All Products
Search
Document Center

ActionTrail:Audit events of STS

Last Updated:Jun 18, 2026

Security Token Service (STS) is integrated with ActionTrail. You can query management events generated by STS operations in the ActionTrail console. ActionTrail can deliver these events to Simple Log Service Logstores or Object Storage Service (OSS) buckets for real-time auditing and troubleshooting.

ActionTrail records management events when you manage cloud resources by calling API operations or using the Alibaba Cloud Management Console. The following table lists the STS events that you can query in ActionTrail.

Event name

Description

AssumeRole

Obtains a temporary identity credential to assume a role.

AssumeRoleWithOIDC

Obtains a temporary identity credential to assume a role during OpenID Connect (OIDC) role-based single sign-on (SSO).

AssumeRoleWithSAML

Obtains a temporary identity credential to assume a role during Security Assertion Markup Language (SAML) role-based SSO.

GetCallerIdentity

Queries the identity of the current caller.