【OSS 排查方案-15 RAM 合集】
案例:被自己的 OSS 策略限制
訪問 OSS 返回 403 ,出口 IP 被自己定義的策略 deny ,將出口 IP 加白後問題解決。
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:*"
],
"Resource": [
"acs:oss: : :xp-pay-boot-test",
"acs:oss: : :xp-pay-boot-test/*"
],
"Condition": {
"IpAddress": {
"acs:SourceIp": [
"14.18.249.98",
"120.241.64.42",
"112.94.160.210",
"202.181.149.26"
]}}}]}
案例:SLS 管理許可權被 deny
{
"Version": "1",
"Statement": [
{
"Action": "log:List*",
"Resource": "acs:log: : :project/ps/*",
"Effect": "Allow"
},
{
"Action": "log:*",
"Resource": [
"acs:log: : :project/ps/logstore/ls_ams_commmon_task",
"acs:log: : :project/ps/logstore/ls_ams_commmon_task/*",
"acs:log: : :project/ps/logtailconfig/ls_ams_commmon_task*",
"acs:log: : :project/ps/machinegroup/ltg_ams_*"
],
"Effect": "Allow"
},
{
"Action": "log:*",
"Resource": [
"acs:log: : :project/ps/logstore/ls_ams_transmit",
"acs:log: : :project/ps/logstore/ls_ams_transmit/*",
"acs:log: : :project/ps/logtailconfig/ls_ams_transmit*",
"acs:log: : :project/ps/machinegroup/ltg_ams_*"
],
"Effect": "Allow"
},
{
"Action": "log:*",
"Resource": [
"acs:log: : :project/ps/logstore/ls_ams_balance_batch",
"acs:log: : :project/ps/logstore/ls_ams_balance_batch/*",
"acs:log: : :project/ps/logtailconfig/ls_ams_balance_batch*",
"acs:log: : :project/ps/machinegroup/ltg_ams_*"
],
"Effect": "Allow"
"Effect": "Allow"
}
]
}
問題:
同樣的策略寫法下面新增的 ls_ams_balance_batch logstore 就無法訪問
分析:
經過測試 SLS 目前針對所有的增刪改查操作,在 RAM 上都是有一定的延遲時間,也就是當你修改了當前策略後,實際使用的還是老版本的策略,快取時間最長 小時級別,目前對應產品正在優化中。