ActionTrail:Usage example for ActionTrail API

View the API documentation

To query events in ActionTrail, you can call the LookupEvents operation. For more information, see List of operations by function. For more information about the data and permissions that are required to call this operation, see the documentation.

Create a RAM user and grant permissions to the RAM user

1. Log on to the Resource Access Management (RAM) console with your Alibaba Cloud account.

2. Create a RAM user.

   1. In the left-side navigation pane, choose Identities > Users.

   2. In the upper-left corner of the Users page, click Create User.

   3. On the Create User page, set Logon Name and Display Name to actiontrail-openapi-operator, and select OpenAPI Access for Access Method.

   4. Click OK.

      The RAM user is created. RAM automatically generates an AccessKey ID and an AccessKey secret for the RAM user. For more information, see Create an AccessKey pair.

3. Create a custom policy.

   1. In the left-side navigation pane, choose Permissions > Policies.

   2. In the upper-left corner of the Policies page, click Create Policy.

   3. On the Create Policy page, click the JSON tab and replace the existing sample code with the following code.

      {
        "Version": "1",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": [
              "actiontrail:LookupEvents"
            ],
            "Resource": [
              "*"
            ],
            "Condition": {}
          }
        ]
      }

      The preceding code specifies that a RAM user is granted the permission to call the LookupEvents operation.

   4. Click Next to edit policy information.

   5. Set Name to actiontrail-policy and click OK.

4. Attach the custom policy to the RAM user.

   1. In the left-side navigation pane, choose Permissions > Grants.

   2. In the upper-left corner of the Permission page, click Grant Permission.

   3. In the Grant Permission panel, set Principal to actiontrail-openapi-operator, click the Custom Policy tab, and then click actiontrail-policy to select the policy.

   4. Click OK.

   5. Click Complete.

Call an API operation

The following example shows how to call an API operation in Python.

Prepare a Python environment

1. Download and install Python.

   For more information about how to download Python 3, visit Python 3.

2. Check the version of Python.

   • Linux and macOS

     Open the terminal and run the python --version command.

   • Windows

     • In the Python installation directory, double-click python.exe.

     • Start the Command Prompt.

       Press Win+R to open the Run dialog box, enter python, and then click OK.

Configure environment variables

In this example, environment variables are configured to manage the AccessKey pair. This helps prevent security risks that are caused by hard coding the AccessKey pair into your business code.

• Linux and macOS

  Replace <access_key_id> and <access_key_secret> in the following commands with the actual AccessKey ID and AccessKey secret.

export ALIBABA_CLOUD_ACCESS_KEY_ID=<access_key_id>
export ALIBABA_CLOUD_ACCESS_KEY_SECRET=<access_key_secret>

• Windows

  Create an environment variable file, add the ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variables to the file, and then specify your AccessKey ID for ALIBABA_CLOUD_ACCESS_KEY_ID and your AccessKey secret for ALIBABA_CLOUD_ACCESS_KEY_SECRET. Then, restart the Windows operating system.

Install dependencies

pip install alibabacloud_credentials
pip install alibabacloud_actiontrail20200706==2.1.0
pip install alibabacloud_tea_console

Download sample code

1. Call the LookupEvents operation in OpenAPI Explorer.

2. Click Initiate Call without configuring parameters. The LookupEvents operation does not have required parameters.

3. Click the SDK Sample Code tab. Then, go to the Languages section and click Python.

   The system provides the sample code of the API call based on ActionTrail SDK for Python.

4. Click Download Project to download the sample code package.

5. Decompress the sample code package on your computer and access the alibabacloud_sample directory.

Run sample code

Run the following command:

python sample.py

The following command output is displayed:

{
  "EndTime": "2023-07-11T08:13:04Z",
  "NextToken": "eyJhY2NvdW50IjoiMTY5ODI3MjMyODU0ODQ2NyIsImV2ZW50SWQiOiJFNTdGNjFGRS04RjdCLTVDRjAtODA3Ni03NjAwNEQyMkMxQTYiLCJsb2dJZCI6IjQ1LTE2OTgyNzIzMjg1NDg0NjciLCJ0aW1lIjoxNjg5MDYzMTE2MD****",
  "RequestId": "7743F214-925E-5602-936C-3CCCD5FBACD8",
  "Events": [
    {
      "eventId": "33859C72-1C50-55B3-A857-27FAA358****",
      "eventVersion": 1,
      "eventSource": "actiontrail.cn-hangzhou.aliyuncs.com",
      "requestParameters": {
        "AcsProduct": "Actiontrail",
        "UserAgent": "Workbench/1.0",
        "ClientPort": 11880,
        "Region": "cn-hangzhou"
      },
      "sourceIpAddress": "192.168.XX.XX",
      "userAgent": "api.aliyun.com",
      "eventRW": "Read",
      "eventType": "ApiCall",
      "userIdentity": {
        "sessionContext": {
          "attributes": {
            "mfaAuthenticated": "false",
            "creationDate": "2023-07-11T08:12:34Z"
          }
        },
        "accountId": "169827232854****",
        "principalId": "169827232854****",
        "type": "root-account",
        "userName": "root"
      },
      "serviceName": "Actiontrail",
      "additionalEventData": {
        "CallerBid": "2****"
      },
      "apiVersion": "2020-07-06",
      "requestId": "33859C72-1C50-55B3-A857-27FAA358641C",
      "eventTime": "2023-07-11T08:12:34Z",
      "isGlobal": false,
      "acsRegion": "cn-hangzhou",
      "eventName": "LookupEvents"
    }
  ],
  "StartTime": "2023-07-04T08:13:34Z"
}