本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 日誌交付的其他許可
如果您在複寫器上設定日誌交付,請將以下適當的陳述式附加到基本政策。您只需要啟用目的地的程式碼片段。
**Amazon CloudWatch Logs 目的地**
當 `cloudWatchLogs.enabled` 位於`logDelivery`組態`true`中時,附加下列陳述式。
```
{
"Sid": "CloudWatchLogsLogDeliveryActions",
"Effect": "Allow",
"Action": [
"logs:CreateLogDelivery",
"logs:PutResourcePolicy",
"logs:DescribeResourcePolicies",
"logs:DescribeLogGroups",
"logs:ListLogDeliveries"
],
"Resource": [
"*"
]
}
```
**Amazon S3 目的地**
當 `s3.enabled`為 時,附加下列陳述式`true`。用您的目的地儲存貯體名稱取代 ``。
```
[
{
"Sid": "S3LogDeliveryActions",
"Effect": "Allow",
"Action": [
"logs:CreateLogDelivery",
"logs:ListLogDeliveries"
],
"Resource": [
"*"
]
},
{
"Sid": "S3BucketLogDeliveryActions",
"Effect": "Allow",
"Action": [
"s3:GetBucketPolicy",
"s3:PutBucketPolicy"
],
"Resource": "arn:aws:s3:::"
}
]
```
**Firehose 目的地**
當 `firehose.enabled`為 時,附加下列陳述式`true`。`` 以您的 AWS 帳戶 ID 取代 。
```
[
{
"Sid": "FirehoseLogDeliveryActions",
"Effect": "Allow",
"Action": [
"logs:CreateLogDelivery",
"logs:ListLogDeliveries",
"firehose:TagDeliveryStream"
],
"Resource": [
"*"
]
},
{
"Sid": "FirehoseLogDeliveryServiceLinkedRole",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": "arn:aws:iam:::role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery"
}
]
```
如需 vended-logs 許可的詳細資訊,請參閱[從 AWS 服務啟用記錄](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-vended-logs-permissions.html)。