You can use ActionTrail to audit the operations of your team members. This helps your team members comply with the terms of use of each Alibaba Cloud service. For example, you can use ActionTrail to find the RAM user that performed a specific misoperation at a specific point in time. This topic describes how to use ActionTrail to query the events of NAT Gateway.

Background information

As the team manager, you have used an Alibaba Cloud account to create multiple RAM users for your team members to use, and granted the RAM users the AdministratorAccess permission.

When RAM user A queries the details of a NAT gateway, RAM user A notices that an extra elastic IP address (EIP) is bound to the NAT gateway. However, because all the RAM users have the AdministratorAccess permission, you cannot directly determine which RAM user bound the EIP to the NAT gateway. In this case, you can use ActionTrail to query the events and identify the RAM user that bound the EIP to the NAT gateway. NAT
Note You can click an EIP to view information such as the ID of the EIP.

Procedure

  1. Log on to the ActionTrail console.
  2. In the top navigation bar, select the region where the EIP resides.
  3. In the left-side navigation pane, click Event Detail Query.
  4. Select Resource Name from the drop-down list.
    resource name
  5. Enter the ID of the EIP in the search box and click the search icon.
  6. Click the plus sign (+) next to the event to view detailed information.
    event
    Note The event information indicates that RAM user B bound the EIP to the NAT gateway at 16:24:56 on November 2, 2020, as shown in the preceding figure. This way, you can determine that RAM user B bound the EIP to the NAT gateway of RAM user A.
  7. Optional. To view the event log, click Event Detail.