To create or modify the resources of Simple Log Service by using a Simple Log Service application, such as Full-stack Observability and Intelligent Anomaly Analysis, you can assign the AliyunServiceRoleForSLSFullObserverbility service-linked role to the application. This topic describes the scenarios and policy of the AliyunServiceRoleForSLSFullObserverbility service-linked role.
Scenarios
When you collect logs from cloud services by using a Simple Log Service application, such as Full-stack Observability and Intelligent Anomaly Analysis, Simple Log Service calls an operation to create or delete related resources. For more information about the description and management of service-linked roles, see Service-linked roles. When you enable Full-stack Observability and Intelligent Anomaly Analysis, a service-linked role named AliyunServiceRoleForSLSFullObserverbility is automatically created.
Description of the AliyunServiceRoleForSLSFullObserverbility service-linked role
Role name:
AliyunServiceRoleForSLSFullObserverbilityPolicy attached to the role:
AliyunServiceRoleForSLSFullObserverbilityPolicy document:
{ "Version": "1", "Statement": [ { "Action": [ "log:Get*", "log:List*", "log:CreateProject", "log:CreateLogstore", "log:CreateIndex", "log:CreateDashboard", "log:CreateJob", "log:UpdateConfig", "log:UpdateJob", "log:UpdateDashboard", "log:UpdateIndex", "log:DeleteLogstore", "log:DeleteDashboard", "log:DeleteJob", "log:DeleteIndex", "log:DeleteConfig", "log:PostProjectQuery", "log:PutProjectQuery", "log:DeleteProjectQuery", "log:GetProjectQuery", "log:PostLogStoreLogs", "log:BatchPostLogStoreLogs", "log:CreateConsumerGroup", "log:UpdateConsumerGroup", "log:DeleteConsumerGroup", "log:ListConsumerGroup", "log:ConsumerGroupUpdateCheckPoint", "log:ConsumerGroupHeartBeat", "log:GetConsumerGroupCheckPoint" ], "Resource": "acs:log:*:*:project/*", "Effect": "Allow" }, { "Action": "ram:PassRole", "Resource": "*", "Effect": "Allow" }, { "Action": [ "log:GetDataExpression", "log:CreateDataExpression", "log:UpdateDataExpression" ], "Resource": "acs:log:*:*:dataexpression/sls_default_data_expression/*", "Effect": "Allow" }, { "Action": [ "log:Get*" ], "Resource": [ "acs:log:*:*:mlservice/sls_builtin_service_*/*" ], "Effect": "Allow" }, { "Action": [ "log:CreateAnnotationDataSet", "log:DeleteAnnotationDataSet", "log:GetAnnotationDataSet", "log:ListAnnotationDataSets", "log:UpdateAnnotationDataSet", "log:CreateAnnotationLabel", "log:DeleteAnnotationLabel", "log:GetAnnotationLabel", "log:UpdateAnnotationLabel", "log:ListAnnotationLabels", "log:DeleteAnnotationData", "log:GetAnnotationData", "log:ListAnnotationData", "log:PutAnnotationData" ], "Resource": [ "acs:log:*:*:mlannotationdataset/*", "acs:log:*:*:mlannotationlabel/*" ], "Effect": "Allow" } ] }