本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 日志传送的其他权限
如果您在 Replicator 上配置日志传输,请将以下相应语句附加到基本策略中。您只需要启用的目的地的片段。
**Amazon CloudWatch Logs 目标**
在`logDelivery`配置中时`cloudWatchLogs.enabled`附加以下语句。`true`
```
{
"Sid": "CloudWatchLogsLogDeliveryActions",
"Effect": "Allow",
"Action": [
"logs:CreateLogDelivery",
"logs:PutResourcePolicy",
"logs:DescribeResourcePolicies",
"logs:DescribeLogGroups",
"logs:ListLogDeliveries"
],
"Resource": [
"*"
]
}
```
**亚马逊 S3 目的地**
在 i `s3.enabled` s `true` 时附加以下语句。将 `` 替换为目标存储桶名称。
```
[
{
"Sid": "S3LogDeliveryActions",
"Effect": "Allow",
"Action": [
"logs:CreateLogDelivery",
"logs:ListLogDeliveries"
],
"Resource": [
"*"
]
},
{
"Sid": "S3BucketLogDeliveryActions",
"Effect": "Allow",
"Action": [
"s3:GetBucketPolicy",
"s3:PutBucketPolicy"
],
"Resource": "arn:aws:s3:::"
}
]
```
**Firehose 目的地**
在 i `firehose.enabled` s `true` 时附加以下语句。``用您的 AWS 账户 身份证替换。
```
[
{
"Sid": "FirehoseLogDeliveryActions",
"Effect": "Allow",
"Action": [
"logs:CreateLogDelivery",
"logs:ListLogDeliveries",
"firehose:TagDeliveryStream"
],
"Resource": [
"*"
]
},
{
"Sid": "FirehoseLogDeliveryServiceLinkedRole",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": "arn:aws:iam:::role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery"
}
]
```
有关 vended-logs 权限的更多信息,请参阅[启用来自 AWS 服务的日志记录](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-vended-logs-permissions.html)。