ALIYUN::ACTIONTRAIL::Trail is used to create a trail to help you store audit data to a specified OSS bucket.

Syntax

{
  "Type": "ALIYUN::ACTIONTRAIL::Trail",
  "Properties": {
    "Name": String,
    "OssBucketName": String,
    "RoleName": String,
    "OssKeyPrefix": String,
    "EventRW": String,
    "SlsProjectArn": String,
    "SlsWriteRoleArn": String
  }
}            

Properties

Property Type Required Editable Description Constraint
Name String Yes No The name of the trail that you want to create. You cannot have identical trail names in the same account.
OssBucketName String Yes Yes The OSS bucket to which you want to deliver log files. Make sure that the bucket exists when you create the trail.
RoleName String Yes Yes The name of the Resource Access Management (RAM) role that ActionTrail is allowed to assume. You must attach corresponding policies to the RAM role. For more information, see Examples.
OssKeyPrefix String No Yes The prefix of the specified OSS bucket name. This parameter can be left empty.
EventRW String No Yes Specifies whether the event is a read or write event. Default value: Write. Valid values:
  • Read
  • Write
  • All
SlsProjectArn String No Yes The Alibaba Cloud Resource Name (ARN) of the Log Service project to which events are to be delivered. You must create a Logstore whose name starts with actiontrail_ followed by the trail name in the Log Service project.
SlsWriteRoleArn String No Yes The unique ARN of the role assumed by ActionTrail for delivering log files to the destination Log Service project. None.

Response parameters

Fn::GetAtt

Name: the name of the created trail.

Examples

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "RoleName": {
      "Type": "String",
      "MinLength": 1,
      "MaxLength": 64
    },
    "EventRW": {
      "Type": "String",
      "AllowedValues": [
        "Write",
        "Read",
        "All"
      ]
    },
    "SlsProjectName": {
      "Type": "String"
    },
    "OssKeyPrefix": {
      "Type": "String",
      "Default": ""
    },
    "OssBucketName": {
      "Type": "String"
    },
    "TrailName": {
      "Type": "String"
    }
  },
  "Resources": {
    "Role": {
      "Type": "ALIYUN::RAM::Role",
      "Properties": {
        "RoleName": {
          "Ref": "RoleName"
        },
        "Policies": [
          {
            "PolicyName": {
              "Fn::Sub": "ActionTrailPolicy-${ALIYUN::StackId}"
            },
            "PolicyDocument": {
              "Version": "1",
              "Statement": [
                {
                  "Action": [
                    "oss:GetBucketLocation",
                    "oss:ListObjects",
                    "oss:PutObject"
                  ],
                  "Resource": [
                    "*"
                  ],
                  "Effect": "Allow"
                },
                {
                  "Action": [
                    "log:PostLogStoreLogs",
                    "log:CreateLogstore",
                    "Log:GetLogstore"
                  ],
                  "Resource": [
                    "*"
                  ],
                  "Effect": "Allow"
                },
                {
                  "Action": [
                    "mns:PublishMessage"
                  ],
                  "Resource": [
                    "*"
                  ],
                  "Effect": "Allow"
                }
              ]
            }
          }
        ],
        "AssumeRolePolicyDocument": {
          "Version": "1",
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "actiontrail.aliyuncs.com"
                ]
              }
            }
          ]
        }
      }
    },
    "Bucket": {
      "Type": "ALIYUN::OSS::Bucket",
      "Properties": {
        "AccessControl": "private",
        "BucketName": {
          "Ref": "OssBucketName"
        },
        "DeletionForce": true
      }
    },
    "SlsProject": {
      "Type": "ALIYUN::SLS::Project",
      "Properties": {
        "Name": {
          "Ref": "SlsProjectName"
        }
      }
    },
    "SlsLogStore": {
      "Type": "ALIYUN::SLS::Logstore",
      "DependsOn": "SlsProject",
      "Properties": {
        "LogstoreName": {
          "Fn::Sub": "actiontrail_${TrailName}"
        },
        "PreserveStorage": true,
        "ProjectName": {
          "Fn::GetAtt": [
            "SlsProject",
            "Name"
          ]
        },
        "AppendMeta": true,
        "MaxSplitShard": 64,
        "AutoSplit": true,
        "EnableTracking": false,
        "ShardCount": 2
      }
    },
    "Trail": {
      "DependsOn": [
        "Role",
        "Bucket",
        "SlsLogStore"
      ],
      "Type": "ALIYUN::ACTIONTRAIL::Trail",
      "Properties": {
        "SlsProjectArn": {
          "Fn::Sub": "acs:log:${ALIYUN::Region}::project/${SlsProjectName}"
        },
        "RoleName": {
          "Fn::GetAtt": [
            "Role",
            "RoleName"
          ]
        },
        "EventRW": {
          "Ref": "EventRW"
        },
        "OssKeyPrefix": {
          "Ref": "OssKeyPrefix"
        },
        "OssBucketName": {
          "Fn::GetAtt": [
            "Bucket",
            "Name"
          ]
        },
        "SlsWriteRoleArn": {
          "Fn::Sub": "acs:ram::${ALIYUN::TenantId}:role/${Role.RoleName}"
        },
        "Name": {
          "Ref": "TrailName"
        }
      }
    },
    "TrailLogging": {
      "Type": "ALIYUN::ACTIONTRAIL::TrailLogging",
      "Properties": {
        "Name": {
          "Fn::GetAtt": [
            "Trail",
            "Name"
          ]
        },
        "Enable": {
          "Ref": "Enable"
        }
      }
    }
  },
  "Outputs": {
    "Name": {
      "Value": {
        "Fn::GetAtt": [
          "Trail",
          "Name"
        ]
      }
    }
  }
}

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  RoleName:
    Type: String
    MinLength: 1
    MaxLength: 64
  EventRW:
    Type: String
    AllowedValues:
      - Write
      - Read
      - All
  SlsProjectName:
    Type: String
  OssKeyPrefix:
    Type: String
    Default: ''
  OssBucketName:
    Type: String
  TrailName:
    Type: String
Resources:
  Role:
    Type: 'ALIYUN::RAM::Role'
    Properties:
      RoleName:
        Ref: RoleName
      Policies:
        - PolicyName:
            'Fn::Sub': 'ActionTrailPolicy-${ALIYUN::StackId}'
          PolicyDocument:
            Version: '1'
            Statement:
              - Action:
                  - 'oss:GetBucketLocation'
                  - 'oss:ListObjects'
                  - 'oss:PutObject'
                Resource:
                  - '*'
                Effect: Allow
              - Action:
                  - 'log:PostLogStoreLogs'
                  - 'log:CreateLogstore'
                  - 'Log:GetLogstore'
                Resource:
                  - '*'
                Effect: Allow
              - Action:
                  - 'mns:PublishMessage'
                Resource:
                  - '*'
                Effect: Allow
      AssumeRolePolicyDocument:
        Version: '1'
        Statement:
          - Action: 'sts:AssumeRole'
            Effect: Allow
            Principal:
              Service:
                - actiontrail.aliyuncs.com
  Bucket:
    Type: 'ALIYUN::OSS::Bucket'
    Properties:
      AccessControl: private
      BucketName:
        Ref: OssBucketName
      DeletionForce: true
  SlsProject:
    Type: 'ALIYUN::SLS::Project'
    Properties:
      Name:
        Ref: SlsProjectName
  SlsLogStore:
    Type: 'ALIYUN::SLS::Logstore'
    DependsOn: SlsProject
    Properties:
      LogstoreName:
        'Fn::Sub': 'actiontrail_${TrailName}'
      PreserveStorage: true
      ProjectName:
        'Fn::GetAtt':
          - SlsProject
          - Name
      AppendMeta: true
      MaxSplitShard: 64
      AutoSplit: true
      EnableTracking: false
      ShardCount: 2
  Trail:
    DependsOn:
      - Role
      - Bucket
      - SlsLogStore
    Type: 'ALIYUN::ACTIONTRAIL::Trail'
    Properties:
      SlsProjectArn:
        'Fn::Sub': 'acs:log:${ALIYUN::Region}::project/${SlsProjectName}'
      RoleName:
        'Fn::GetAtt':
          - Role
          - RoleName
      EventRW:
        Ref: EventRW
      OssKeyPrefix:
        Ref: OssKeyPrefix
      OssBucketName:
        'Fn::GetAtt':
          - Bucket
          - Name
      SlsWriteRoleArn:
        'Fn::Sub': 'acs:ram::${ALIYUN::TenantId}:role/${Role.RoleName}'
      Name:
        Ref: TrailName
  TrailLogging:
    Type: 'ALIYUN::ACTIONTRAIL::TrailLogging'
    Properties:
      Name:
        'Fn::GetAtt':
          - Trail
          - Name
      Enable:
        Ref: Enable
Outputs:
  Name:
    Value:
      'Fn::GetAtt':
        - Trail
        - Name