The AliyunServiceRoleForSLSAlert service-linked role grants Simple Log Service the permissions to access resources of other cloud services for alerting features.
Scenarios
This role applies to the following scenarios:
-
View alert details and manage alerts from alert notifications without logging on to the Simple Log Service console.
For example, after you receive an alert notification from a DingTalk chatbot, you can click the link in the notification to view alert details and manage alerts without logging on to the console.
-
Integrate the alerting feature with other cloud services.
For example, when you create an action group, you can select a cloud service such as Function Compute or EventBridge as a notification method.
Simple Log Service assumes the AliyunServiceRoleForSLSAlert service-linked role to read and modify resources of other cloud services. For more information, see Service-linked roles.
Description
-
Role name: AliyunServiceRoleForSLSAlert
-
Policy attached to the role: AliyunServiceRolePolicyForSLSAlert
-
Policy document:
{ "Version": "1", "Statement": [ { "Action": [ "log:GetJob", "log:UpdateJob", "log:GetResource", "log:ListResources", "log:GetResourceRecord", "log:ListResourceRecords", "log:UpdateResourceRecords" ], "Resource": [ "acs:log:*:*:project/*" ], "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "log:GetLogStoreLogs" ], "Resource": "acs:log:*:*:project/sls-alert-*" }, { "Action": [ "eventbridge:PutEvents" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "fc:InvokeFunction" ], "Resource": "acs:fc:*:*:services/*/functions/sls-ops-*", "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "alert.log.aliyuncs.com" } } } ] }