Otorisasi RAM - Simple Log Service - Alibaba Cloud Documentation Center

Resource Access Management (RAM) adalah layanan Alibaba Cloud yang dirancang untuk manajemen identitas pengguna dan kontrol izin akses resource. Melalui RAM, Anda dapat menerapkan prinsip least privilege tanpa perlu membagikan kunci akun Alibaba Cloud Anda kepada pengguna lain. RAM menggunakan kebijakan izin untuk menentukan otorisasi. Topik ini menjelaskan struktur umum kebijakan RAM, serta elemen pernyataan kebijakan (Action, Resource, dan Condition) yang didefinisikan oleh Simple Log Service untuk kebijakan izin RAM. Kode RAM (RamCode) untuk Simple Log Service adalah log , dan granularitas otorisasi yang didukung adalah RESOURCE .

Struktur umum kebijakan

Kebijakan izin menggunakan format JSON dengan struktur umum berikut:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

Berikut adalah penjelasan untuk setiap field dalam kebijakan

Version: Menentukan nomor versi kebijakan. Nilainya tetap 1.
Statement:
- Effect: Menentukan hasil otorisasi. Nilai yang valid: Allow dan Deny.
- Action: Menentukan satu atau beberapa operasi yang diizinkan atau ditolak.
- Resource: Menentukan objek spesifik yang terpengaruh oleh operasi tersebut. Anda dapat menggunakan Alibaba Cloud Resource Names (ARNs) untuk mengidentifikasi resource tertentu.
- Condition: Menentukan kondisi agar otorisasi berlaku. Field ini bersifat opsional.
  - Condition operator: Menentukan operator kondisional. Setiap jenis kondisi mendukung operator kondisional yang berbeda.
  - Condition_key: Menentukan condition key.
  - Condition_value: Menentukan nilai kondisi.

Action

Tabel berikut mencantumkan action yang didefinisikan oleh Simple Log Service. Setiap kolom dalam tabel dijelaskan sebagai berikut:

Action: Dapat digunakan dalam elemen Action pada pernyataan kebijakan RAM untuk memberikan izin guna melakukan operasi tersebut.
API: API yang dipanggil untuk melakukan action tersebut.
Access level: Tingkat akses yang telah ditentukan untuk setiap API. Nilai yang valid: create, list, get, update, dan delete.
Resource type: Jenis resource yang mendukung otorisasi untuk melakukan action tersebut. Ini menunjukkan apakah action tersebut mendukung izin tingkat resource. Resource yang ditentukan harus kompatibel dengan action tersebut; jika tidak, kebijakan tidak akan berlaku.
- Untuk API dengan izin tingkat resource, jenis resource yang diperlukan ditandai dengan tanda bintang (*). Tentukan ARN yang sesuai dalam elemen Resource pada kebijakan.
- Untuk API tanpa izin tingkat resource, ini ditampilkan sebagai All Resources. Gunakan tanda bintang (*) dalam elemen Resource kebijakan.
Condition key: Ditentukan oleh layanan. Kunci ini memungkinkan kontrol yang lebih terperinci, yang berlaku baik untuk action saja maupun untuk action yang terkait dengan resource tertentu. Selain condition key spesifik layanan, Alibaba Cloud menyediakan serangkaian condition key umum yang berlaku di seluruh layanan yang terintegrasi dengan RAM. Untuk informasi lebih lanjut, lihat Common condition keys.
Dependent action: Action dependen yang diperlukan untuk menjalankan action tersebut. Agar action dapat dieksekusi dengan sukses, RAM user atau RAM role harus memiliki izin atas semua action dependen tersebut.

Action	API	Level akses	Tipe resource	Condition key	Action dependen
log:ListConfig	ListConfig	daftar	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#logstoreName}/consumergroup/{#ConsumerGroup}`	None	None
log:ListConfig	ListConfig	list	Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logtailconfig/`	log:TLSVersion	None
log:GetLogStoreMeteringMode	GetLogStoreMeteringMode	get	All Resource ``	None	None
log:GetCursorOrData	GetCursorTime	get	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}`	log:TLSVersion	None
log:ListMachines	ListMachines	get	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/{#MachineGroupName}`	log:TLSVersion	None
log:ChangeResourceGroup	ChangeResourceGroup	update	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}`	log:TLSVersion	None
log:CreateConfig	CreateConfig	create	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logtailconfig/{#LogtailConfigName}`	log:TLSVersion	None
log:PutProjectPolicy	PutProjectPolicy	create	All Resource ``	log:TLSVersion	None
log:CreateMachineGroup	CreateMachineGroup	create	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/{#MachineGroupName}`	log:TLSVersion	None
log:DeleteSavedSearch	DeleteSavedSearch	delete	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/savedsearch/{#SavedSearchName}`	log:TLSVersion	None
log:GetStoreViewIndex	GetStoreViewIndex	get	All Resource ``	None	None
log:ListOSSExports	ListOSSExports	list	All Resource ``	None	None
log:ListScheduledSQLs	ListScheduledSQLs	none	All Resource ``	None	None
log:ListProject	ListProject	get	Project `acs:log:{#regionId}:{#accountId}:project/`	log:TLSVersion	None
log:UpdateIndex	UpdateIndex	update	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/{#logstore}`	log:TLSVersion	None
log:EnableAlert	EnableAlert	none	All Resource ``	None	None
log:ListDomains	ListDomains	get	Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/domain/`	log:TLSVersion	None
log:UntagResources	UntagResources	delete	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}`	log:TLSVersion	None
log:ListOSSHDFSExports	ListOSSHDFSExports	list	All Resource ``	None	None
log:GetETL	GetETL	get	All Resource ``	None	None
log:EnableScheduledSQL	EnableScheduledSQL	none	All Resource ``	None	None
log:GetSavedSearch	GetSavedSearch	get	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/savedsearch/{#SavedSearchName}`	log:TLSVersion	None
log:CreateMetricStore	CreateMetricStore	create	*MetricStore `acs:log:{#regionId}:{#accountId}:project/{#project}/metricstore/{#name}`	None	None
log:ListOSSIngestions	ListOSSIngestions	list	All Resource ``	None	None
log:CreateDashboard	CreateDashboard	create	All Resource ``	log:TLSVersion	None
log:GetAppliedMachineGroups	GetAppliedMachineGroups	get	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logtailconfig/{#LogtailConfigName}`	log:TLSVersion	None
log:CreateStoreView	CreateStoreView	create	All Resource ``	None	None
log:DisableAlert	DisableAlert	none	All Resource ``	None	None
log:ConsumerGroupHeartBeat	ConsumerGroupHeartBeat	none	All Resource ``	log:TLSVersion	None
log:UpdateConsumerGroup	UpdateConsumerGroup	update	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#logstoreName}/consumergroup/{#ConsumerGroup}`	log:TLSVersion	None
log:DeleteDomain	DeleteDomain	delete	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/domain/{#DomainName}`	log:TLSVersion	None
log:GetAlert	GetAlert	get	All Resource ``	None	None
log:DeleteLogStore	DeleteLogStore	delete	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/{#logstore}`	log:TLSVersion	None
log:CreateLogtailPipelineConfig	CreateLogtailPipelineConfig	create	All Resource ``	log:TLSVersion	None
log:CreateProject	CreateProject	create	*Project `acs:log:{#regionId}:{#accountId}:project/{#projectName}`	log:TLSVersion	None
log:GetLogtailPipelineConfig	GetLogtailPipelineConfig	get	All Resource ``	log:TLSVersion	None
log:CreateLogging	CreateLogging	create	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logging`	log:TLSVersion	None
log:UpdateMachineGroup	UpdateMachineGroup	update	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/{#MachineGroupName}`	log:TLSVersion	None
log:DeleteConfig	DeleteConfig	delete	All Resource ``	log:TLSVersion	None
log:SplitShard	SplitShard	update	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}`	log:TLSVersion	None
log:GetLogStore	GetLogStore	get	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/{#logstore}`	log:TLSVersion	None
log:GetStoreView	GetStoreView	get	All Resource ``	None	None
log:ApplyConfigToGroup	ApplyConfigToMachineGroup	update	Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/{#MachineGroupName}` Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logtailconfig/{#LogtailConfigName}`	log:TLSVersion	None
log:CreateDomain	CreateDomain	create	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/domain/{#DomainName}`	log:TLSVersion	None
log:UpdateAlert	UpdateAlert	update	All Resource ``	None	None
log:DeleteAlert	DeleteAlert	delete	All Resource ``	None	None
log:ListConsumerGroup	ListConsumerGroup	get	LogStore `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}/consumergroup/`	log:TLSVersion	None
log:CreateSavedSearch	CreateSavedSearch	create	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/savedsearch/{#SavedSearchName}`	log:TLSVersion	None
log:TagResources	TagResources	create	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}`	log:TLSVersion	None
log:DeleteDashboard	DeleteDashboard	delete	All Resource ``	log:TLSVersion	None
log:ListDownloadJobs	ListDownloadJobs	list	All Resource ``	None	None
log:GetConfig	GetConfig	get	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logtailconfig/{#LogtailConfigName}`	log:TLSVersion	None
log:UpdateMachineGroupMachine	UpdateMachineGroupMachine	update	All Resource ``	log:TLSVersion	None
log:DeleteScheduledSQL	DeleteScheduledSQL	delete	All Resource ``	None	None
log:GetLogging	GetLogging	get	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logging`	log:TLSVersion	None
log:UpdateDashboard	UpdateDashboard	update	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/dashboard/{#DashboardName}`	log:TLSVersion	None
log:DeleteIndex	DeleteIndex	delete	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/{#logstore}`	log:TLSVersion	None
log:ListStoreViews	ListStoreViews	list	All Resource ``	None	None
log:DisableScheduledSQL	DisableScheduledSQL	none	All Resource ``	None	None
log:ListDashboard	ListDashboard	list	Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/dashboard/`	log:TLSVersion	None
log:GetScheduledSQL	GetScheduledSQL	get	All Resource ``	None	None
log:CreateScheduledSQL	CreateScheduledSQL	create	All Resource ``	None	None
log:UpdateScheduledSQL	UpdateScheduledSQL	update	All Resource ``	None	None
log:UpdateProject	UpdateProject	update	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}`	log:TLSVersion	None
log:ListETLs	ListETLs	list	All Resource ``	None	None
log:CreateSqlInstance	CreateSqlInstance	create	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}`	None	None
log:ListShards	ListShards	get	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}`	log:TLSVersion	None
log:DeleteMachineGroup	DeleteMachineGroup	delete	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/{#MachineGroupName}`	log:TLSVersion	None
log:GetMachineGroup	GetMachineGroup	get	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/{#MachineGroupName}`	log:TLSVersion	None
log:MergeShard	MergeShard	update	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}`	log:TLSVersion	None
log:ListLogtailPipelineConfig	ListLogtailPipelineConfig	list	All Resource ``	log:TLSVersion	None
log:CreateLogStore	CreateLogStore	create	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/{#logstoreName}`	log:TLSVersion log:Encrypted	None
log:GetAppliedConfigs	GetAppliedConfigs	get	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/{#MachineGroupName}`	log:TLSVersion	None
log:GetCursorOrData	GetCursor	get	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}`	log:TLSVersion	None
log:UpdateLogging	UpdateLogging	update	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logging`	log:TLSVersion	None
log:DeleteProject	DeleteProject	delete	*Project `acs:log:{#regionId}:{#accountId}:project/{#project}`	log:TLSVersion	None
log:GetDashboard	GetDashboard	get	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/dashboard/{#DashboardName}`	log:TLSVersion	None
log:CreateAlert	CreateAlert	create	All Resource ``	None	None
log:DeleteConsumerGroup	DeleteConsumerGroup	delete	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#logstoreName}/consumergroup/{#ConsumerGroup}`	log:TLSVersion	None
log:UpdateStoreView	UpdateStoreView	update	All Resource ``	None	None
log:GetProjectPolicy	GetProjectPolicy	get	All Resource ``	log:TLSVersion	None
log:UpdateLogStore	UpdateLogStore	update	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/{#logstore}`	log:TLSVersion log:Encrypted	None
log:CreateIndex	CreateIndex	create	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/{#logstore}`	log:TLSVersion	None
log:UpdateConfig	UpdateConfig	update	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logtailconfig/{#LogtailConfigName}`	log:TLSVersion	None
log:DeleteStoreView	DeleteStoreView	delete	All Resource ``	None	None
log:GetIndex	GetIndex	get	*LogStore `acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/{#logstore}`	log:TLSVersion	None
log:ListLogStores	ListLogStores	get	LogStore `acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/`	log:TLSVersion	None
log:ListAlerts	ListAlerts	list	Alert `acs:log:{#regionId}:{#accountId}:project/{#project}/alert/`	None	None
log:GetSqlInstance	GetSqlInstance	none	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}`	None	None
log:ConsumerGroupUpdateCheckPoint	ConsumerGroupUpdateCheckPoint	update	All Resource ``	log:TLSVersion	None
log:GetProject	GetProject	get	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}`	log:TLSVersion	None
log:UpdateSavedSearch	UpdateSavedSearch	update	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/savedsearch/{#SavedSearchName}`	log:TLSVersion	None
log:ListMachineGroup	ListMachineGroup	get	Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/`	log:TLSVersion	None
log:ListSavedSearch	ListSavedSearch	get	Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/savedsearch/`	log:TLSVersion	None
log:ListTagResources	ListTagResources	get	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}`	log:TLSVersion	None
log:UpdateSqlInstance	UpdateSqlInstance	update	*Project `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}`	None	None
log:DeleteProjectPolicy	DeleteProjectPolicy	delete	All Resource ``	log:TLSVersion	None
log:UpdateLogStoreMeteringMode	UpdateLogStoreMeteringMode	update	All Resource ``	log:TLSVersion	None
log:UpdateLogtailPipelineConfig	UpdateLogtailPipelineConfig	update	All Resource ``	log:TLSVersion	None

Resource

Tabel berikut mencantumkan resource yang ditentukan oleh Simple Log Service. Tentukan resource tersebut dalam elemen Resource pada pernyataan kebijakan RAM untuk memberikan izin terhadap operasi tertentu. Resource tersebut diidentifikasi secara unik menggunakan ARN dengan format: acs:{#ramcode}:{#regionId}:{#accountId}:{#resourceType}:

acs: Singkatan dari Alibaba Cloud service, yang menunjukkan cloud publik Alibaba Cloud.
{#ramcode}: Kode yang digunakan dalam RAM untuk menunjukkan layanan Alibaba Cloud.
{#regionId}: region ID. Jika resource mencakup semua wilayah, atur nilainya menjadi tanda bintang (*).
{#accountId}: ID akun Alibaba Cloud. Jika resource mencakup semua akun Alibaba Cloud, atur nilainya menjadi tanda bintang (*).
{#resourceType}: Identifier resource yang ditentukan oleh layanan. Mendukung struktur hierarkis, mirip dengan path file. Jika pernyataan mencakup resource global, atur nilainya menjadi tanda bintang (*).

Tipe resource	ARN
ConsumeProcessor	acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#logstoreName}/consumergroup/{#ConsumerGroup} acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName} acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/{#logstore} acs:log:${regionId}:${accountId}:project/{#ProjectName}/logstore/{#LogstoreName}/consumergroup/{#ConsumerGroupName} acs:log::{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName} acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}/consumergroup/ acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/{#logstoreName} acs:log:{#regionId}:{#accountId}:project/{#project}/logstore/* acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#logstoreName}/consumergroup/{#ConsumerGroup} acs:log:{#Region}:{#AccountId}:project/{#ProjectName}/logstore/{#LogstoreName}
ConsumeProcessor	acs:log:{#regionId}:{#accountId}:project/{#project}/consumeprocessor/{#processorName} acs:log:{#regionId}:{#accountId}:project/{#project}/consumeprocessor/*
ESIngestion	acs:log:{#regionId}:{#accountId}:project/{#project}/elasticsearchingestion/*
CollectionPolicy	acs:log::{#accountId}:collectionpolicy/* acs:log::{#accountId}:collectionpolicy/{#policyName}
S3Ingestion	acs:log:{#regionId}:{#accountId}:project/{#project}/s3ingestion/*
Project	acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logtailconfig/* acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/{#MachineGroupName} acs:log:{#regionId}:{#accountId}:project/{#ProjectName} acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logtailconfig/{#LogtailConfigName} acs:log:{#regionId}:{#AccountId}:project/{#project} acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/savedsearch/{#SavedSearchName} acs:log:{#regionId}:{#accountId}:project/* acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/domain/* acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/dashboard/{#DashboardName} acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/domain/{#DomainName} acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logging acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logtailconfig/{#LogtailConfigName} acs:log:{#regionId}:{#accountId}:project/{#ProjectName}//dashboard/{#DashboardName} acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/{MachineGroup} acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/dashboard/{#DashboardName} acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/dashboard/* acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/machinegroup/* acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/savedsearch/*
MaterializedView	acs:log:{#regionId}:{#accountId}:project/{#project}/materializedview/*
MetricStore	acs:log:{#regionId}:{#accountId}:project/{#project}/metricstore/* acs:log:{#regionId}:{#accountId}:project/{#project}/metricstore/{#name} acs:log:{#regionId}:{#accountId}:project/{#project}/metricstore/{#metricstore}
AgentInstanceConfig	acs:log:{#regionId}:{#accountId}:agentinstanceconfig/* acs:log:{#regionId}:{#accountId}:agentinstanceconfig/{#configType}
AzureBlobIngestion	acs:log:{#regionId}:{#accountId}:project/{#project}/azureblobingestion/* acs:log:{#regionId}:{#accountId}:project/{#project}/azureblobingestion/{#azureBlobIngestionName}
Region	acs:log:{#regionId}:{#accountId}:*
IngestProcessor	acs:log:{#regionId}:{#accountId}:project/{#project}/ingestprocessor/{#processorName} acs:log:{#regionId}:{#accountId}:project/{#project}/ingestprocessor/*
Service	acs:log::{#AccountId}:service
Ticket	acs:log::{#accountId}:ticket/*
Alert	acs:log:{#regionId}:{#accountId}:project/{#project}/alert/*

Condition

Tabel berikut mencantumkan condition key tingkat produk yang didefinisikan oleh Simple Log Service. Anda juga dapat menggunakan Common condition keys dari Alibaba Cloud. Tentukan kunci-kunci ini dalam elemen Condition pada pernyataan kebijakan RAM untuk menetapkan aturan otorisasi yang lebih terperinci. Dalam condition key, tentukan nilai kondisi dalam elemen Condition_value pada kebijakan.

Setiap condition key memiliki tipe data tertentu, seperti string, number, Boolean, atau alamat IP. Tipe data tersebut menentukan operator kondisional mana yang dapat digunakan untuk membandingkan nilai permintaan dengan nilai kebijakan. Anda harus menentukan operator kondisional yang kompatibel dengan tipe data condition key tersebut. Operator yang tidak sesuai akan membuat kebijakan tidak berlaku. Lihat Condition operator untuk kombinasi yang valid.

Condition key	Deskripsi	Tipe data
log:Encrypted	Apakah akan menentukan konfigurasi enkripsi saat membuat atau mengubah penyimpanan log	Boolean
log:Encrypted	Whether to specify encryption configuration when creating or modifying a Logstore	Boolean

Cara membuat kebijakan RAM kustom?

Anda dapat membuat kebijakan kustom dan memberikannya kepada RAM user, RAM user group, atau RAM role. Untuk caranya, lihat: