Before getting started, you must create a RAM user. For more information, see Create a RAM user.

Attach ActionTrail system policies to a group

The available system policies are as follows:

  • AliyunActionTrailReadOnlyAccess (read-only permission)
  • AliyunActionTrailFullAccess (full permission)

For more information about how to attach a policy, see Authorize RAM users.

Attach ActionTrail custom policies to a group

If the system policies cannot meet your requirements, you can create a custom policy. For more information, see (Optional) Create a custom policy. The following is a policy example of allowing requests from a specified IP range for performing ActionTrail read-only operations on all resources. The policy is as follows:

    "Version": "1",
    "Statement": [{
        "Effect": "Allow",
        "Action": [
        "Resource": "*",
            "IpAddress": {
                "acs:SourceIp": ""