All Products
Search
Document Center

ActionTrail:Auditable events of RAM

Last Updated:Jun 23, 2026

Resource Access Management (RAM) is integrated with ActionTrail. You can query user-initiated events generated by RAM operations in the ActionTrail console. ActionTrail can deliver these events to Log Service Logstores or Object Storage Service (OSS) buckets for real-time auditing and troubleshooting.

ActionTrail records user-initiated events generated when you manage cloud resources by calling API operations or by using the Alibaba Cloud Management Console. The following table lists the RAM events that you can query in ActionTrail.

Event

Description

AddUserToGroup

A RAM user is added to a RAM user group.

AttachPolicyToGroup

A policy is attached to a RAM user group.

AttachPolicyToRole

A policy is attached to a RAM role.

AttachPolicyToUser

A policy is attached to a RAM user.

BindMFADevice

A multi-factor authentication (MFA) device is bound to a RAM user.

ChangePassword

The password of a RAM user is changed.

ClearAccountAlias

The alias of an Alibaba Cloud account is deleted.

CreateAccessKey

An AccessKey pair is created for a RAM user.

CreateGroup

A RAM user group is created.

CreateLoginProfile

Console logon is enabled for a RAM user.

CreatePolicy

A policy is created.

CreatePolicyVersion

A version of a policy is created.

CreateRole

A RAM role is created.

CreateUser

A RAM user is created.

CreateVirtualMFADevice

An MFA device is created.

DeleteAccessKey

An AccessKey pair of a RAM user is deleted.

DeleteGroup

A RAM user group is deleted.

DeleteLoginProfile

Console logon is disabled for a RAM user.

DeletePolicy

A policy is deleted.

DeletePolicyVersion

A policy version is deleted.

DeleteRole

A RAM role is deleted.

DeleteUser

A RAM user is deleted.

DeleteVirtualMFADevice

An MFA device is deleted.

DetachPolicyFromGroup

A policy is detached from a RAM user group.

DetachPolicyFromRole

A policy is detached from a RAM role.

DetachPolicyFromUser

A policy is detached from a RAM user.

GetAccessKeyLastUsed

The time when an AccessKey pair is last used is queried.

GetAccountAlias

The alias of an Alibaba Cloud account is queried.

GetAccountSummary

Statistics are queried.

GetGroup

The information about a RAM user group is queried.

GetLoginProfile

The logon configurations of a RAM user are queried.

GetPasswordPolicy

The password policy of RAM users, including the password strength, is queried.

GetPolicy

The information about a policy is queried.

GetPolicyVersion

The information about a policy version is queried.

GetPublicKey

A public key is queried.

GetRole

The information about a RAM role is queried.

GetSecurityPreference

The details of the security preferences are queried.

GetServiceStatus

The status of RAM is queried.

GetUser

The information about a RAM user is queried.

GetUserMFAInfo

The MFA device that is attached to a RAM user is queried.

ListAccessKeys

AccessKey pairs that belong to an Alibaba Cloud account or a RAM user are queried.

ListEntitiesForPolicy

The entities to which a policy is attached are queried.

ListGroups

RAM user groups are queried.

ListGroupsForUser

The RAM user groups to which a RAM user belongs are queried.

ListPolicies

Policies are queried.

ListPoliciesForGroup

The policies that are attached to a RAM user group are queried.

ListPoliciesForRole

The policies that are attached to a RAM role are queried.

ListPoliciesForUser

The policies that are attached to a RAM user are queried.

ListPolicyVersions

The versions of a policy are queried.

ListPublicKeys

Public keys are queried.

ListRoles

RAM roles are queried.

ListUsers

All RAM users are queried.

ListUsersForGroup

RAM users in a RAM user group are queried.

ListVirtualMFADevices

MFA devices are queried.

OpenService

A service is activated.

ReleaseAccountResource

An Alibaba Cloud account and the resources of the account are released with one click.

RemoveUserFromGroup

A RAM user is removed from a RAM user group.

SetAccountAlias

An alias is configured for an Alibaba Cloud account.

SetDefaultPolicyVersion

A version is specified for a policy as the default version.

SetPasswordPolicy

The password policy for RAM users, including the password strength, is configured.

SetSecurityPreference

The security preferences are configured.

UnbindMFADevice

An MFA device is unbound from a RAM user.

UpdateAccessKey

The status of an AccessKey pair that belongs to a RAM user is changed.

UpdateGroup

The information about a RAM user group is modified.

UpdateLoginProfile

The logon configurations of a RAM user are modified.

UpdatePolicyDescription

The description of a custom policy is modified.

UpdatePublicKey

A public key is modified.

UpdateRole

The information about a RAM role is modified.

UpdateUser

The information about a RAM user is modified.

UploadPublicKey

A public key is uploaded.