ACS-Actiontrail-EnableActionTrail - CloudOps Orchestration Service

Template name

ACS-Actiontrail-EnableActionTrail

Execute Now

Template description

Enables the logging feature for a trail.

Template type

Automated

Owner

Alibaba Cloud

Input parameters

Parameter	Description	Type	Required	Default value	Limit
trailName	The name of the created trail.	String	Yes
regionId	The region ID.	String	No	{{ ACS::RegionId }}
ossBucketName	The name of the Object Storage Service (OSS) bucket to which the trail delivers events.	String	No	""
roleName	The Resource Access Management (RAM) role that can be assumed by ActionTrail.	String	No	aliyunactiontraildefaultrole
eventRW	The read/write type of the events that are delivered.	String	No	All
trailRegion	The regions in which the trail delivers events.	String	No	All
OOSAssumeRole	The RAM role that is assumed by CloudOps Orchestration Service (OOS).	String	No	""

Output parameters

Parameter	Description	Type
trails		Json

Permission policy that is required to execute the template

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "actiontrail:CreateTrail"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

References

For more information, see ACS-Actiontrail-EnableActionTrail.yml at GitHub.

Template content

FormatVersion: OOS-2019-06-01
Description:
  en: Enable action trail
  zh-cn: the description in Chinese
  name-en: ACS-Actiontrail-EnableActionTrail
  name-zh-cn: the description in Chinese
  categories:
    - security
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
      zh-cn: the description in Chinese
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  trailName:
    Label:
      en: TrailName
      zh-cn: the description in Chinese
    Type: String
  ossBucketName:
    Label:
      en: OSSBucketName
      zh-cn: the description in Chinese
    Type: String
    Default: ''
  roleName:
    Label:
      en: RoleName
      zh-cn: the description in Chinese
    Type: String
    Default: aliyunactiontraildefaultrole
  eventRW:
    Label:
      en: EventRW
      zh-cn: the description in Chinese
    Type: String
    Default: All
    AllowedValues:
      - All
      - Write
      - Read
  trailRegion:
    Description:
      en: Example: All, cn-hangzhou
      zh-cn: the description in Chinese
    Label:
      en: TrailRegion
      zh-cn: the description in Chinese
    Type: String
    Default: All
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: the description in Chinese
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: createTrail
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Create trail
      zh-cn: the description in Chinese
    Properties:
      Service: Actiontrail
      API: CreateTrail
      Parameters:
        RegionId: '{{ regionId }}'
        Name: '{{ trailName }}'
        OssBucketName: '{{ ossBucketName }}'
        RoleName: '{{ roleName }}'
        EventRW: '{{ eventRW }}'
        TrailRegion: '{{ trailRegion }}'
    Outputs:
      trail:
        Type: Json
        ValueSelector: .
Outputs:
  trails:
    Type: Json
    Value: '{{ createTrail.trail }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - trailName
          - ossBucketName
          - roleName
          - eventRW
          - trailRegion
          - regionId
        Label:
          default:
            zh-cn: the description in Chinese
            en: Configure Parameters
      - Parameters:
          - OOSAssumeRole
        Label:
          default:
            zh-cn: the description in Chinese
            en: Control Options