Updated on 2024-11-25 GMT+08:00

Managing Access Rules

This section describes how to add, view, and delete access rules.

Prerequisites

Adding Access Rules

To map the logs of CCE, CCI, or custom clusters in AOM to LTS, perform the following steps:

  1. Log in to the AOM 2.0 console.
  2. In the navigation pane, choose Log Analysis > LTS Access.
  3. Click Add Access Rule.
  4. Select an access type. Access by Namespace, Access by Workload, or Automatic Mapping are available.

    • Access by Namespace: All logs of the selected namespace are connected to the specified log stream.
      1. Rule Name: Enter a rule name. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
      2. Cluster: Select a cluster from the drop-down list.
      3. Namespace: Select a namespace from the drop-down list.
      4. Workload: Retain the default value All.
      5. Container Name: Select a container from the drop-down list box.
      6. Set an access rule.
        • Access all logs: If you select this option, select a log group and log stream.
        • Specify log paths: If you select this option, specify a log path and then select a log group and log stream.

        If no log group or stream meets your requirements, click Add Log Group and Add Log Stream to add ones. After creating a log stream, select an enterprise project.

    • Access by Workload: Logs of the selected workload are connected to the specified log stream.
      1. Rule Name: Enter a rule name. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
      2. Cluster: Select a cluster from the drop-down list.
      3. Namespace: Select a namespace from the drop-down list.
      4. Workload: Select one or more workloads from the drop-down list.
      5. Container Name: Select a container from the drop-down list box.
      6. Set an access rule.
        • Access all logs: If you select this option, select a log group and log stream.
        • Specify log paths: If you select this option, specify a log path and then select a log group and log stream.

        If no log group or stream meets your requirements, click Add Log Group and Add Log Stream to add ones. After creating a log stream, select an enterprise project.

    • Automatic Mapping: Workload logs are automatically connected to the generated log streams with the same names as the workloads.
      1. Rule Name: Enter a rule name. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
      2. Namespace: Select a namespace from the drop-down list.
      3. Workload: Select one or more workloads from the drop-down list.

        If you select one workload, the rule name is changed to Custom rule name_0 after the rule is created, for example, test_0. If you select multiple workloads, the rule names are changed to Custom rule name_0, Custom rule name_1, and so on, such as test_0 and test_1.

      4. Set an access rule: Select a log group and an enterprise project, and specify a log stream prefix. A log stream will be generated based on the log stream prefix and workload name. By default, all logs of the selected workload are connected.

Managing Access Rules

On the LTS Access page, you can search for, view, edit, and delete access rules.

  • Search

    Click the search box, select a search dimension, for example, Workload, and then select options under this dimension. You can also directly enter a keyword in the search box. In this case, the system searches for information based on access rule names by default.

  • View

    In the rule list, view the cluster name and namespace of the created rule. Click in the upper right corner of the search box to select columns to display. Click a log group name in the Log Group column to go to the log group details page on the LTS console.

  • Edit

    On the LTS Access page, click Edit in the Operation column to edit an access rule. For details about the impact of modifying an access rule, see Modifying a Mapping.

  • Delete

    On the LTS Access page, click Delete in the Operation column to delete an access rule. Select one or more access rules and click Delete above the rule list.

    Deleted access rules or mapped log streams cannot be recovered. Exercise caution when performing this operation. For details about the impact of deleting an access rule, see Deleting a Mapping.