Creating an Agency

To use some OBS features, you need to use IAM agencies to grant required permissions to OBS for processing your data.

Creating an Agency for Uploading Logs

  1. In the Logging dialog box, click Create Agency to jump to the Agencies page on the Identity and Access Management console.

  2. Click Create Agency.

  3. Enter an agency name.

  4. Select Cloud service for the Agency Type.

  5. Select Object Storage Service (OBS) as the cloud service.

  6. Set a validity period.

  7. In the Permissions area, find Global service > OBS and click Attach Policy on the right.

    1. Search for and select the custom policy that has the permission to upload logs to the bucket, and click OK.

      If you have not created any custom policy, click Policies in the navigation pane on the left to create one.

      When creating a custom policy, select Global services for Scope and select JSON for Policy View. The policy content is as follows:

      Note

      When coding the policy content in an actual scenario, replace mybucketlogs with the actual bucket name:

      {
          "Version": "1.1",
          "Statement": [
              {
                  "Action": [
                      "obs:object:PutObject"
                  ],
                  "Resource": [
                      "OBS:*:*:object:mybucketlogs/*"
                  ],
                  "Effect": "Allow"
              }
          ]
      }
      
    2. (Optional) If the log storage bucket has server-side encryption enabled, the agency also requires the KMS Administrator permission for the region where the bucket is located.

      In the region project of the log storing bucket, click Attach Policy. In the displayed dialog box, search for the KMS Administrator policy, select the policy, and then click OK.

  8. Click OK to complete the agency creation.