Updated on 2024-04-16 GMT+08:00

Creating an Agency

To use some OBS features, you need to use IAM agencies to grant required permissions to OBS for processing your data.

Creating an Agency for Uploading Logs

  1. In the Logging dialog box, click Create Agency to jump to the Agencies page on the Identity and Access Management console.
  2. Click Create Agency.
  3. Enter an agency name.
  4. Select Cloud service for the Agency Type.
  5. Select Object Storage Service (OBS) for Cloud Service.
  6. Set a validity period.
  7. Click Next.
  8. On the Select Policy/Role page, select a custom policy that has the permission to upload data to the log storage bucket and click Next.

    If no custom policy is available, create one by choosing Permissions > Policies/Roles in the navigation pane

    Select JSON for Policy View. The policy content is as follows.

    When coding the policy content in an actual scenario, replace mybucketlogs with the actual bucket name:

    {
        "Version": "1.1",
        "Statement": [
            {
                "Action": [
                    "obs:object:PutObject"
                ],
                "Resource": [
                    "OBS:*:*:object:mybucketlogs/*"
                ],
                "Effect": "Allow"
            }
        ]
    }

  9. On the Select Scope page, select Global services for Scope and click OK.

Creating an Agency for Cross-Region or Cross-Cluster Replication

  1. Go to the Agencies page on the Identity and Access Management console.
  2. Click Create Agency.
  3. Enter an agency name.
  4. Select Cloud service for the Agency Type.
  5. Select Object Storage Service (OBS) as the cloud service.
  6. Set a validity period.
  7. In the Permissions area, find Global service > OBS and click Attach Policy on the right.
  8. Select the custom policy with OBS administrator permissions (all operation permissions on OBS) and click OK.

    1. If no custom policy is available, create one by choosing Permissions > Policies/Roles in the navigation pane

      When creating a custom policy, select Global services for Scope and select JSON for Policy View. The policy content is as follows.

      {
          "Version": "1.1",
          "Statement": [
              {
                  "Action": [
                      "obs:*:*"
                  ],
                  "Effect": "Allow"
              }
          ]
      }

  9. Select the scope where the permission applies to. In the permission area, search for and select OBS Administrator.
  10. Click OK to complete the agency creation.