|
|
需要在要导出到的S3 bucket上面修改存储桶策略。将下面的这段代码配置到存储桶策略上,并做相应的修改,其中region跟bucket的名字都需要修改,并且cloudwatch导出日志的时候,只能往同一个区域的AWS s3 bucket上面导出日志,跨区域是无法导出日志的。
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Sid": "1",
- "Effect": "Allow",
- "Principal": {
- "Service": "logs.eu-west-2.amazonaws.com"
- },
- "Action": "s3:GetBucketAcl",
- "Resource": "arn:aws:s3:::newone-log"
- },
- {
- "Sid": "2",
- "Effect": "Allow",
- "Principal": {
- "Service": "logs.eu-west-2.amazonaws.com"
- },
- "Action": "s3:PutObject",
- "Resource": "arn:aws:s3:::newone-log/*",
- "Condition": {
- "StringEquals": {
- "s3:x-amz-acl": "bucket-owner-full-control"
- }
- }
- },
- {
- "Sid": "AWSLogDeliveryWrite",
- "Effect": "Allow",
- "Principal": {
- "Service": "delivery.logs.amazonaws.com"
- },
- "Action": "s3:PutObject",
- "Resource": "arn:aws:s3:::newone-log/AWSLogs/579228855639/*",
- "Condition": {
- "StringEquals": {
- "s3:x-amz-acl": "bucket-owner-full-control"
- }
- }
- },
- {
- "Sid": "AWSLogDeliveryAclCheck",
- "Effect": "Allow",
- "Principal": {
- "Service": "delivery.logs.amazonaws.com"
- },
- "Action": "s3:GetBucketAcl",
- "Resource": "arn:aws:s3:::newone-log"
- }
- ]
- }
|
|
发表于 2023-5-5 12:04:39