本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# 傳送至 X-Ray 的追蹤
<a name="AWS-logs-infrastructure-V2-XRayTraces"></a>

**使用者許可**

若要啟用傳送追蹤到 AWS X-Ray，您必須使用下列許可登入。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Sid": "ReadWriteAccessForLogDeliveryActions",
            "Effect": "Allow",
              "Action": [
                "logs:GetDelivery",
                "logs:GetDeliverySource",
                "logs:PutDeliveryDestination",
                "logs:GetDeliveryDestinationPolicy",
                "logs:DeleteDeliverySource",
                "logs:PutDeliveryDestinationPolicy",
                "logs:CreateDelivery",
                "logs:GetDeliveryDestination",
                "logs:PutDeliverySource",
                "logs:DeleteDeliveryDestination",
                "logs:DeleteDeliveryDestinationPolicy",
                "logs:DeleteDelivery",
                "logs:UpdateDeliveryConfiguration"
            ],
            "Resource": [
            "arn:aws:logs:us-east-1:111122223333:delivery:*",
            "arn:aws:logs:us-east-1:111122223333:delivery-source:*",
            "arn:aws:logs:us-east-1:111122223333:delivery-destination:*"
            ]
        },
        {
            "Sid": "ListAccessForLogDeliveryActions",
            "Effect": "Allow",
            "Action": [
                "logs:DescribeDeliveryDestinations",
                "logs:DescribeDeliverySources",
                "logs:DescribeDeliveries",
                "logs:DescribeConfigurationTemplates"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowUpdatesToResourcePolicyXRay",
            "Effect": "Allow",
            "Action": [
                "xray:PutResourcePolicy",
                "xray:ListResourcePolicies",
                "xray:GetTraceSegmentDestination"
            ],
            "Resource": "*"
        }
    ]
}
```

------

**X-Ray 資源政策**

正在傳送追蹤的目的地帳戶必須具有包含特定許可的資源政策。當設定追蹤的使用者在帳戶中具有 `xray:PutResourcePolicy`和 `xray:ListResourcePolicies`許可時，當您開始將追蹤傳送至 X-Ray 時 AWS ， 會自動建立資源政策。建立的政策取決於來源服務 ：

**Amazon Bedrock AgentCore 資源**  
AWS 會為每個資源類型建立一個資源政策。此政策使用範圍為帳戶界限的萬用字元模式，涵蓋帳戶中相同 Amazon Bedrock AgentCore 資源類型的所有資源。例如，如果啟用 *Amazon Bedrock AgentCore 記憶體*資源進行追蹤交付，政策會涵蓋該帳戶中的所有記憶體資源，包括未來建立的任何記憶體資源。    
****  

```
{
  "Version":"2012-10-17",		 	 	 
  "Statement": [
    {
      "Sid": "AWSLogDeliveryWrite",
      "Effect": "Allow",
      "Principal": {
        "Service": "delivery.logs.amazonaws.com"
      },
      "Action": "xray:PutTraceSegments",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "123456789012"
        },
        "ForAllValues:ArnLike": {
          "logs:LogGeneratingResourceArns": "arn:aws:bedrock-agentcore:us-east-1:123456789012:memory/*"
        },
        "ArnLike": {
          "aws:SourceArn": "arn:aws:logs:us-east-1:123456789012:delivery-source:*"
        }
      }
    }
  ]
}
```

** AWS 其他服務**  
對於支援追蹤交付的其他 服務， AWS 會建立範圍限定於特定來源資源的資源政策。    
****  

```
{
  "Version":"2012-10-17",		 	 	 
  "Statement": [
    {
      "Sid": "AWSLogDeliveryWrite",
      "Effect": "Allow",
      "Principal": {
        "Service": "delivery.logs.amazonaws.com"
      },
      "Action": "xray:PutTraceSegments",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "123456789012"
        },
        "ForAllValues:ArnLike": {
          "logs:LogGeneratingResourceArns": "arn:aws:bedrock:us-east-1:123456789012:knowledge-base/KnowledgeBaseId"
        },
        "ArnLike": {
          "aws:SourceArn": "arn:aws:logs:us-east-1:123456789012:delivery-source:xray-test"
        }
      }
    }
  ]
}
```

**啟用交易搜尋**

若要啟用傳送追蹤到 X-Ray，您必須啟用[交易搜尋](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Enable-Lambda-TransactionSearch.html)。