You can use ActionTrail to audit the operations of your team members. This helps your team members comply with the terms of use of each Alibaba Cloud service. For example, you can use ActionTrail to find the RAM user that performed a specific misoperation at a specific point in time. This topic describes how to use ActionTrail to query the event logs of NAT Gateway.

Background information

As the team manager, you have used an Alibaba Cloud account to create multiple RAM users for your team members to use, and granted the RAM users the AdministratorAccess permission.

When RAM User A queries the event logs of NAT Gateway, RAM User A notices that an elastic IP address (EIP) is bound to the NAT gateway of RAM User A. However, because all the RAM users have the AdministratorAccess permission, you cannot directly determine which RAM user bound the EIP to the NAT gateway. In this case, you can use ActionTrail to query the details of event logs and identify the RAM user that bound the EIP to the NAT gateway.NAT
Note You can click an EIP to view information such as the ID of the EIP.

Procedure

  1. Log on to the ActionTrail console.
  2. In the top navigation bar, select the region where the EIP resides.
  3. In the left-side navigation pane, choose ActionTrail > Query Event Details.
  4. Select Resource Name from the drop-down list.
    resource name
  5. Enter the ID of the EIP in the search box and click the search icon.
  6. Click the plus sign (+) next to the event log to query detailed information.
    event
    Note The event log indicates that RAM User B bound the EIP to the NAT gateway at 16:24:56 on November 2, 2020, as shown in the preceding figure. This way, you can determine that RAM User B bound the EIP to the NAT gateway of RAM User A.
  7. Optional. Query the code of the event log. For more information, see View Event.