A RAM user can call the AssumeRole operation to assume a RAM role whose specified trusted entity is an Alibaba Cloud account. This topic provides the log of a sample event in which a RAM user assumed a RAM role and describes the key fields involved in the event log.

Example

In the following example, a RAM user named Alice whose ID is 23890260100229**** called the AssumeRole operation at 11:42:19 on August 2, 2021, UTC+8. The custom-role-for-actiontrail RAM role that belongs to the Alibaba Cloud account whose ID is 159498693826**** was assumed by the RAM user.

{
  "eventId": "2546c4b7-6b56-403e-97d3-500d8d29339a",
  "eventVersion": 1,
  "responseElements": {
    "requestId": "2546c4b7-6b56-403e-97d3-500d8d29339a",
    "assumedRoleUser": {
      "arn": "acs:ram::159498693826****:role/custom-role-for-actiontrail/Alice",
      "assumedRoleId": "39484351102463****:Alice"
    },
    "credentials": {
      "accessKeyId": "STS.NUQNP4PiGyckMsNiGELCs****",
      "accessKeySecret": "Ss7sq2j0ZoJujZnmVgXcu6QT9e****",
      "expiration": "2021-08-02T04:42:19Z"
    }
  },
  "eventSource": "sts.aliyuncs.com",
  "requestParameters": {
    "AcsHost": "sts.aliyuncs.com",
    "AcsProduct": "Sts",
    "RequestId": "2546c4b7-6b56-403e-97d3-500d8d29339a",
    "RoleSessionName": "Alice",
    "DurationSeconds": 3600,
    "HostId": "sts.aliyuncs.com",
    "RoleArn": "acs:ram::159498693826****:role/custom-role-for-actiontrail"
  },
  "sourceIpAddress": "192.168.XX.XX",
  "userAgent": "Jakarta Commons-HttpClient/3.1",
  "eventType": "ApiCall",
  "referencedResources": {
    "ACS::RAM::AccessKey": [
      "STS.NUQNP4PiGyckMsNiGELCs****"
    ]
  },
  "userIdentity": {
    "sessionContext": {
      "attributes": {
        "mfaAuthenticated": "false",
        "creationDate": "2021-08-02T03:42:19Z"
      }
    },
    "accountId": "159498693826****",
    "principalId": "23890260100229****",
    "type": "ram-user",
    "userName": "Alice"
  },
  "serviceName": "Sts",
  "additionalEventData": {
    "Scheme": "https",
    "CallerBid": "26842"
  },
  "apiVersion": "2015-04-01",
  "requestId": "2546c4b7-6b56-403e-97d3-500d8d29339a",
  "eventTime": "2021-08-02T03:42:19Z",
  "isGlobal": false,
  "acsRegion": "cn-shanghai",
  "eventName": "AssumeRole"
}

The preceding example contains the following key fields:

  • userIdentity.accountId: the ID of the Alibaba Cloud account of the requester. The value in the example is 159498693826****, which indicates the ID of the Alibaba Cloud account to which the RAM user belongs.
  • userIdentity.principalId: the ID of the RAM user that assumed the RAM role.
  • userIdentity.type: the identity type of the requester. The value in the example is ram-user, which indicates that the RAM user initiated a request to assume the RAM role.
  • userIdentity.userName: the username of the requester. The value in the example is Alice.
  • userIdentity.attributes.creationDate: the time when the event occurred, in UTC. The value in the example is 2021-08-02T03:42:19Z, which indicates that the event occurred at 11:42:19 on August 2, 2021, UTC+8.
  • requestParameters.RoleArn: the Alibaba Cloud Resource Name (ARN) of the RAM role that was assumed by the RAM user. The value in the example is acs:ram::159498693826****:role/custom-role-for-actiontrail. 159498693826**** indicates the ID of the Alibaba Cloud account to which the RAM role belongs. custom-role-for-actiontrail indicates the name of the RAM role.
  • responseElements.assumedRoleUser.assumedRoleId: the ID of the dedicated role that the Alice RAM user assumes to perform subsequent operations. The value is in the format of {roleId}:{sessionName}. roleId indicates the ID of the original RAM role. sessionName indicates the name dedicated for the RAM role when it was assumed by the RAM user. The value in the example is 39484351102463****:Alice. 39484351102463**** represents the ID of the original RAM role. Alice represents the name dedicated for the RAM role during the role assuming.
  • referencedResources: the resource that is required to assume the RAM role. The value in the example is { "ACS::RAM::AccessKey": [ "STS.NUQNP4PiGyckMsNiGELCs****"]}, which indicates the temporary Security Token Service (STS) token obtained by the RAM user.