All Products
Search

This Product

    Simple Log Service:Grant permissions to write alerts to an Eventstore

    Document Center

    Simple Log Service:Grant permissions to write alerts to an Eventstore

    Last Updated:Apr 19, 2024

    Simple Log Service can write alerts to an Eventstore only after Simple Log Service is granted the required permissions. This topic describes how to grant the required permissions by using the default role or a custom role.

    When you configure an alert monitoring rule, you must grant the required permissions to Simple Log Service after you select Eventstore for Destination and turn on Enable.

    Default role

    If you select Default Role for Authorization Method, you must perform the following operations.

    1. Click Authorize. Then, you are navigated to the authorization page. Complete the authorization as prompted.

    2. After the authorization is complete, click After authorization, click Refresh to refresh the page.. The system displays the role information.

    Custom role

    If you select Custom Role for Authorization Method, you must perform the following operations in the Resource Access Management (RAM) console.

    Step 1: Create a policy

    1. Log on to the RAM console.

    2. In the left-side navigation pane, choose Permissions > Policies.

    3. On the Policies page, click Create Policy.

    4. Create a policy.

      1. On the Create Policy page, click the JSON tab and enter the following policy document. 

        {
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "log:PostLogStoreLogs",
      "Resource": "*"
    }
  ]
}

      2. Click Next to edit policy information. On the Create Policy page, configure Name and Description. Then, click OK.

    Step 2: Create a custom role

    1. In the left-side navigation pane of the RAM console, choose Identities > Roles.

    2. On the Roles page, click Create Role.

    3. Create a role.

      1. In the Create Role panel, select Alibaba Cloud Service for Select Trusted Entity and click Next.

      2. Select Normal Service Role, configure RAM Role Name and Note, and then select Log Service for Select Trusted Service.

      3. Click OK.

    Step 3: Grant permissions to the custom role

    1. In the Finish step of the created role, click Add Permissions to RAM Role. Alternatively, in the role list, find the created role and click Add Permissions in the Actions column.

    2. In the Add Permissions panel, select Custom Policy for Select Policy. Then, search for and select the custom policy that is created in Step 1.

    3. Click OK. Then, click Complete as prompted.

    4. Click the role, copy the Alibaba Cloud Resource Name (ARN) of the role, and then configure an alert monitoring rule.