GA开启日志
GA开启流日志功能
第一步:购买S3,并配置权限
存储桶策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSLogDeliveryWrite",
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::ga-network-flow-log/ga-log/AWSLogs/0000000000/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
},
{
"Sid": "AWSLogDeliveryAclCheck",
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::ga-network-flow-log"
}
]
}
第二步:在控制台执行命令
aws globalaccelerator update-accelerator-attributes \ --accelerator-arn arn:aws:globalaccelerator::0000000:accelerator/aaaaac-f6f9-4fb6-b800-ddddddddddd \ ga的arn码 --region us-west-2 \ 这里一定得是 us-west-2,不能写其它的,否则会报错 --flow-logs-enabled \ --flow-logs-s3-bucket ga-network-flow-log \ s3名称 --flow-logs-s3-prefix ga-log s3下面的文件夹名称,可以不提前创建,会自动生成
浙公网安备 33010602011771号