ActionTrail:Differences among a single-account trail, a multi-account trail, and a trail for the Inner-ActionTrail feature

Item

Single-account trail

Multi-account trail

Trail for the Inner-ActionTrail feature

Scenario

An individual user can create a single-account trail to deliver events to a Simple Log Service Logstore or an Object Storage Service (OSS) bucket.

An individual can create multiple single-account trails to perform the following tasks:

• Assign different types of events to different roles for auditing.

• Manage audit data for multiple regions based on compliance requirements.

• Create multiple replicas for an event.

After an enterprise user creates a resource directory, the management account of the resource directory can create a multi-account trail to deliver the events of all members in the resource directory to a Simple Log Service Logstore or an OSS bucket.

An individual user can create a trail for the Inner-ActionTrail feature to deliver Alibaba Cloud-initiated events that are generated when the Alibaba Cloud O&M team maintains services of the user to a Simple Log Service Logstore.

Creation method

All Alibaba Cloud accounts can create single-account trails.

After an enterprise creates a resource directory and establishes an organizational structure in the resource directory, the management account of the resource directory can create a multi-account trail in the ActionTrail console.

Submit a ticket or contact your sales manager to add you to the whitelist of users who can create a trail for the Inner-ActionTrail feature.

Supported services

Services that work with ActionTrail

Services that work with ActionTrail

Key Management Service (KMS), Data Security Center (DSC), OSS, Elastic Compute Service (ECS), ApsaraDB RDS, Container Service for Kubernetes (ACK), Container Registry (ACR), and E-MapReduce (EMR)

Supported accounts

All Alibaba Cloud accounts

Management accounts

All Alibaba Cloud accounts

Types of events to be delivered

Events that are generated when an individual user performs operations in the Alibaba Cloud Management Console, call API operations, or use developer tools to access and manage services in Alibaba Cloud.

Events that are generated when an enterprise user performs operations in the Alibaba Cloud Management Console, call API operations, or use developer tools to access and manage services in Alibaba Cloud

Alibaba Cloud-initiated events that are generated when the Alibaba Cloud O&M team maintains the services of a user

Scope of events to be delivered

Events of the current account

Events of all members

Alibaba Cloud-initiated events of the current account

Storage services for delivered events

• Simple Log Service

• OSS

• Simple Log Service

• OSS

Simple Log Service

Event query methods

• ActionTrail console

• LookupEvents operation

• OSS console

• Simple Log Service console

Management account:

• ActionTrail console (advanced event query)

• OSS console

• Simple Log Service console

• ActionTrail console

• Simple Log Service console

Maximum number of trails that can be created

Five in each region

One in all regions

One in all regions

Event storage path in an OSS bucket

• Management events: ooss://<bucket>/<Log file prefix>/AliyunLogs/Actiontrail/<region>/<Year>/<Month>/<Day>/<Log file name>

• Insights events: oss://<bucket>/<Log file prefix>/AliyunLogs/Actiontrail-insight/<region>/<Year>/<Month>/<Day>/<Log file name>

  Note

  To use the Insights feature, you must apply for the required permissions. For more information, see Overview of Insights events.

oss://<bucket>/<Log file prefix>/AliyunLogs/Actiontrail/rd_id/accountid/regionid/yyyy/mm/dd/Log file name

N/A

Default name of a Simple Log Service Logstore in which events are stored

actiontrail_Single-account trail name

actiontrail_Multi-account trail name

innertrail_Name of a trail for the Inner-ActionTrail feature