ActionTrail allows you to create a trail to deliver events to Log Service or Object Storage Service (OSS). Terraform can help you automatically create a trail.

Prerequisites

Before you run Terraform, make sure that the following Alibaba Cloud services are activated:

  • Log Service
  • OSS
Note If the amount of used resources exceeds the free quota, Log Service or OSS charges you for the excess amount. For more information, see Billing overview and Overview.

Background information

Terraform is an open source tool for automated resource orchestration. It helps you automatically create, configure, and manage cloud resources. You can create a trail by using a Terraform template. For more information, see Alibaba Cloud Provider.

Create a trail

You can create a trail by using Terraform to deliver events to Log Service, OSS, or both. For more information about how to select a storage service, see Deliver events to specified Alibaba Cloud services.

To create a trail to deliver events to Log Service, you only need to deploy programs related to Log Service in Cloud Shell. This way, the trail can be automatically created.

  1. Visit Use Terraform to create a trail.
  2. In the dialog box that appears, click OK to clone code to Cloud Shell.
  3. Run the following command to go to the directory of the Terraform template that is used to create a trail:
    cd ~/tutorial-actiontrail-createdby-terraform/trail-sls
  4. Run the following command to load the Alibaba Cloud provider for Terraform:
    terraform init
  5. Run the following command to create a trail:
    terraform apply

    If the message Resources: X added is returned, the trail is created. In the message, X indicates the number of added resources. Sample code:

    Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
    
    Outputs:
    
    sls_project_id = [
      [
        "tutorial-terraform-actiontrail",
      ],
    ]
    trail_id = [
      [
        "tutorial-actiontrail",
      ],
    ]

To create a trail to deliver events to OSS, you only need to deploy programs related to OSS in Cloud Shell. This way, the trail can be automatically created.

  1. Visit Use Terraform to create a trail.
  2. In the dialog box that appears, click OK to clone code to Cloud Shell.
  3. Run the following command to go to the directory of the Terraform template that is used to create a trail:
    cd ~/tutorial-actiontrail-createdby-terraform/trail-oss
  4. Run the following command to load the Alibaba Cloud provider for Terraform:
    terraform init
  5. Run the following command to create a trail:
    terraform apply

    If the message Resources: X added is returned, the trail is created. In the message, X indicates the number of added resources. Sample code:

    Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
    
    Outputs:
    
    oss_bucket_id = [
      [
        "tutorial-terraform-actiontrail",
      ],
    ]
    trail_id = [
      [
        "tutorial-actiontrail",
      ],
    ]

To create a trail to deliver events to both Log Service and OSS, you only need to deploy programs related to Log Service and OSS in Cloud Shell. This way, the trail can be automatically created.

  1. Visit Use Terraform to create a trail.
  2. In the dialog box that appears, click OK to clone code to Cloud Shell.
  3. Run the following command to go to the directory of the Terraform template that is used to create a trail:
    cd ~/tutorial-actiontrail-createdby-terraform/trail
  4. Run the following command to load the Alibaba Cloud provider for Terraform:
    terraform init
  5. Run the following command to create a trail:
    terraform apply

    If the message Resources: X added is returned, the trail is created. In the message, X indicates the number of added resources. Sample code:

    Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
    
    Outputs:
    
    oss_bucket_id = [
      [
        "tutorial-terraform-actiontrail",
      ],
    ]
    sls_project_id = [
      [
        "tutorial-terraform-actiontrail",
      ],
    ]
    trail_id = [
      [
        "tutorial-actiontrail",
      ],
    ]

Delete resources (Optional)

After you use Terraform to create a trail, you can use the scenario-specific method to delete added resources.

To delete resources for a trail that delivers events only to Log Service, you only need to run the deletion command.

Run the following command to delete all the added resources:

terraform destroy

If the message Resources: X destroyed is returned, the resources are deleted. In the message, X indicates the number of deleted resources. Sample code:

Destroy complete! Resources: 3 destroyed.

To delete resources for a trail that delivers events only to OSS, you must disable logging for the trail, delete all objects from the OSS bucket, and then run the deletion command.

  1. Run the following command to disable logging for the trail:
    aliyun actiontrail StopLogging --region cn-hangzhou --Name your_trail_name

    Note: Replace your_trail_name with the name of the trail. In this example, the name of the trail is tutorial-actiontrail.

  2. Wait for 1 to 2 minutes and run the following command to delete all objects from the OSS bucket:
    aliyun oss rm oss://your_bucket_name -r --region cn-hangzhou

    Note: Replace your_bucket_name with the name of the OSS bucket. In this example, the name of the OSS bucket is tutorial-terraform-actiontrail.

  3. Run the following command to delete all the added resources:
    terraform destroy

    If the message Resources: X destroyed is returned, the resources are deleted. In the message, X indicates the number of deleted resources. Sample code:

    Destroy complete! Resources: 2 destroyed.

To delete resources for a trail that delivers events to both Log Service and OSS, you must disable logging for the trail, delete all objects from the OSS bucket, and then run the deletion command.

  1. Run the following command to disable logging for the trail:
    aliyun actiontrail StopLogging --region cn-hangzhou --Name your_trail_name

    Note: Replace your_trail_name with the name of the trail. In this example, the name of the trail is tutorial-actiontrail.

  2. Wait for 1 to 2 minutes and run the following command to delete all objects from the OSS bucket:
    aliyun oss rm oss://your_bucket_name -r --region cn-hangzhou

    Note: Replace your_bucket_name with the name of the OSS bucket. In this example, the name of the OSS bucket is tutorial-terraform-actiontrail.

  3. Run the following command to delete all the added resources:
    terraform destroy

    If the message Resources: X destroyed is returned, the resources are deleted. In the message, X indicates the number of deleted resources. Sample code:

    Destroy complete! Resources: 3 destroyed.

Terraform template parameters

When you modify the code in Terraform, you can modify the Terraform template based on the parameters described in the following table. For example, you can set the event_rw parameter to Write to track only write events.

Parameter Description
trail_name The name of the trail.
event_rw The type of the events to be delivered. Valid values:
  • Read: indicates read events. A read event occurs when the information about cloud resources is read.
  • Write: indicates write events. A write event occurs when cloud resources are added, deleted, or modified.
  • All: indicates both read and write events.
oss_bucket_name The name of the OSS bucket.
Note You must specify at least one of the oss_bucket_name and sls_project_arn parameters.
oss_key_prefix The prefix of an event log file in the OSS bucket. By default, this parameter is not specified.
role_name The name of the RAM role that ActionTrail is allowed to assume. Default value: aliyunserviceroleforactiontrail. ActionTrail assumes this role to deliver events to your storage service.

If this role does not exist, the system automatically creates one. For more information, see Manage the service linked role.

sls_project_arn The Alibaba Cloud Resource Name (ARN) of the Log Service project. Format: acs:log:<region_id>:<account_id>:project/<project_name>.
Note You must specify at least one of the oss_bucket_name and sls_project_arn parameters.
sls_write_role_arn The ARN of the Log Service role. Format: acs:ram::<account_id>:role/<role_name>. ActionTrail assumes this role to deliver events to a specified Log Service Logstore. By default, the service-linked role is used.
trail_region The region to which the trail is applied. Default value: All. By default, the trail can track events in all regions.

You can also set the region_id parameter to specify regions. Separate multiple regions with commas (,), such as cn-beijing,cn-hangzhou.

mns_topic_arn The ARN of the MNS topic. If you set this parameter, ActionTrail sends a message to the MNS topic after the trail delivers events to OSS.
status The status of the trail. Valid values:
  • Enable: enables logging for the trail. This is the default value.
  • Disable: disables logging for the trail.