This topic describes the types of ActionTrail events that can be published to EventBridge.
Background information
ActionTrail can be used as an event source for the following Alibaba Cloud services:
-
Apsara File Storage NASServer Load Balancer (SLB)Alibaba Cloud CDNElasticsearchDataVCloud Enterprise NetworkApsaraDB for HBaseKey Management Service (KMS)ApsaraDB RDSContainer Service for Kubernetes (ACK)Elastic Compute Service (ECS)PolarDB for MySQLMessage Queue for Apache KafkaActionTrailResource Orchestration Service (ROS)Function ComputeSmart Access GatewayCloud ConfigApsaraDB for CassandraVirtual Private Cloud (VPC)Blockchain as a Service (BaaS)Object Storage Service (OSS)Resource Access Management (RAM)TablestoreCloudMonitorBatch ComputeDynamic Route for CDN (DCDN)Auto ScalingElastic Container Instance (ECI)Container RegistryHologresApsaraVideo for Media ProcessingAnalyticDB for MySQLOperation Orchestration Service (OOS)Security CenterE-MapReduceFraud DetectionDomainsData Transmission Service (DTS)Quick BIApsaraVideo VODApsaraVideo LiveIoT PlatformElastic High Performance Computing (E-HPC)
Event types
The following table describes the types of ActionTrail events that can be published to EventBridge.
Event type | Value of the type parameter |
---|---|
Operation performed by Alibaba Cloud on a resource | actiontrail:ActionTrail:AliyunServiceEvent |
API operation call | actiontrail:ActionTrail:ApiCall |
Operation performed in a console | actiontrail:ActionTrail:ConsoleOperation |
For more information about the parameters defined in the CloudEvents specification, see Overview.
API operation call
The following example shows the event that EventBridge receives when you call an API operation in OpenAPI Explorer:
{
"acsRegion":"cn-hangzhou",
"additionalEventData":{
"Scheme":"http"
},
"apiVersion":"2014-05-26",
"eventCategory":"Management",
"eventId":"F7393A43-6A4A-4409-AEDD-8B1C47DE****",
"eventName":"RunInstances",
"eventRW":"Write",
"eventSource":"ecs-cn-hangzhou-inner.aliyuncs.com",
"eventTime":"2021-07-13T07:33:46Z",
"eventType":"ApiCall",
"eventVersion":"1",
"referencedResources":{
"ACS::ECS::Instance":[
"i-0xiiz1v0vw4epqjc****"
],
"ACS::ECS::SecurityGroup":[
"sg-0xi2js0u6m03jbmv****"
],
"ACS::ECS::Image":[
"aliyun_2_1903_x64_20G_alibase_20200529.vhd"
],
"ACS::ECS::KeyPair":[
"sshkey-cn-hangzhou"
],
"ACS::VPC::VSwitch":[
"vsw-0xikxv8p1akh4ki43****"
]
},
"requestId":"F7393A43-6A4A-4409-AEDD-8B1C47DE45ED",
"requestParameters":{
"Amount":1,
"VSwitchId":"vsw-0xikxv8p1akh4ki43****"
},
"resourceName":"i-0xiiz1v0vw4epqjc****;sg-0xi2js0u6m03jbmv****;aliyun_2_1903_x64_20G_alibase_20200529.vhd;sshkey-cn-hangzhou;vsw-0xikxv8p1akh4ki43****",
"resourceType":"ACS::ECS::Instance;ACS::ECS::SecurityGroup;ACS::ECS::Image;ACS::ECS::KeyPair;ACS::VPC::VSwitch",
"responseElements":{
"RequestId":"F7393A43-6A4A-4409-AEDD-8B1C47DE45ED",
"InstanceIdSets":{
"InstanceIdSet":[
"i-0xiiz1v0vw4epqjc****"
]
}
},
"serviceName":"Ecs",
"sourceIpAddress":"Internal",
"userAgent":"AlibabaCloud (Linux; amd64) Java/1.8.0_102-b52 Core/4.5.3 HTTPClient/InternalHttpClient",
"userIdentity":{
"accessKeyId":"STS.NUQNP4PiGyckMsNiGELCs****",
"accountId":"116214297662****",
"principalId":"32886943330935****:ess-session-ecs_default",
"sessionContext":{
"attributes":{
"mfaAuthenticated":"false",
"creationDate":"2021-07-13T07:33:46Z"
}
},
"type":"assumed-role",
"userName":"aliyunserviceroleforautoscaling:ess-session-ecs_default"
}
}
The following table describes the fields in the data parameter.
Field | Type | Required | Example | Description |
---|---|---|---|---|
acsRegion | String | Yes | cn-hangzhou | The ID of the region where the management event was generated. |
additionalEventData | JSON | No | Schema: "http" | The additional information about the management event. The following content describes
the settings that represent different meanings:
|
apiVersion | String | No | 2014-05-26 | The version of the API operation that was called. If the eventType field is set to ApiCall, the management event log records an API operation call. In this case, this field indicates the version of the API operation. |
eventCategory | String | Yes | Management | The type of the generated event. Valid values:
|
eventId | String | Yes | F23A3DD5-7842-4EF9-9DA1-3776396A**** | The ID of the management event. ActionTrail generates a globally unique identifier (GUID) for each management event. |
eventName | String | Yes | CreateNetworkInterface | The name of the management event.
|
eventRW | String | Yes | Write | The read/write type of the management event. Valid values:
|
eventSource | String | Yes | ecs.aliyuncs.com | The source of the management event. |
eventTime | String | Yes | 2020-01-09T12:12:14Z | The time when the management event was generated, in UTC. |
eventType | String | Yes | ApiCall | The type of the action that was recorded in the management event log. Valid values:
|
eventVersion | String | Yes | 1 | The version of the event log format. The current version is 1. |
errorCode | String | No | NoPermission | The error code returned if an error occurred during the processing of the API request. |
errorMessage | String | No | You are not authorized. | The error message returned if an error occurred during the processing of the API request. |
requestId | String | Yes | F23A3DD5-7842-4EF9-9DA1-3776396AD58D | The ID of the API request. |
requestParameters | Dictionary | No | N/A | The parameters specified in the API request. |
requestParameterJson | String | No | "{"AcsHost":"actiontrail.cn-hangzhou.aliyuncs.com","AcsProduct":"Actiontrail","RequestId":"32B8BA8F-3738-46D3-BCCA-1B2257AEF9BB","AcceptLanguage":"zh-CN","Region":"cn-hangzhou","HostId":"actiontrail.cn-hangzhou.aliyuncs.com","Name":"create-service-tmp"}" |
The parameters specified in the API request. This field is in the JSON format and
serves the same purpose as the requestParameters field.
Note This field applies only to the management events that are delivered to Log Service.
|
resourceName | String | No | "i-0xiiz1v0vw4epqjc****;sg-0xi2js0u6m03jbmv****;aliyun_2_1903_x64_20G_alibase_20200529.vhd;sshkey-cn-hangzhou;vsw-0xikxv8p1akh4ki43****" |
The name of the event-associated resource. The name is the unique identifier of the
resource.
You can use this field as an index in Log Service to query the event. The format of the value varies based on the number and types of event-associated resources. The following examples show the possible formats:
Note The names of the resources of the same type are separated with commas (,). The names
of the resources of different types are separated with semicolons (;).
|
resourceType | List | No | "ACS::ECS::Instance;ACS::ECS::SecurityGroup;ACS::ECS::Image;ACS::ECS::KeyPair;ACS::VPC::VSwitch" |
The type of the event-associated resource.
You can use this field as an index in Log Service to query the event. The format of the value varies based on the number and types of event-associated resources. The following examples show the possible formats:
Note Multiple resource types are separated with semicolons (;).
|
responseElements | Dictionary | No | N/A | The response returned for the API request. |
referencedResources | Dictionary | No | N/A | The resources that the action recorded in the management event log involves. |
serviceName | String | Yes | Ecs | The name of the Alibaba Cloud service to which the management event log belongs. |
sourceIpAddress | String | Yes | 11.168.XX.XX | The IP address from which the management event was generated. |
userAgent | String | No | Apache-HttpClient/4.5.7 (Java/1.8.0_152) | The user agent that sent the API request. Examples:
|
userIdentity | Dictionary | Yes | N/A | The identity information about the requester.
For more information, see the "Fields contained in userIdentity" section in this topic. |
The following table describes the fields that userIdentity contains.
Field | Type | Required | Example | Description |
---|---|---|---|---|
type | String | Yes | ram-user | The identity type of the requester. Valid values:
|
principalId | String | No | 28815334868278**** | The ID of the requester. You can check the type field and this field to confirm the identity of the requester.
|
accountId | String | Yes | 112233445566**** | The ID of the Alibaba Cloud account of the requester. |
accessKeyId | String | No | 55nCtAwmPLkk**** |
|
userName | String | No | Alice | The name of the requester.
|
sessionContext | String | No | {"attributes": {"mfaAuthenticated": "true", "creationDate": "2020-01-09T12:12:14Z" } | The session context recorded when the requester called an API operation by using an
STS token or performed an action in the Alibaba Cloud Management Console. The session
context contains the following attributes:
|