ActionTrail will apply an updated declaration format of resource types to the referencedResources field in event logs from 00:00:00 on August 26, 2020. After this change, additional information about resources will be recorded in event logs. This change does not affect the event logs that have been generated before the change or the existing fields in an event log.

Description

Before this change, the referencedResources field does not provide detailed information about the resources that a specific operation involves. For example, if you perform a specific operation on an Elastic Compute Service (ECS) instance, the referencedResources field in the event log of the operation is similar to the following example:

referencedResources: {
   Instance: ["i-bp1fadfadf****"]
}
The referencedResources field contains the following information:
  • Instance: indicates that the operation is performed on an instance.
  • InstanceId: the ID of the instance. In this example, the instance ID is recorded as i-bp1fadfadf****.

After this change, the referencedResources field in the event log for the same operation on the same ECS instance will be recorded in the following way:

referencedResources: {
   Instance: ["i-bp1fadfadf****"],
   "ACS::ECS::Instance": ["i-bp1fadfadf****"]
}
The referencedResources field contains the following information:
  • Instance: indicates that the operation is performed on an instance.
  • ACS::ECS::Instance: indicates that the operation is performed on an ECS instance.
  • InstanceId: the ID of the instance. In this example, the instance ID is recorded as i-bp1fadfadf****.

Reasons for the change

  • Before this change, the referencedResources field does not explicitly declare the types of resources involved in an event. In the preceding example, Instance does not indicate whether the involved resource is an ECS instance or an instance of another service.
  • Before this change, the referencedResources field makes an event search task less efficient. For example, if you specify Instance as a search condition without providing a specific service name, ActionTrail will return all events that are related to instances from all services.
  • After this change, the updated referencedResources field provides a service name that allows you to identify a specific resource of a specific type. For example, ACS::ECS::Instance indicates that the resource is an ECS instance, and ACS::ECS::Instance": ["InstanceID"] identifies a specific ECS instance.
  • After this change, the declaration format of resource types in ActionTrail event logs is consistent across Alibaba Cloud services.

Impacts

ActionTrail will only update the declaration format of resource types for the referencedResources field in event logs to add clarity. This change does not affect the event logs that have been generated before the change or the existing fields in an event log.

We apologize for any inconvenience caused by this change. We will speed up the upgrade and strive to provide you with more stable and robust audit services.