STS - ActionTrail event log reference| Alibaba Cloud Documentation Center

This topic provides several examples of event logs related to Security Token Service (STS).

A RAM user switches the role by calling an STS API operation in the console

{
    "apiVersion": "2015-04-01",
    "eventId": "64e9b93e-13da-4ea4-8b72-081069ff****",
    "eventName": "AssumeRole",
    "eventSource": "sts.aliyuncs.com",
    "eventTime": "2016-01-05T02:41:58Z",
    "eventType": "ApiCall",
    "eventVersion": "1",
    "recipientAccountId": "102440540619****",
    "requestId": "F678C471-BEAA-4DE4-B09E-FD7F5A5248E8",
    "requestParameters": {
        "RoleArn": "acs:ram::4****:role/ram-admin",
        "RoleSessionName": "l****"
    },
    "serviceName": "Sts",
    "sourceIpAddress": "42.120.XX.XX",
    "userAgent": "AliyunConsole",
    "userIdentity": {
        "type": "ram-user",
        "accountId": "102440540619****",
        "principalId": "24894915196108****",
"userName": "l****",
        "sessionContext": {
            "attributes": {
                "creationDate": "2016-01-05T02:41:58Z",
                "mfaAuthenticated": "true"
            }
        }
    }
}

A RAM user switches the role by using the STS SDK

{
    "apiVersion": "2015-04-01",
    "eventId": "23f2a6b5-c628-49bb-8dc9-8f976050****",
    "eventName": "AssumeRole",
    "eventSource": "sts.aliyuncs.com",
    "eventTime": "2016-01-05T02:41:58Z",
    "eventType": "ApiCall",
    "eventVersion": "1",
    "recipientAccountId": "102440540619****",
    "requestId": "8BE01A78-4026-4E7D-B4E1-95B0323E968E",
    "requestParameters": {
        "RoleArn": "acs:ram::4****:role/ram-admin",
        "RoleSessionName": "l****"
    },
    "serviceName": "Sts",
    "sourceIpAddress": "42.120.XX.XX",
    "userAgent": "aliyuncli/2.0.6",
    "userIdentity": {
        "type": "ram-user",
        "accountId": "102440540619****",
        "principalId": "24894915196108****",
        "accessKeyId": "55nCtAwmPLkk****",
        "userName": "l***"
    }
}