Log Tank Service (LTS)

The Organizations service provides Service Control Policies (SCPs) to set access control policies.

SCPs do not actually grant any permissions to a principal. They only set the permissions boundary for the principal. When SCPs are attached to a member account or an organizational unit (OU), they do not directly grant permissions to that member account or OU. Instead, the SCPs just determine what permissions are available for that member account or the member accounts under that OU.

This section describes the elements used by Organizations SCPs. The elements include actions, resources, and conditions.

For details about how to use these elements to create a custom SCP, see Creating an SCP.

Actions

Actions are specific operations that are allowed or denied in an SCP.

The Access Level column describes how the action is classified (List, Read, or Write). This classification helps you understand the level of access that an action grants when you use it in an SCP.
The Resource Type column indicates whether the action supports resource-level permissions.
- You can use a wildcard (*) to indicate all resource types. If this column is empty (-), the action does not support resource-level permissions, and you must specify all resources ("*") in your SCP statements.
- If this column includes a resource type, you must specify the URN in the Resource element of your statements.
- Required resources are marked with asterisks (*) in the table. If you specify a resource in a statement using this action, then it must be of this type.
For details about the resource types defined by LTS, see Resources.
The Condition Key column contains keys that you can specify in the Condition element of an SCP statement.
- If the Resource Type column has values for an action, the condition key takes effect only for the listed resource types.
- If the Resource Type column is empty (-) for an action, the condition key takes effect for all resources that action supports.
- If the Condition Key column is empty (-) for an action, the action does not support any condition keys.
For details about the condition keys defined by LTS, see Conditions.

The following table lists the actions that you can define in SCP statements for LTS.

**Table 1** Actions supported by LTS
Action	Description	Access Level	Resource Type (*: required)	Condition Key
lts:logGroup:deleteLogGroup	Grants permission to delete a log group.	write	logGroup *	-
lts:logGroup:listLogGroup	Grants permission to query the log group list.	list	-	-
lts:logGroup:createLogGroup	Grants permission to create a log group.	write	-	-
lts:logGroup:updateLogGroup	Grants permission to modify a log group.	write	logGroup *	-
lts:logStream:listLogStream	Grants permission to query the log stream list.	list	logGroup *	-
lts:logStream:deleteLogStream	Grants permission to delete a log stream.	write	logStream *	-
lts:logStream:createLogStream	Grants permission to create a log stream.	write	logGroup *	-
lts:logStream:searchLog	Grants permission to query logs.	list	logStream *	-
lts:logStream:searchStructLog	Grants permission to query structured logs.	list	logStream *	-
lts:logStream:searchLogHistogram	Grants permission to query the log histogram.	list	logStream *	-
lts:transfer:createTransfer	Grants permission to create a log transfer task.	write	-	-
lts:transfer:deleteTransfer	Grants permission to delete a log transfer task.	write	transfer *	-
lts:transfer:listTransfer	Grants permission to query the log transfer task list.	list	-	-
lts:transfer:updateTransfer	Grants permission to modify a log transfer task.	write	transfer *	-
lts:transfer:registerDmsKafkaInstance	Grants permission to register a DMS Kafka instance.	write	-	-
lts:configCenter:updateOverCollectSwitch	Grants permission to enable or disable log collection beyond free quota.	write	-	-
lts:structConfig:createStructConfig	Grants permission to create structuring configurations.	write	logStream *	-
lts:structConfig:deleteStructConfig	Grants permission to delete structuring configurations.	write	logStream *	-
lts:structConfig:getStructConfig	Grants permission to query structuring configurations.	read	logStream *	-
lts:structConfig:listStructTemplate	Grants permission to query the structuring template list.	list	-	-
lts:structConfig:updateStructConfig	Grants permission to modify structuring configurations.	write	logStream *	-
lts:mappingRule:create	Grants permission to create a mapping rule.	write	-	-
lts:mappingRule:delete	Grants permission to delete a mapping rule.	write	-	-
lts:mappingRule:get	Grants permission to query mapping rule details.	read	-	-
lts:mappingRule:list	Grants permission to query the mapping rule list.	list	-	-
lts:mappingRule:update	Grants permission to modify a mapping rule.	write	-	-
lts:logStream:getHistorySql	Grants permission to query historical SQL statements of a log stream.	read	logStream *	-
lts:alarmRule:createSqlAlarmRule	Grants permission to create a SQL alarm rule.	write	-	-
lts:alarmRule:deleteSqlAlarmRule	Grants permission to delete a SQL alarm rule.	write	alarmRule *	-
lts:alarmRule:updateSqlAlarmRule	Grants permission to modify a SQL alarm rule.	write	alarmRule *	-
lts:alarmRule:listSqlAlarmRule	Grants permission to query SQL alarm rules.	list	-	-
lts:alarmRule:createWordAlarmRule	Grants permission to create a keyword alarm rule.	write	-	-
lts:alarmRule:deleteWordAlarmRule	Grants permission to delete a keyword alarm rule.	write	alarmRule *	-
lts:alarmRule:updateWordAlarmRule	Grants permission to modify a keyword alarm rule.	write	alarmRule *	-
lts:alarmRule:listWordAlarmRule	Grants permission to query keyword alarm rules.	list	-	-
lts:alarm:cleanAlarm	Grants permission to delete an alarm.	write	-	-
lts:alarm:listAlarm	Grants permission to query the alarm list.	list	-	-
lts:logStream:listChart	Grants permission to query log stream charts.	list	-	-
lts:alarmNoticeTemplate:create	Grants permission to create an alarm notification template.	write	-	-
lts:alarmNoticeTemplate:update	Grants permission to modify an alarm notification template.	write	-	-
lts:alarmNoticeTemplate:delete	Grants permission to delete an alarm notification template.	write	-	-
lts:alarmNoticeTemplate:list	Grants permission to query the alarm notification template list.	list	-	-
lts:alarmNoticeTemplate:get	Grants permission to query alarm notification template details.	read	-	-
lts:hostGroup:create	Grants permission to create a host group.	write	-	-
lts:hostGroup:delete	Grants permission to delete a host group.	write	hostGroup *	-
lts:host:list	Grants permission to query the host list.	list	-	-
lts:hostGroup:list	Grants permission to query the host group list.	list	accessConfig *	-
lts:hostGroup:update	Grants permission to modify a host group.	write	hostGroup *	-
lts:accessConfig:create	Grants permission to create a log ingestion configuration.	write	logStream *	-
lts:accessConfig:delete	Grants permission to delete a log ingestion configuration.	write	accessConfig *	-
lts:accessConfig:list	Grants permission to query log ingestion configurations.	list	-	-
lts:accessConfig:update	Grants permission to modify a log ingestion configuration.	write	accessConfig *	-
lts:accessConfig:update	Grants permission to modify a log ingestion configuration.	write	hostGroup	-
lts:tag:create	Grants permission to create a tag.	write	-	-
lts:tag:delete	Grants permission to delete a tag.	write	-	-
lts:logStream:createQuickQuery	Grants permission to create a quick search.	write	logStream *	-
lts:logStream:deleteQuickQuery	Grants permission to delete a quick search.	write	logStream *	-
lts:logStream:listQuickQuery	Grants permission to query quick searches.	list	logGroup *	-
lts:logFavorite:create	Grants permission to add a log to favorites.	write	logStream *	-
lts:logFavorite:delete	Grants permission to remove a log from favorites.	write	-	-
lts:dashboardGroup:create	Grants permission to create a dashboard group.	write	-	-
lts:dashboard:create	Grants permission to create a dashboard.	write	-	-
lts:trafficStatistic:get	Grants permission to query resource statistics details.	read	-	-
lts:tokenizer:get	Grants permission to query configured delimiters.	read	-	-
lts:tokenizer:create	Grants permission to save delimiters.	write	-	-
lts:tokenizer:preview	Grants permission to preview delimiters.	read	-	-
lts:usageAlarm:update	Grants permission to enable or disable quota alarms.	write	-	-
lts:csvTable:list	Grants permission to query the associated data source configuration table.	list	-	-
lts:csvTable:upload	Grants permission to upload a CSV file.	write	-	-
lts:csvTable:get	Grants permission to preview associated data and query associated data source information.	read	-	-
lts:csvTable:create	Grants permission to create an associated data source.	write	-	-
lts:csvTable:update	Grants permission to update an associated data source.	write	-	-
lts:csvTable:delete	Grants permission to delete an associated data source.	write	-	-
lts:scheduledSql:create	Grants permission to create a SQL scheduled job.	write	-	-
lts:scheduledSql:delete	Grants permission to delete a SQL scheduled job.	write	-	-
lts:scheduledSql:update	Grants permission to modify a SQL scheduled job.	write	-	-
lts:scheduledSql:list	Grants permission to query SQL scheduled jobs.	list	-	-
lts:scheduledSql:get	Grants permission to query SQL scheduled job details.	read	-	-
lts:scheduledSql:retry	Grants permission to re-execute the instance.	write	-	-
lts:transfer:getDisList	Grants permission to query DIS streams.	list	-	-
lts:transfer:listKafkaInstance	Grants permission to query the Kafka list.	list	-	-
lts:transfer:updateKafkaInstance	Grants permission to update Kafka information.	write	-	-
lts:transfer:deleteKafkaInstance	Grants permission to delete Kafka information.	write	-	-
lts:transfer:listKafkaAuthorization	Grants permission to query the configured Kafka authorization list.	list	-	-
lts:transfer:createKafkaAuthorization	Grants permission to add configured Kafka authorization.	write	-	-
lts:transfer:deleteKafkaAuthorization	Grants permission to delete configured Kafka authorization.	write	-	-
lts:transfer:getTransfer	Grants permission to query transfer task information.	read	transfer *	-
lts:transfer:getDwsInfo	Grants permission to query the DWS information of a tenant.	read	-	-
lts:transfer:registerDwsCluster	Grants permission to register a DMS cluster.	write	-	-
lts:hostGroup:getHost	Grants permission to query all hosts based on query criteria.	read	-	-
lts:hostGroup:get	Grants permission to query all configurations of a host group based on query criteria.	read	-	-
lts:accessConfig:get	Grants permission to query a collection configuration.	read	accessConfig *	-
lts:logFavorite:list	Grants permission to query the favorites list.	list	-	-
lts:logFavorite:update	Grants permission to modify favorites.	write	logStream *	-
lts:logGroup:getLogGroup	Grants permission to query a log group.	read	logGroup *	-
lts:IndexConfig:list	Grants permission to query indexes.	list	logGroup *	-
lts:IndexConfig:create	Grants permission to create an index.	write	logGroup *	-
lts:structConfig:listStructConfig	Grants permission to query log stream structuring information.	list	logStream *	-
lts:logStream:updateLogStream	Grants permission to modify a log stream.	write	logStream *	-
lts:logStream:getRealtimeLog	Grants permission to query real-time logs.	read	logStream *	-
lts:logStream:getLogStream	Grants permission to query log stream information.	read	logStream *	-
lts:logStream:createLogFilterRules	Grants permission to create a log cleaning rule.	write	logStream *	-
lts:logStream:updateLogFilterRules	Grants permission to modify a log cleaning rule.	write	logStream *	-
lts:logStream:deleteLogFilterRules	Grants permission to delete a log cleaning rule.	write	logStream *	-
lts:logStream:listLogFilterRules	Grants permission to query log cleaning rules.	list	logStream *	-
lts:logStream:getQuickQuery	Grants permission to query a quick search.	list	logStream *	-
lts:logStream:updateQuickQuery	Grants permission to modify a quick search.	write	logStream *	-
lts:logStream:searchLogContext	Grants permission to query log context.	read	logStream *	-
lts:structConfig:getCustomTemplate	Grants permission to query a custom template.	read	-	-
lts:structConfig:createCustomTemplate	Grants permission to create a custom template.	write	-	-
lts:structConfig:updateCustomTemplate	Grants permission to modify a custom template.	write	-	-
lts:structConfig:deleteCustomTemplate	Grants permission to delete a custom template.	write	-	-
lts:structConfig:listCustomTemplate	Grants permission to query the custom template list.	read	-	-
lts:structConfig:smartExtra	Grants permission to intelligently extract structured fields.	write	-	-
lts:logStream:getAggrResult	Grants permission to query quick analysis results.	read	logStream *	-
lts:logStream:getAggr	Grants permission to query a quick analysis aggregator.	read	-	-
lts:logStream:createAggr	Grants permission to create a quick analysis aggregator.	write	-	-
lts:logStream:deleteAggr	Grants permission to delete a quick analysis aggregator.	write	-	-
lts:logStream:getQuickAnalysisAggValue	Grants permission to query quick analysis results of numeric types.	read	logStream *	-
lts:logStream:getWordFreqConfig	Grants permission to query the quick analysis fields created by a user.	read	logStream *	-
lts:logStream:refreshWordFreqConfig	Grants permission to modify a quick analysis field.	write	logStream *	-
lts:logCrux:list	Grants permission to query LogReduce information.	list	-	-
lts:logCrux:get	Grants permission to query the LogReduce switch status.	read	-	-
lts:logCrux:enable	Grants permission to enable LogReduce.	write	-	-
lts:logCrux:disable	Grants permission to disable LogReduce.	write	-	-
lts:logStream:updateChart	Grants permission to update a user log statistical chart.	write	-	-
lts:logStream:createChart	Grants permission to create a user log statistical chart.	write	-	-
lts:logStream:deleteChart	Grants permission to delete a user log statistical chart.	write	logStream *	-
lts:logStream:getChart	Grants permission to query a user log statistical chart.	read	logStream *	-
lts:dashboard:deleteChart	Grants permission to delete a chart.	write	dashboard *	-
lts:dashboard:listCharts	Grants permission to display dashboard-level charts.	list	-	-
lts:dashboard:updateChart	Grants permission to move a chart.	write	dashboard *	-
lts:dashboard:getDashboard	Grants permission to query a user log dashboard.	read	-	-
lts:dashboardGroup:getDashboardsGroup	Grants permission to query a user log dashboard group.	read	-	-
lts:dashboardGroup:updateDashboardsGroup	Grants permission to modify a user log dashboard group.	write	-	-
lts:dashboardGroup:deleteDashboardsGroup	Grants permission to update a user log dashboard group.	write	-	-
lts:dashboard:CreateDashBoard	Grants permission to create dashboards in batches based on a log dashboard template.	write	-	-
lts:dashboard:CreateDashBoardTemplate	Grants permission to create a user log dashboard template.	write	-	-
lts:dashboard:getDashBoardTemplate	Grants permission to query a user log dashboard template.	read	-	-
lts:dashboard:updateDashBoardTemplate	Grants permission to modify a user log dashboard template.	write	-	-
lts:dashboard:deleteDashBoardTemplate	Grants permission to delete a user log dashboard template.	write	-	-
lts:dashboardGroup:createLogDashboardTemplateGroup	Grants permission to create a dashboard template group.	write	-	-
lts:dashboardGroup:updateLogDashboardTemplateGroup	Grants permission to modify a dashboard template group.	write	-	-
lts:dashboardGroup:deleteLogDashboardTemplateGroup	Grants permission to delete a user log dashboard template group.	write	-	-
lts:dashboard:listFilter	Grants permission to query dashboard filters.	list	dashboard *	-
lts:dashboard:createFilter	Grants permission to create a dashboard filter.	write	dashboard *	-
lts:dashboard:updateFilter	Grants permission to modify a dashboard filter.	write	dashboard *	-
lts:dashboard:deleteFilter	Grants permission to delete a dashboard filter.	write	dashboard *	-
lts:alarmRule:listAlarmRules	Grants permission to query the alarm rule list.	list	-	-
lts:alarmRule:getKeywordsAlarmRule	Grants permission to query a keyword alarm rule.	read	alarmRule *	-
lts:alarmRule:getSqlAlarmRule	Grants permission to query a SQL alarm rule.	read	alarmRule *	-
lts:alarm:listAlarmStatistic	Grants permission to query SQL alarm data.	list	-	-
lts:dashboard:update	Grants permission to modify a user log dashboard.	write	-	-
lts:dashboard:delete	Grants permission to delete a user log dashboard.	write	-	-
lts:logSearch:list	Grants permission to obtain the cluster, namespace, component, instance, log, node, log file page component, and file lists.	list	-	-
lts:logSearch:getTime	Grants permission to query the current time of a backend node.	read	-	-
lts:logSearch:getLogContext	Grants permission to obtain log context.	read	-	-
lts:logSearch:exportLogs	Grants permission to download logs.	write	-	-
lts:ageingTime:get	Grants permission to obtain quota management.	list	-	-
lts:ageingTime:update	Grants permission to modify quota management.	write	-	-
lts:logConfigPath:list	Grants permission to query VM log path configurations.	list	-	-
lts:logConfigPath:create	Grants permission to create a VM log path configuration.	write	-	-
lts:structRule:get	Grants permission to obtain a structuring rule.	read	-	-
lts:structRule:create	Grants permission to create a structuring rule.	write	-	-
lts:structRule:delete	Grants permission to delete a structuring rule.	write	-	-
lts:structRule:regex	Grants permission to extract data in a structured manner.	write	-	-
lts:logPail:list	Grants permission to query log buckets, logs in buckets, and log bar charts.	list	-	-
lts:structSql:list	Grants permission to query structured logs.	list	-	-
lts:logPail:create	Grants permission to add a log bucket.	write	-	-
lts:logPail:update	Grants permission to modify a log bucket.	list	-	-
lts:logPail:delete	Grants permission to delete a log bucket.	write	-	-
lts:storageRelation:list	Grants permission to query transfer relationships of the current tenant.	list	-	-
lts:storageRelation:delete	Grants permission to delete transfer relationships of the current tenant.	write	-	-
lts:storage:batchAction	Grants permission to periodically start and stop tasks in batches.	write	-	-
lts:logPailDump:create	Grants permission to add a log transfer task.	write	-	-
lts:statisticsRule:list	Grants permission to query a statistical rule.	list	-	-
lts:statisticsRule:create	Grants permission to create a statistical rule.	write	-	-
lts:statisticsRule:update	Grants permission to modify a statistical rule.	write	-	-
lts:statisticsRule:delete	Grants permission to delete a statistical rule.	write	-	-
lts:transfer:listKafkaInstanceTopic	Grants permission to query all topics of a Kafka instance.	list	-	-
lts:logPackage:create	Grants permission to purchase resource packages.	write	-	-
lts:consumerGroup:create	Grants permission to create a consumer group.	write	-	-
lts:consumerGroup:delete	Grants permission to delete a consumer group.	write	-	-
lts:consumerGroup:list	Grants permission to query the consumer group list.	list	-	-
lts:consumerGroup:get	Grants permission to query the consumer group details.	read	-	-
lts:consumerGroup:update	Grants permission to modify a consumer group.	write	-	-
lts:logStream:get	Grants permission to obtain log stream details.	read	-	-
lts:agency:listGroupAndStream	Grants permission to obtain the log stream list of the delegator's log group.	list	-	-
lts:agency:listEps	Grants permission to obtain the EPS list of the delegator.	list	-	-
lts:agency:listStructConfig	Grants permission to obtain the structuring configurations of the delegator.	list	-	-
lts:logConverge:get	Grants permission to obtain the multi-account log center configurations.	read	-	-
lts:logConverge:update	Grants permission to update the multi-account log center configurations.	write	-	-
lts:logManager:createAggr	Grants permission to create a quick analysis aggregator.	write	logStream *	-
lts:logManager:createAggrs	Grants permission to create quick analysis aggregators in batches.	write	logStream *	-
lts:logManager:deleteAggr	Grants permission to delete a quick analysis aggregator.	write	logStream *	-
lts:logManager:deleteAggrs	Grants permission to delete quick analysis aggregators in batches.	write	logStream *	-
lts:logmanager:createLogFilter	Grants permission to create a log cleaning rule.	write	logStream *	-
lts:logmanager:listLogFilters	Grants permission to query a log cleaning rule.	read	logStream *	-
lts:logmanager:updateLogFilters	Grants permission to modify a log cleaning rule.	write	logStream *	-
lts:logmanager:deleteLogFilters	Grants permission to delete a log cleaning rule.	write	logStream *	-
lts:structConfig:regex	Grants permission to structure the example log using regular expressions.	write	-	-

Each API of LTS usually supports one or more actions. Table 2 lists the supported actions and dependencies.

**Table 2** Actions and dependencies supported by LTS APIs
API	Action	Dependencies
POST /v2/{project_id}/groups	lts:logGroup:createLogGroup	-
DELETE /v2/{project_id}/groups/{log_group_id}	lts:logGroup:deleteLogGroup	-
GET /v2/{project_id}/groups	lts:logGroup:listLogGroup	-
POST /v2/{project_id}/groups/{log_group_id}	lts:logGroup:updateLogGroup	-
POST /v2/{project_id}/groups/{log_group_id}/streams	lts:logStream:createLogStream	-
PUT /v2/{project_id}/groups/{log_group_id}/streams-ttl/{log_stream_id}	lts:logStream:updateLogStream	-
DELETE /v2/{project_id}/groups/{log_group_id}/streams/{log_stream_id}	lts:logStream:deleteLogStream	-
GET /v2/{project_id}/groups/{log_group_id}/streams	lts:logStream:listLogStream	-
GET /v2/{project_id}/log-streams	lts:logStream:listLogStream	-
POST /v2/{project_id}/lts/keyword-count	lts:logStream:searchLogHistogram	-
POST /v2/{project_id}/groups/{log_group_id}/streams/{log_stream_id}/content/query	lts:logStream:searchLog	-
POST /v2/{project_id}/groups/{log_group_id}/streams/{log_stream_id}/struct-content/query	lts:logStream:searchStructLog	-
POST /v2/{project_id}/streams/{log_stream_id}/struct-content/query	lts:logStream:searchStructLog	-
POST /v2/{project_id}/log-dump/obs	lts:transfer:createTransfer	obs:bucket:PutBucketAcl obs:bucket:GetBucketAcl obs:bucket:HeadBucket
POST /v2/{project_id}/transfers	lts:transfer:createTransfer	obs:bucket:PutBucketAcl obs:bucket:GetBucketAcl obs:bucket:GetEncryptionConfiguration obs:bucket:HeadBucket dis:streams:list dis:streamPolicies:list
DELETE /v2/{project_id}/transfers	lts:transfer:deleteTransfer	-
GET /v2/{project_id}/transfers	lts:transfer:listTransfer	-
POST /v2/{project_id}/lts/dms/kafka-instance	lts:transfer:registerDmsKafkaInstance	dms:instance:list
PUT /v2/{project_id}/transfers	lts:transfer:updateTransfer	obs:bucket:PutBucketAcl obs:bucket:GetBucketAcl obs:bucket:GetEncryptionConfiguration obs:bucket:HeadBucket dis:streams:list dis:streamPolicies:list
POST /v2/{project_id}/collection/disable	lts:configCenter:updateOverCollectSwitch	-
POST /v2/{project_id}/collection/enable	lts:configCenter:updateOverCollectSwitch	-
POST /v3/{project_id}/lts/struct/template	lts:structConfig:createStructConfig	-
POST /v2/{project_id}/lts/struct/template	lts:structConfig:createStructConfig	-
DELETE /v2/{project_id}/lts/struct/template	lts:structConfig:deleteStructConfig	-
GET /v3/{project_id}/lts/struct/customtemplate/list	lts:structConfig:listStructTemplate	-
GET /v3/{project_id}/lts/struct/customtemplate	lts:structConfig:listStructTemplate	-
GET /v2/{project_id}/lts/struct/template	lts:structConfig:getStructConfig	-
PUT /v3/{project_id}/lts/struct/template	lts:structConfig:updateStructConfig	-
PUT /v2/{project_id}/lts/struct/template	lts:structConfig:updateStructConfig	-
POST /v2/{project_id}/lts/aom-mapping	lts:mappingRule:create	-
DELETE /v2/{project_id}/lts/aom-mapping	lts:mappingRule:delete	-
GET /v2/{project_id}/lts/aom-mapping/{rule_id}	lts:mappingRule:get	-
GET /v2/{project_id}/lts/aom-mapping	lts:mappingRule:list	-
PUT /v2/{project_id}/lts/aom-mapping	lts:mappingRule:update	-
GET /v2/{project_id}/lts/notifications/topics	lts:alarmNoticeTemplate:list	smn:topic:list
POST /v2/{project_id}/lts/alarms/sql-alarm-rule	lts:alarmRule:createSqlAlarmRule	-
DELETE /v2/{project_id}/lts/alarms/sql-alarm-rule/{sql_alarm_rule_id}	lts:alarmRule:deleteSqlAlarmRule	-
GET /v2/{project_id}/lts/alarms/sql-alarm-rule	lts:alarmRule:listSqlAlarmRule	-
PUT /v2/{project_id}/lts/alarms/status	lts:alarmRule:updateSqlAlarmRule	-
PUT /v2/{project_id}/lts/alarms/sql-alarm-rule	lts:alarmRule:updateSqlAlarmRule	-
POST /v2/{project_id}/lts/alarms/keywords-alarm-rule	lts:alarmRule:createWordAlarmRule	-
DELETE /v2/{project_id}/lts/alarms/keywords-alarm-rule/{keywords_alarm_rule_id}	lts:alarmRule:deleteWordAlarmRule	-
GET /v2/{project_id}/lts/alarms/keywords-alarm-rule	lts:alarmRule:listWordAlarmRule	-
PUT /v2/{project_id}/lts/alarms/keywords-alarm-rule	lts:alarmRule:updateWordAlarmRule	-
POST /v2/{project_id}/{domain_id}/lts/alarms/sql-alarm/clear	lts:alarm:cleanAlarm	-
POST /v2/{project_id}/{domain_id}/lts/alarms/sql-alarm/query	lts:alarm:listAlarm	-
GET /v2/{project_id}/groups/{log_group_id}/streams/{log_stream_id}/charts	lts:logStream:listChart	-
POST /v2/{project_id}/{domain_id}/lts/events/notification/templates	lts:alarmNoticeTemplate:create	-
DELETE /v2/{project_id}/{domain_id}/lts/events/notification/templates	lts:alarmNoticeTemplate:delete	-
POST /v2/{project_id}/{domain_id}/lts/events/notification/templates/view	lts:alarmNoticeTemplate:list	-
GET /v2/{project_id}/{domain_id}/lts/events/notification/templates	lts:alarmNoticeTemplate:list	-
GET /v2/{project_id}/{domain_id}/lts/events/notification/template/{template_name}	lts:alarmNoticeTemplate:get	-
PUT /v2/{project_id}/{domain_id}/lts/events/notification/templates	lts:alarmNoticeTemplate:update	-
POST /v3/{project_id}/lts/host-group	lts:hostGroup:create	-
DELETE /v3/{project_id}/lts/host-group	lts:hostGroup:delete	-
POST /v3/{project_id}/lts/host-list	lts:host:list	aom:icmgr:get aom:icmgr:list
POST /v3/{project_id}/lts/host-group-list	lts:hostGroup:list	-
PUT /v3/{project_id}/lts/host-group	lts:hostGroup:update	-
POST /v3/{project_id}/lts/access-config	lts:accessConfig:create	-
DELETE /v3/{project_id}/lts/access-config	lts:accessConfig:delete	-
POST /v3/{project_id}/lts/access-config-list	lts:accessConfig:list	-
PUT /v3/{project_id}/lts/access-config	lts:accessConfig:update	-
POST /v1/{project_id}/{resource_type}/{resource_id}/tags/action	lts:tag:create	-
POST /v1.0/{project_id}/groups/{group_id}/topics/{topic_id}/search-criterias	lts:logStream:createQuickQuery	-
DELETE /v1.0/{project_id}/groups/{group_id}/topics/{topic_id}/search-criterias	lts:logStream:deleteQuickQuery	-
GET /v1.0/{project_id}/groups/{group_id}/topics/{topic_id}/search-criterias	lts:logStream:listQuickQuery	-
GET /v2/{project_id}/lts/history-sql	lts:logStream:getHistorySql	-
GET /v1.0/{project_id}/lts/groups/{group_id}/search-criterias	lts:logStream:listQuickQuery	-
POST /v1.0/{project_id}/lts/favorite	lts:logFavorite:create	-
DELETE /v1.0/{project_id}/lts/favorite/{fav_res_id}	lts:logFavorite:delete	-
POST /v2/{project_id}/dashboard	lts:dashboard:create	-
POST /v2/{project_id}/lts/dashboard-group	lts:dashboardGroup:create	-
POST /v2/{project_id}/lts/timeline-traffic-statistics	lts:trafficStatistic:get	-
POST /v2/{project_id}/lts/topn-traffic-statistics	lts:trafficStatistic:get	-

Resources

A resource type indicates the resources that an SCP applies to. If you specify a resource type for any action in Table 3, the resource URN must be specified in the SCP statements using that action, and the SCP applies only to resources of this type. If no resource type is specified, the Resource element is marked with an asterisk (*) and the SCP applies to all resources. You can also set condition keys in an SCP to define resource types.

The following table lists the resource types that you can define in SCP statements for LTS.

**Table 3** Resource types supported by LTS
Resource Type	URN
logStream	lts:<region>:<account-id>:logStream:<group_id>/<stream_id>
logGroup	lts:<region>:<account-id>:logGroup:<group_id>
dashboard	lts:<region>:<account-id>:dashboard:<dashboard_id>
accessConfig	lts:<region>:<account-id>:accessConfig:<config_id>
alarmRule	lts:<region>:<account-id>:alarmRule:<alarm_rule_id>
transfer	lts:<region>:<account-id>:transfer:<transfer_id>
hostGroup	lts:<region>:<account-id>:hostGroup:<host_group_id>

Conditions

LTS does not support service-specific condition keys in SCPs. It can only use global condition keys applicable to all services. For details, see Global Condition Keys.

Parent topic: Management & Governance

Previous topic: Simple Message Notification (SMN)

Next topic: Identity and Access Management (IAM)