笔者使用的ELB中的NLB,以NLB为例
日志配置,笔者只写到简单的桶级别,最后没有/符号 ,S3的策略如下
{ "Version": "2012-10-17", "Id": "AWSLogDeliveryWrite", "Statement": [ { "Sid": "AWSLogDeliveryAclCheck", "Effect": "Allow", "Principal": { "Service": "delivery.logs.amazonaws.com" }, "Action": "s3:GetBucketAcl", "Resource": "arn:aws-cn:s3:::nlb-project-prd-ascs", "Condition": { "StringEquals": { "aws:SourceAccount": "229057110123" }, "ArnLike": { "aws:SourceArn": "arn:aws-cn:logs:cn-north-1:229057110123:*" } } }, { "Sid": "AWSLogDeliveryWrite", "Effect": "Allow", "Principal": { "Service": "delivery.logs.amazonaws.com" }, "Action": "s3:PutObject", "Resource": "arn:aws-cn:s3:::nlb-project-prd-ascs/AWSLogs/229057110123/*", "Condition": { "StringEquals": { "aws:SourceAccount": "229057110123", "s3:x-amz-acl": "bucket-owner-full-control" }, "ArnLike": { "aws:SourceArn": "arn:aws-cn:logs:cn-north-1:229057110123:*" } } } ] }
如上策略,在使用时,一般修改aws账号及s3桶名称就可以了~
尊重别人的劳动成果 转载请务必注明出处:https://www.cnblogs.com/5201351/p/18111118
作者:一名卑微的IT民工
出处:https://www.cnblogs.com/5201351
本博客所有文章仅用于学习、研究和交流目的,欢迎非商业性质转载。
由于博主的水平不高,文章没有高度、深度和广度,只是凑字数,不足和错误之处在所难免,希望大家能够批评指出。
博主是利用读书、参考、引用、复制和粘贴等多种方式打造成自己的文章,请原谅博主成为一个卑微的IT民工!
