Creates a trail.

You can create a trail to deliver events to Log Service, Object Storage Service (OSS), or both. Before you call this operation to create a trail, make sure that the following requirements are met:

  • Deliver events to Log Service: A project and a Logstore are created in Log Service. The Logstore is named in the format of actiontrail_<Trail name>. For example, if you want to create a trail named audit, name your Logstore as actiontrail_audit.
    Note We recommend that you create indexes in Log Service in advance to facilitate the queries of events delivered to Log Service.
  • Deliver events to OSS: A bucket is created in OSS. For more information, see Create buckets.

This topic shows you how to create a sample single-account trail named trail-test and configure the trail to deliver events to a sample OSS bucket named auditB.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateTrail

The operation that you want to perform. Set the value to CreateTrail.

Name String Yes trail-test

The name of the trail to be created.

The name must be 6 to 36 characters in length. It must start with a letter and can contain letters, digits, hyphens (-), and underscores (_).

Note The name must be unique within your Alibaba Cloud account.
OssBucketName String No auditB

The name of the OSS bucket to which events are to be delivered.

The name must be 3 to 63 characters in length. It must start with a lowercase letter or a digit and can contain lowercase letters, digits, and hyphens (-).

Note You must specify at least one of the OssBucketName and SlsProjectArn parameters.
OssKeyPrefix String No at-product-account-audit-B

The prefix of the log files to be stored in the destination OSS bucket.

The prefix must be 6 to 32 characters in length. It must start with a letter and can contain letters, digits, hyphens (-), forward slashes (/), and underscores (_).

RoleName String No aliyunserviceroleforactiontrail

The service-linked role assumed by ActionTrail. Default value: aliyunserviceroleforactiontrail.

SlsProjectArn String No acs:log:cn-shanghai::project/***

The Alibaba Cloud Resource Name (ARN) of the Log Service project to which events are to be delivered.

Note You must specify at least one of the OssBucketName and SlsProjectArn parameters.
SlsWriteRoleArn String No acs:ram::***:role/aliyunserviceroleforactiontrail

The ARN of the service-linked role that is assumed by ActionTrail to deliver events to the destination Log Service project.

EventRW String No Write

The read/write type of the events to be delivered. Valid values:

  • Write: write events. It is the default value.
  • Read: read events.
  • All: read and write events.
TrailRegion String No All

The one or more regions from which the trail delivers events.

The default value is All, which indicates that the trail delivers events from all regions.

You can also specify specific regions. You can call the DescribeRegions operation to query all the supported regions.

MnsTopicArn String No acs:mns:cn-hangzhou:1111:/topics/your-topic-name

The ARN of the Message Service (MNS) topic to which ActionTrail sends messages. The ARN is in the format of acs:mns:<Region>:<Account ID>:/topics/<topicName>. If the ARN is specified, a message is generated and delivered to the MNS topic whenever an event is delivered to OSS.

IsOrganizationTrail Boolean No false

Specifies whether to create a multi-account trail. Valid values:

  • true: Create a multi-account trail.
  • false: Create a single-account trail. It is the default value.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
MnsTopicArn String acs:mns:cn-hangzhou:1111:/topics/your-topic-name

The ARN of the MNS topic to which ActionTrail sends messages.

SlsProjectArn String acs:log:cn-hangzhou:151266687691****:project/test-project

The ARN of the Log Service project to which events are to be delivered.

RoleName String aliyunserviceroleforactiontrail

The service-linked role assumed by ActionTrail.

EventRW String Write

The read/write type of the events to be delivered.

RequestId String 145318BE-DEE1-4C57-AA7C-5BE7D34A6AE0

The ID of the request.

HomeRegion String cn-hangzhou

The home region of the trail.

OssKeyPrefix String at-product-account-audit-B

The prefix of the log files to be stored in the destination OSS bucket.

OssBucketName String auditB

The name of the OSS bucket to which events are to be delivered.

SlsWriteRoleArn String acs:ram::***:role/aliyunserviceroleforactiontrail

The ARN of the service-linked role that is assumed by ActionTrail to deliver events to the destination Log Service project.

TrailRegion String All

The one or more regions from which the trail delivers events.

Name String trail-test

The name of the trail.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateTrail
&Name=trail-test
&OssBucketName=auditB
&<Common request parameters>

Sample success responses

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RoleName" : "aliyunserviceroleforactiontrail",
  "EventRW" : "Write",
  "RequestId" : "AB7A5AE1-EC3C-4C00-91B0-BE7BDEE354AE",
  "HomeRegion" : "cn-hangzhou",
  "OssBucketName" : "auditB",
  "TrailRegion" : "All",
  "Name" : "trail-test"
}

Error codes

HTTP status code Error code Error message Description
400 InvalidPrefixException The specified OSS bucket prefix is invalid. The error message returned because the log file prefix specified for the destination OSS bucket is invalid.
400 InvalidQueryParameter The specified query parameter is invalid. The error message returned because the specified request parameters are invalid.
400 InvalidTrailNameException The specified Trail name is invalid. The error message returned because the specified trail name is invalid. Modify the name based on the correct format.
400 TrailAlreadyExistsException The specified Trail name already exists. The error message returned because the specified trail name exists. Modify the name.
400 MaximumNumberOfOrganizationTrailExceeded Your account can create only one organization trail. The error message returned because a multi-account trail exists within your Alibaba Cloud account.
400 NotAllowCreateOrganizationTrail Your account does not allow you to create organization trail. Submit a ticket to get customer support. The error message returned because you cannot create a multi-account trail by using your Alibaba Cloud account. To resolve this issue, submit a ticket to contact the customer service team.
403 InsufficientSlsPolicyException Access to the specified Log Service project was denied. The error message returned because you are not authorized to access the specified Log Service project.
403 MaximumNumberOfTrailsExceededException The number of Trails in the same region exceeds the upper limit (5). The error message returned because you cannot create more than five trails in a region.

For a list of error codes, visit the API Error Center.