All Products
Search
Document Center

ActionTrail:UpdateTrail

Last Updated:Sep 30, 2024

Updates the configurations of a trail.

Operation description

This topic shows you how to change the destination Object Storage Service (OSS) bucket of a sample trail named trail-test to audit-log.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
actiontrail:UpdateTrailupdate
  • All Resources
    *
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
NamestringYes

The name of the trail whose configurations you want to update.

The name must be 6 to 36 characters in length and can contain lowercase letters, digits, hyphens (-), and underscores (_). It must start with a lowercase letter.

Note The name must be unique within an Alibaba Cloud account.
trail-test
OssBucketNamestringNo

The name of the Object Storage Service (OSS) bucket to which you want to deliver events.

The name must be 3 to 63 characters in length. The name must start with a lowercase letter or a digit and can contain lowercase letters, digits, and hyphens (-).

Note Make sure that the bucket exists before you update the configuration of the trail.
audit-log
OssKeyPrefixstringNo

The prefix of the files that are stored in the OSS bucket.

The prefix must be 6 to 32 characters in length. The prefix must start with a letter and can contain letters, digits, hyphens (-), forward slashes (/), and underscores (_).

at-product-account-audit-B
OssWriteRoleArnstringNo

The Alibaba Cloud Resource Name (ARN) of the RAM role that is assumed by ActionTrail to deliver events to the OSS bucket.

  • If you do not specify this parameter, ActionTrail creates a service-linked role to create the required resources. For more information, see Manage the service-linked role.
  • If you specify this parameter, you must grant the permissions of the service-linked role that is assumed by ActionTrail to the RAM role before you can deliver events to your Alibaba Cloud account. If you need to deliver events to other Alibaba Cloud accounts, you must attach the permission policy that is used to grant permissions related to event delivery to the RAM role. For more information about how to deliver events across Alibaba Cloud accounts, see Deliver events across Alibaba Cloud accounts.
acs:ram::***:role/aliyunserviceroleforactiontrail
SlsProjectArnstringNo

The ARN of the Log Service project to which you want to deliver events.

acs:log:cn-shanghai::project/***
SlsWriteRoleArnstringNo

The ARN of the RAM role that is assumed by ActionTrail to deliver events to the Log Service project.

  • If you do not specify this parameter, ActionTrail creates a service-linked role to create the corresponding resource. For more information, see Manage the service-linked role.
  • If you specify this parameter, you must grant the permissions of the service-linked role that is assumed by ActionTrail to the RAM role before you can deliver events to your Alibaba Cloud account. If you need to deliver events to other Alibaba Cloud accounts, you must attach the permission policy that is used to grant permissions related to event delivery to the RAM role. For more information about how to deliver events across Alibaba Cloud accounts, see Deliver events across Alibaba Cloud accounts.
acs:ram::***:role/aliyunserviceroleforactiontrail
EventRWstringNo

The read/write type of the events to be delivered. Valid values:

  • Write: write events. It is the default value.
  • Read: read events.
  • All: read and write events.
All
TrailRegionstringNo

The region of the trail.

  • The default value is All, which indicates that the trail delivers events from all regions.

You can also specify specific regions. You can call the DescribeRegions operation to query all the supported regions.

All

For more information about common request parameters, see Common parameters.

Response parameters

ParameterTypeDescriptionExample
object
SlsProjectArnstring

The ARN of the Log Service project to which events are to be delivered.

acs:log:cn-hangzhou:151266687691****:project/test-project
OssWriteRoleArnstring

The ARN of the RAM role that is assumed by ActionTrail to deliver events to the OSS bucket.

acs:ram::***:role/aliyunserviceroleforactiontrail
EventRWstring

The read/write type of the events to be delivered.

Write
RequestIdstring

The ID of the request.

2599A180-5236-44D8-9490-50B6F4F8BA35
HomeRegionstring

The home region of the trail.

cn-hangzhou
OssKeyPrefixstring

The prefix of the log files to be stored in the destination OSS bucket.

at-product-account-audit-B
OssBucketNamestring

The name of the OSS bucket.

audit-log
SlsWriteRoleArnstring

The ARN of the RAM role that is assumed by ActionTrail is to deliver events to the Log Service project.

acs:ram::***:role/aliyunserviceroleforactiontrail
TrailRegionstring

The one or more regions from which the trail delivers events.

All
Namestring

The name of the trail.

trail-test

Examples

Sample success responses

JSONformat

{
  "SlsProjectArn": "acs:log:cn-hangzhou:151266687691****:project/test-project",
  "OssWriteRoleArn": "acs:ram::***:role/aliyunserviceroleforactiontrail",
  "EventRW": "Write",
  "RequestId": "2599A180-5236-44D8-9490-50B6F4F8BA35",
  "HomeRegion": "cn-hangzhou",
  "OssKeyPrefix": "at-product-account-audit-B",
  "OssBucketName": "audit-log",
  "SlsWriteRoleArn": "acs:ram::***:role/aliyunserviceroleforactiontrail",
  "TrailRegion": "All",
  "Name": "trail-test"
}

Error codes

HTTP status codeError codeError messageDescription
400RepeatOssBucketThe specified OSS bucket is already in use. We recommend that you modify the existing Trail or specify another bucket.The specified OSS Bucket is already in used,.We recommend that you modify the tracking area in that Trail.
400SlsProjectDoesNotExistExceptionThe specified Log Service project does not exist.The specified SLS Project is not existed.
400IncompleteSignatureThe request signature does not conform to Alibaba Cloud standards.The request signature does not conform to Alibaba Cloud standards.
400InvalidDeliveryConfigurationExceptionYou must specify at least one Log Service project or OSS bucket for a Trail.Trail must have at least one delivery destination
400InvalidPrefixExceptionThe specified OSS bucket prefix is invalid.The specified OSS bucket prefix is not valid.
403InsufficientBucketPolicyExceptionAccess to the specified OSS bucket was denied.Access OSS bucket denied.
403InsufficientSlsPolicyExceptionAccess to the specified Log Service project was denied.Access SLS Project denied.
404TrailNotFoundExceptionThe specified Trail does not exist.The specified Trail is not existed.
404BucketDoesNotExistExceptionThe specified OSS bucket does not exist.The specified OSS Bucket is not existed.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-01-09The Error code has changed. The request parameters of the API has changed. The response structure of the API has changedView Change Details