本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
发送到 X-Ray 的痕迹
用户权限
要启用向发送跟踪 AWS X-Ray,您必须使用以下权限登录。
- JSON
-
-
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ReadWriteAccessForLogDeliveryActions", "Effect": "Allow", "Action": [ "logs:GetDelivery", "logs:GetDeliverySource", "logs:PutDeliveryDestination", "logs:GetDeliveryDestinationPolicy", "logs:DeleteDeliverySource", "logs:PutDeliveryDestinationPolicy", "logs:CreateDelivery", "logs:GetDeliveryDestination", "logs:PutDeliverySource", "logs:DeleteDeliveryDestination", "logs:DeleteDeliveryDestinationPolicy", "logs:DeleteDelivery", "logs:UpdateDeliveryConfiguration" ], "Resource": [ "arn:aws:logs:US East (N. Virginia):111122223333:delivery:*", "arn:aws:logs:US East (N. Virginia):111122223333:delivery-source:*", "arn:aws:logs:US East (N. Virginia):111122223333:delivery-destination:*" ] }, { "Sid": "ListAccessForLogDeliveryActions", "Effect": "Allow", "Action": [ "logs:DescribeDeliveryDestinations", "logs:DescribeDeliverySources", "logs:DescribeDeliveries", "logs:DescribeConfigurationTemplates" ], "Resource": "*" }, { "Sid": "AllowUpdatesToResourcePolicyXRay", "Effect": "Allow", "Action": [ "xray:PutResourcePolicy", "xray:ListResourcePolicies" ], "Resource": "*" } ] }
X-Ray 资源政策
发送跟踪的目标账户必须具有包含特定权限的资源策略。当 X-Ray 当前没有资源策略,并且设置跟踪的用户在账户中拥有xray:PutResourcePolicy和xray:ListResourcePolicies权限时, AWS 将在您开始向 X-Ray 发送跟踪时自动创建以下策略。
- JSON
-
-
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AWSLogDeliveryWrite20150319", "Effect": "Allow", "Action": [ "xray:PutTraceSegments" ], "Resource": "*", "Condition": { "StringEquals": { "aws:SourceAccount": [ "0123456789" ] }, "ArnLike": { "aws:SourceArn": [ "arn:aws:logs:US East (N. Virginia):111122223333:delivery-source:my-delivery-source" ] } } } ] }
启用交易搜索
要启用向 X-Ray 发送跟踪,必须启用交易搜索。
日志发送至 Firehose
服务特定的权限