PutProjectPolicy - Simple Log Service - Alibaba Cloud Documentation Center

Usage notes

Host consists of a project name and a Log Service endpoint. You must specify a project in Host.
An AccessKey pair is created and obtained. For more information, see AccessKey pair.

The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in Log Service is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. Make sure that the RAM user has the management permissions on Log Service resources. For more information, see Create a RAM user and authorize the RAM user to access Log Service.
The information that is required to query logs is obtained. The information includes the name of the project to which the logs belong, the region of the project, and the name of the Logstore to which the logs belong. For more information, see Manage a project and Manage a Logstore.
Alibaba Cloud Log Service allows you to configure project policies to perform authorization. You can configure a project policy to authorize other users to access specified Log Service resources.
- You must configure a project policy based on policy syntax. Before you configure a project policy, you must understand the Action, Resource, and Condition elements. For more information, see RAM overview.
- If you set the Principal element to an asterisk (*) and do not configure the Condition element when you configure a project policy, the policy applies to all users except for the project owner. If you set the Principal element to an asterisk (*) and configure the Condition element when you configure a project policy, the policy applies to all users including the project owner.
- You can configure multiple project policies for a project. The total size of the policies cannot exceed 16 KB.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request headers

This operation uses only common request headers. For more information, see Common request headers.

Request syntax

POST /policy HTTP/1.1

Request parameters

Parameter	Type	Position	Required	Example	Description
	String	Body	No	{ "Version": "1", "Statement": [{ "Action": ["log:PostLogStoreLogs"], "Resource": "acs:log:::project/exampleproject/", "Effect": "Deny", "Condition": { "StringNotLike": { "acs:SourceVpc": ["vpc-"] } } }] }	The content of the policy that you want to create.
project	String	Host	No	ali-test-project	The name of the project.

Response parameters

Parameter	Type	Example	Description
Server	String	nginx	The name of the server.
Content-Type	String	application/json	The type of the response body. Valid values: application/json and application/x-protobuf.
Content-Length	String	0	The length of the response body.
Connection	String	close	Indicates whether the connection is persistent. Valid values: close: The connection is non-persistent. A new TCP connection is established for each HTTP request. keep-alive: The connection is persistent. After a TCP connection is established, the connection remains open, and no more time or bandwidth is consumed to establish new connections.
Date	String	Sun, 27 May 2018 08:25:04 GMT	The time when the response was returned.
x-log-requestid	String	5B0A6B60BB6EE39764D458B5	The request ID.

Examples

Sample requests

POST /policy HTTP/1.1
Host:ali-test-project.cn-hangzhou.log.aliyuncs.com
Content-Type:application/json

{
	"Version": "1",
	"Statement": [{
		"Action": ["log:PostLogStoreLogs"],
		"Resource": "acs:log:*:*:project/exampleproject/*",
		"Effect": "Deny",
		"Condition": {
			"StringNotLike": {
				"acs:SourceVpc": ["vpc-*"]
			}
		}
	}]
}

Sample success responses

JSON format

HTTP/1.1 200 OK

Error codes

For a list of error codes, visit the API Error Center.