ActionTrail collects API calling records of cloud services (including API call records triggered in the console). It standardizes the operation records and saves them to specified OSS buckets as files. You can also manage the records files using management functions provided by OSS, such as authorization, lifecycle management, and archiving.
When you initiate an operation call using the console or SDK, ActionTrail transfers the operation records to the specified OSS bucket within five minutes. You can access the ActionTrail operation records through OSS, or view the operation records for the last seven days in the ActionTrail console or API.
With ActionTrail, you can capture adjustments and view operations on your Alibaba Cloud account within a specific period to analyze or solve potential problems.
- Security Troubleshooting
ActionTrail allows the recording of source IP address calls initiated by your account (including your RAM account) and the execution results to prevent data or password leaks.
- Quick Push
ActionTrail leverages a highly available data processing pipeline to collect, handle, and transmit events. ActionTrail usually handles events within 10 minutes upon user operation.
- Security Compliance
With ActionTrail, you can automatically record and store logs of executed events on your Alibaba Cloud account (both from the console or an API) to streamline compliance and auditing processes.
ActionTrail clearly records the context information of user operations. For example, you can record information on: the user who initiated the operation, the type and time of operation, the source IP, the operation that was performed from an API or the console, whether the operation was successful or the cause of failure.
ActionTrail supports saving operation records using OSS, which is a cost-effective and reliable storage product. You can use the OSS lifecycle configuration rules to reduce storage costs or use the OSS authorization mechanism to grant others access to the records.
How it works
Logs recorded by ActionTrail can help to analyze the cause of security issues affecting your Alibaba Cloud account or resources. For example, ActionTrail records all of your account login operations, including detailed records such as the login time, IP addresses of logon, and whether multi-factor authentication was used. With these files, you can identify security issues that are affecting your account.
When there are abnormal changes to your cloud resources, the operation logs recorded by ActionTrail can help you identify the reason(s). For example, when you find that an ECS instance has stopped, you can use ActionTrail to identify who initiated the operation, from which IP address, and at what time.
If your organization has multiple members and you are using the Alibaba Cloud RAM service to manage the identities of the members, you have to obtain detailed operation records of each member to meet the compliance audit requirements of your organization. The operation events recorded by ActionTrail can meet these compliance audit requirements. Try out over 40 products for free
1. What products does ActionTrail currently support?
• Elastic Compute Service (ECS)
• Server Load Balancer
• ApsaraDB for RDS
• Alibaba Cloud CDN
• Resource Access Management (RAM)
• Security Token Service (STS)
• Alibaba Cloud account and RAM user logon
2. How many days of records can I search with ActionTrail?
ActionTrail supports searching logs within the past seven days. If you want to keep the logs longer, activate the OSS and ActionTrail services, and use StartLogging to store the records to your own OSS.
3. What operations does ActionTrail record?
ActionTrail mainly records add, modify, and delete operations on resources. Retrieve, query, and verify operations on resources are not recorded.