ActionTrail will apply updated resource types to the referencedResources field in event logs related to Resource Manager after 00:00:00 on February 28, 2021. This change may affect the monitoring on these event logs.
If you use Resource Manager to manage RAM roles, policies, and policy versions, or attach a policy to a RAM role, take note of the changes of the resource types in the referencedResources field, as described in the following table.
|Operation||Before this change||After this change|
|Manage RAM roles.||ACS::ResourceManager::Role||ACS::RAM::Role|
|Manage policy versions.||ACS::ResourceManager::PolicyVersion||ACS::RAM::PolicyVersion|
|Attach a policy to a RAM role.||ACS::ResourceManager::PolicyAttachment||ACS::RAM::PolicyAttachment|
Resource Manager allows you to manage resources of Resource Access Management (RAM). In this case, the service to which the four resource types belong is changed from Resource Manager to RAM in the referencedResources field.
This change unifies the resource types in event logs related to Resource Manager and RAM. This helps you query all event logs related to a RAM resource type at a time. Assume that you can log on to the ActionTrail console, go to the Event Detail Query page, select Resource Type from the drop-down list, and then enter ACS::RAM::Role in the search box. Before this change, you can query only the event logs of RAM role-related operations that are performed in the RAM console or by calling API operations. After this change, you can query the event logs of all RAM role-related operations.
This change will affect the declaration format of resource types in the referencedResources field of an event log on the Event Detail page, as shown in the following figure. ACS::RAM::Role indicates the resource type in the event log.
Before this change: You must continuously collect and monitor event logs that are generated when you use Resource Manager to manage RAM roles, policies, and policy versions, or attach a policy to a RAM role. Then, you can query these event logs based on the resource types in the referencedResources field to obtain the changes of RAM roles and policies in the cloud in real time.
After this change: You can query all event logs of RAM roles and policies in the cloud based on the following four resource types: ACS::RAM::Role, ACS::RAM::Policy, ACS::RAM::PolicyVersion, and RAM::PolicyAttachment.