You can use ActionTrail to audit the operations of your team members. This helps your
team members comply with the terms of use of each Alibaba Cloud service. For example,
you can use ActionTrail to find the RAM user that performed a specific misoperation
at a specific point in time. This topic describes how to use ActionTrail to query
the events of NAT Gateway.
Background information
As the team manager, you have used an Alibaba Cloud account to create multiple RAM
users for your team members to use, and granted the RAM users the AdministratorAccess
permission.
When RAM user A queries the details of a NAT gateway, RAM user A notices that an extra
elastic IP address (EIP) is bound to the NAT gateway. However, because all the RAM
users have the AdministratorAccess permission, you cannot directly determine which
RAM user bound the EIP to the NAT gateway. In this case, you can use ActionTrail to
query the events and identify the RAM user that bound the EIP to the NAT gateway.

Note You can click an EIP to view information such as the ID of the EIP.
Procedure
- Log on to the ActionTrail console.
- In the top navigation bar, select the region where the EIP resides.
- In the left-side navigation pane, click .
- Select Resource Name from the drop-down list.
- Enter the ID of the EIP in the search box and click the
icon.
- Click the plus sign (+) next to the event to view detailed information.

Note The event information indicates that RAM user B bound the EIP to the NAT gateway at
16:24:56 on November 2, 2020, as shown in the preceding figure. This way, you can
determine that RAM user B bound the EIP to the NAT gateway of RAM user A.
- Optional. To view the event log, click Event Detail.