A RAM user can call the AssumeRole operation to assume a RAM role whose specified trusted entity is an Alibaba Cloud account. This topic provides the log of a sample event in which a RAM user assumed a RAM role and describes the key fields involved in the event log.
Example
In the following example, a RAM user named Alice whose ID is 23890260100229**** called the AssumeRole operation at 11:42:19 on August 2, 2021, UTC+8. The custom-role-for-actiontrail RAM role that belongs to the Alibaba Cloud account whose ID is 159498693826**** was assumed by the RAM user.
{
"eventId": "2546c4b7-6b56-403e-97d3-500d8d29339a",
"eventVersion": 1,
"responseElements": {
"requestId": "2546c4b7-6b56-403e-97d3-500d8d29339a",
"assumedRoleUser": {
"arn": "acs:ram::159498693826****:role/custom-role-for-actiontrail/Alice",
"assumedRoleId": "39484351102463****:Alice"
},
"credentials": {
"accessKeyId": "STS.NUQNP4PiGyckMsNiGELCs****",
"accessKeySecret": "Ss7sq2j0ZoJujZnmVgXcu6QT9e****",
"expiration": "2021-08-02T04:42:19Z"
}
},
"eventSource": "sts.aliyuncs.com",
"requestParameters": {
"AcsHost": "sts.aliyuncs.com",
"AcsProduct": "Sts",
"RequestId": "2546c4b7-6b56-403e-97d3-500d8d29339a",
"RoleSessionName": "Alice",
"DurationSeconds": 3600,
"HostId": "sts.aliyuncs.com",
"RoleArn": "acs:ram::159498693826****:role/custom-role-for-actiontrail"
},
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "Jakarta Commons-HttpClient/3.1",
"eventType": "ApiCall",
"referencedResources": {
"ACS::RAM::AccessKey": [
"STS.NUQNP4PiGyckMsNiGELCs****"
]
},
"userIdentity": {
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-08-02T03:42:19Z"
}
},
"accountId": "159498693826****",
"principalId": "23890260100229****",
"type": "ram-user",
"userName": "Alice"
},
"serviceName": "Sts",
"additionalEventData": {
"Scheme": "https",
"CallerBid": "26842"
},
"apiVersion": "2015-04-01",
"requestId": "2546c4b7-6b56-403e-97d3-500d8d29339a",
"eventTime": "2021-08-02T03:42:19Z",
"isGlobal": false,
"acsRegion": "cn-shanghai",
"eventName": "AssumeRole"
}The preceding example contains the following key fields:
userIdentity.accountId: the ID of the Alibaba Cloud account of the requester. The value in the example is159498693826****, which indicates the ID of the Alibaba Cloud account to which the RAM user belongs.userIdentity.principalId: the ID of the RAM user that assumed the RAM role.userIdentity.type: the identity type of the requester. The value in the example isram-user, which indicates that the RAM user initiated a request to assume the RAM role.userIdentity.userName: the username of the requester. The value in the example isAlice.userIdentity.attributes.creationDate: the time when the event occurred, in UTC. The value in the example is2021-08-02T03:42:19Z, which indicates that the event occurred at 11:42:19 on August 2, 2021, UTC+8.requestParameters.RoleArn: the Alibaba Cloud Resource Name (ARN) of the RAM role that was assumed by the RAM user. The value in the example isacs:ram::159498693826****:role/custom-role-for-actiontrail.159498693826****indicates the ID of the Alibaba Cloud account to which the RAM role belongs.custom-role-for-actiontrailindicates the name of the RAM role.responseElements.assumedRoleUser.assumedRoleId: the unique identifier of the RAM role when the role is being assumed by the current RAM user. The value is in the format of{roleId}:{sessionName}.roleIdindicates the ID of the original RAM role.sessionNameindicates the name dedicated for the RAM role when it was assumed by the RAM user. The value in the example is39484351102463****:Alice.39484351102463****represents the ID of the original RAM role.Alicerepresents the name dedicated for the RAM role during the role assuming.referencedResources: the resource that is required to assume the RAM role. The value in the example is{ "ACS::RAM::AccessKey": [ "STS.NUQNP4PiGyckMsNiGELCs****"]}, which indicates the temporary Security Token Service (STS) token obtained by the RAM user.