to perform authorization. You can configure a project policy to authorize other users to access specified Log Service resources.
- You must configure a project policy based on policy syntax. Before you configure a project policy, you must understand the Action, Resource, and Condition elements. For more information, see RAM overview.
- If you set the Principal element to an asterisk (*) and do not configure the Condition element when you configure a project policy, the policy applies to all users except for the project owner. If you set the Principal element to an asterisk (*) and configure the Condition element when you configure a project policy, the policy applies to all users including the project owner.
- You can configure multiple project policies for a project. The total size of the policies cannot exceed 16 KB.
Debugging
Request headers
This operation uses only common request headers. For more information, see Common request headers.
Request syntax
POST /policy HTTP/1.1
Request parameters
Parameter | Type | Position | Required | Example | Description |
String | Body | No | { "Version": "1", "Statement": [{ "Action": ["log:PostLogStoreLogs"], "Resource": "acs:log:*:*:project/exampleproject/*", "Effect": "Deny", "Condition": { "StringNotLike": { "acs:SourceVpc": ["vpc-*"] } } }] } | The content of the policy that you want to create. |
|
project | String | Host | No | ali-test-project | The name of the project. |
Response parameters
Parameter | Type | Example | Description |
Server | String | nginx | The name of the server. |
Content-Type | String | application/json | The type of the response body. Valid values: application/json and application/x-protobuf. |
Content-Length | String | 0 | The length of the response body. |
Connection | String | close | Indicates whether the connection is persistent. Valid values:
|
Date | String | Sun, 27 May 2018 08:25:04 GMT | The time when the response was returned. |
x-log-requestid | String | 5B0A6B60BB6EE39764D458B5 | The request ID. |
Examples
Sample requests
POST /policy HTTP/1.1
Host:ali-test-project.cn-hangzhou.log.aliyuncs.com
Content-Type:application/json
{
"Version": "1",
"Statement": [{
"Action": ["log:PostLogStoreLogs"],
"Resource": "acs:log:*:*:project/exampleproject/*",
"Effect": "Deny",
"Condition": {
"StringNotLike": {
"acs:SourceVpc": ["vpc-*"]
}
}
}]
}
Sample success responses
JSON
format
HTTP/1.1 200 OK
Error codes
For a list of error codes, visit the API Error Center.