Updates the configuration of a trail.

This topic shows you how to change the destination Object Storage Service (OSS) bucket of a sample trail named trail-test to audit-log.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes UpdateTrail

The operation that you want to perform. Set the value to UpdateTrail.

Name String Yes trail-test

The name of the trail for which you want to update the configuration.

The name must be 6 to 36 characters in length. The name must start with a lowercase letter and can contain lowercase letters, digits, hyphens (-), and underscores (_).

Note The name must be unique within your Alibaba Cloud account.
OssBucketName String No audit-log

The name of the OSS bucket to which events are to be delivered.

The name must be 3 to 63 characters in length. The name must start with a lowercase letter or a digit and can contain lowercase letters, digits, and hyphens (-).

Note Make sure that the bucket exists before you update the configuration of the trail.
OssKeyPrefix String No at-product-account-audit-B

The prefix of the log files to be stored in the destination OSS bucket.

The prefix must be 6 to 32 characters in length. The prefix must start with a letter and can contain letters, digits, hyphens (-), forward slashes (/), and underscores (_).

RoleName String No aliyunserviceroleforactiontrail

The RAM role that ActionTrail is allowed to assume. Default value: aliyunserviceroleforactiontrail.

SlsProjectArn String No acs:log:cn-hangzhou:159498693826****:project/trail-test

The Alibaba Cloud Resource Name (ARN) of the Log Service project to which events are to be delivered.

SlsWriteRoleArn String No acs:ram::159498693826****:role/aliyunserviceroleforactiontrail

The ARN of the service-linked role that is assumed by ActionTrail to deliver events to the destination Log Service project.

  • If you do not specify this parameter, ActionTrail creates a service-linked role to create the corresponding resource. For more information, see Manage the service-linked role.
  • If you specify this parameter, you must grant the permissions of the service-linked role that is assumed by ActionTrail to the RAM role before you can deliver events to your Alibaba Cloud account. If you need to deliver events to other Alibaba Cloud accounts, you must attach the permission policy that is used to grant permissions related to event delivery to the RAM role. For more information about how to deliver events across Alibaba Cloud accounts, see Aggregate events across Alibaba Cloud accounts.
EventRW String No All

The read/write type of the events to be delivered. Valid values:

  • Write: write events. It is the default value.
  • Read: read events.
  • All: read and write events.
TrailRegion String No All

The one or more regions from which the trail delivers events.

The default value is All, which indicates that the trail delivers events from all regions.

You can also specify specific regions. You can call the DescribeRegions operation to query all the supported regions.

MnsTopicArn String No acs:mns:cn-hangzhou:1111:/topics/your-topic-name

The ARN of the Message Service (MNS) topic to which ActionTrail sends messages. The ARN is in the format of acs:mns:<Region>:<Account ID>:/topics/<Topic name>. If the ARN is specified, a message is generated and delivered to the MNS topic whenever an event is delivered to OSS.

Response parameters

Parameter Type Example Description
MnsTopicArn String acs:mns:cn-hangzhou:1111:/topics/your-topic-name

The ARN of the MNS topic to which ActionTrail sends messages.

SlsProjectArn String acs:log:cn-hangzhou:159498693826****:project/trail-test

The ARN of the Log Service project to which events are to be delivered.

RoleName String aliyunserviceroleforactiontrail

The RAM role that ActionTrail is allowed to assume.

EventRW String All

The read/write type of the events to be delivered.

RequestId String 145318BE-DEE1-4C57-AA7C-5BE7D34A6AE0

The ID of the request.

HomeRegion String cn-hangzhou

The home region of the trail.

OssKeyPrefix String at-product-account-audit-B

The prefix of the log files to be stored in the destination OSS bucket.

OssBucketName String audit-log

The name of the OSS bucket to which events are to be delivered.

SlsWriteRoleArn String acs:ram::159498693826****:role/aliyunserviceroleforactiontrail

The ARN of the service-linked role that is assumed by ActionTrail to deliver events to the destination Log Service project.

TrailRegion String All

The one or more regions from which the trail delivers events.

Name String trail-test

The name of the trail.

Examples

Sample requests

http(s)://[Endpoint]/?Action=UpdateTrail
&Name=trail-test
&OssBucketName=audit-log
&<Common request parameters>

Sample success responses

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "SlsProjectArn" : "acs:log:cn-hangzhou:159498693826****:project/trail-test",
  "RoleName" : "aliyunserviceroleforactiontrail",
  "EventRW" : "All",
  "RequestId" : "145318BE-DEE1-4C57-AA7C-5BE7D34A6AE0",
  "HomeRegion" : "cn-hangzhou",
  "OssBucketName" : "audit-log",
  "SlsWriteRoleArn" : "acs:ram::159498693826****:role/aliyunserviceroleforactiontrail",
  "TrailRegion" : "All",
  "Name" : "trail-test"
}

Error codes

HTTP status code Error code Error message Description
400 IncompleteSignature The request signature does not conform to Alibaba Cloud standards. The error message returned because the request signature that is calculated by Alibaba Cloud does not match the signature that you provided. Check whether the AccessKey ID and AccessKey secret are valid and whether the signature method is appropriate. For more information, see Signature method.
400 InvalidPrefixException The specified OSS bucket prefix is invalid. The error message returned because the log file prefix specified for the destination OSS bucket is invalid.
403 InsufficientSlsPolicyException Access to the specified Log Service project was denied. The error message returned because you are not authorized to access the specified Log Service project.
404 TrailNotFoundException The specified Trail does not exist. The error message returned because the specified trail does not exist.

For a list of error codes, visit the API Error Center.