ALIYUN::ACTIONTRAIL::Trail is used to create a trail to deliver events to a Log Service Logstore or an Object Storage Service (OSS) bucket.

Syntax

{
  "Type": "ALIYUN::ACTIONTRAIL::Trail",
  "Properties": {
    "Name": String,
    "OssBucketName": String,
    "RoleName": String,
    "OssKeyPrefix": String,
    "EventRW": String,
    "SlsProjectArn": String,
    "SlsWriteRoleArn": String
  }
}            

Properties

PropertyTypeRequiredEditableDescriptionConstraint
NameStringYesNoThe name of the trail. The name must be 6 to 36 characters in length and can contain letters, digits, hyphens (-), and underscores (_). It must start with a letter.
Note The name must be unique within your Alibaba Cloud account.
OssBucketNameStringYesYesThe name of the OSS bucket to which events are to be delivered. The name must be 3 to 63 characters in length. It must start with a lowercase letter or a digit and can contain lowercase letters, digits, and hyphens (-).
Note
  • Make sure that an OSS bucket is created. For more information, see Create buckets.
  • You must specify at least one of the OssBucketName and SlsProjectArn parameters.
RoleNameStringYesYesThe service-linked role assumed by ActionTrail. Default value: AliyunServiceRoleForActionTrail.
OssKeyPrefixStringNoYesThe prefix of the log files to be stored in the desired OSS bucket. The prefix must be 6 to 32 characters in length and can contain letters, digits, hyphens (-), forward slashes (/), and underscores (_). It must start with a letter.
EventRWStringNoYesSpecifies whether the event is a read or write event. Default value: Write. Valid values:
  • Read
  • Write
  • All
SlsProjectArnStringNoYesThe Alibaba Cloud Resource Name (ARN) of the Log Service project to which events are to be delivered. Make sure that a Log Service project and a Logstore are created. The Logstore is named in the format of actiontrail_<Trail name>.

For more information, see Create a Logstore and Create a project.

Note You must specify at least one of the OssBucketName and SlsProjectArn parameters.
SlsWriteRoleArnStringNoYesThe ARN of the service-linked role that is assumed by ActionTrail to deliver events to the desired Log Service project. None

Response parameters

Fn::GetAtt

Name: The name of the trail.

Examples

  • YAMLformat

    ROSTemplateFormatVersion: '2015-09-01'
    Parameters: {}
    Resources:
      Role:
        Type: ALIYUN::RAM::Role
        Properties:
          RoleName: TestRole
          Policies:
            - PolicyName:
                Fn::Sub: ActionTrailPolicy-${ALIYUN::StackId}
              PolicyDocument:
                Version: '1'
                Statement:
                  - Action:
                      - oss:GetBucketLocation
                      - oss:ListObjects
                      - oss:PutObject
                    Resource:
                      - '*'
                    Effect: Allow
                  - Action:
                      - log:PostLogStoreLogs
                      - log:CreateLogstore
                      - Log:GetLogstore
                    Resource:
                      - '*'
                    Effect: Allow
                  - Action:
                      - mns:PublishMessage
                    Resource:
                      - '*'
                    Effect: Allow
          AssumeRolePolicyDocument:
            Version: '1'
            Statement:
              - Action: sts:AssumeRole
                Effect: Allow
                Principal:
                  Service:
                    - actiontrail.aliyuncs.com
      Bucket:
        Type: ALIYUN::OSS::Bucket
        Properties:
          AccessControl: private
          BucketName: MyTestBucket
          DeletionForce: true
      SlsProject:
        Type: ALIYUN::SLS::Project
        Properties:
          Name: DemoSls
      SlsLogStore:
        Type: ALIYUN::SLS::Logstore
        DependsOn: SlsProject
        Properties:
          LogstoreName: ActiontrailTestTrail
          PreserveStorage: true
          ProjectName:
            Fn::GetAtt:
              - SlsProject
              - Name
          AppendMeta: true
          MaxSplitShard: 64
          AutoSplit: true
          EnableTracking: false
          ShardCount: 2
      Trail:
        DependsOn:
          - Role
          - Bucket
          - SlsLogStore
        Type: ALIYUN::ACTIONTRAIL::Trail
        Properties:
          SlsProjectArn:
            Fn::Sub: acs:log:${ALIYUN::Region}::project/DemoSls
          RoleName:
            Fn::GetAtt:
              - Role
              - RoleName
          EventRW: All
          OssKeyPrefix: TestFile
          OssBucketName:
            Fn::GetAtt:
              - Bucket
              - Name
          SlsWriteRoleArn:
            Fn::Sub: acs:ram::${ALIYUN::TenantId}:role/${Role.RoleName}
          Name: TestTrail
      TrailLogging:
        Type: ALIYUN::ACTIONTRAIL::TrailLogging
        Properties:
          Name:
            Fn::GetAtt:
              - Trail
              - Name
          Enable:
            Ref: Enable
    Outputs:
      Name:
        Value:
          Fn::GetAtt:
            - Trail
            - Name
  • JSONformat

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Parameters": {
      },
      "Resources": {
        "Role": {
          "Type": "ALIYUN::RAM::Role",
          "Properties": {
            "RoleName": "TestRole",
            "Policies": [
              {
                "PolicyName": {
                  "Fn::Sub": "ActionTrailPolicy-${ALIYUN::StackId}"
                },
                "PolicyDocument": {
                  "Version": "1",
                  "Statement": [
                    {
                      "Action": [
                        "oss:GetBucketLocation",
                        "oss:ListObjects",
                        "oss:PutObject"
                      ],
                      "Resource": [
                        "*"
                      ],
                      "Effect": "Allow"
                    },
                    {
                      "Action": [
                        "log:PostLogStoreLogs",
                        "log:CreateLogstore",
                        "Log:GetLogstore"
                      ],
                      "Resource": [
                        "*"
                      ],
                      "Effect": "Allow"
                    },
                    {
                      "Action": [
                        "mns:PublishMessage"
                      ],
                      "Resource": [
                        "*"
                      ],
                      "Effect": "Allow"
                    }
                  ]
                }
              }
            ],
            "AssumeRolePolicyDocument": {
              "Version": "1",
              "Statement": [
                {
                  "Action": "sts:AssumeRole",
                  "Effect": "Allow",
                  "Principal": {
                    "Service": [
                      "actiontrail.aliyuncs.com"
                    ]
                  }
                }
              ]
            }
          }
        },
        "Bucket": {
          "Type": "ALIYUN::OSS::Bucket",
          "Properties": {
            "AccessControl": "private",
            "BucketName": "MyTestBucket",
            "DeletionForce": true
          }
        },
        "SlsProject": {
          "Type": "ALIYUN::SLS::Project",
          "Properties": {
            "Name": "DemoSls"
          }
        },
        "SlsLogStore": {
          "Type": "ALIYUN::SLS::Logstore",
          "DependsOn": "SlsProject",
          "Properties": {
            "LogstoreName": "ActiontrailTestTrail",
            "PreserveStorage": true,
            "ProjectName": {
              "Fn::GetAtt": [
                "SlsProject",
                "Name"
              ]
            },
            "AppendMeta": true,
            "MaxSplitShard": 64,
            "AutoSplit": true,
            "EnableTracking": false,
            "ShardCount": 2
          }
        },
        "Trail": {
          "DependsOn": [
            "Role",
            "Bucket",
            "SlsLogStore"
          ],
          "Type": "ALIYUN::ACTIONTRAIL::Trail",
          "Properties": {
            "SlsProjectArn": {
              "Fn::Sub": "acs:log:${ALIYUN::Region}::project/DemoSls"
            },
            "RoleName": {
              "Fn::GetAtt": [
                "Role",
                "RoleName"
              ]
            },
            "EventRW": "All",
            "OssKeyPrefix": "TestFile",
            "OssBucketName": {
              "Fn::GetAtt": [
                "Bucket",
                "Name"
              ]
            },
            "SlsWriteRoleArn": {
              "Fn::Sub": "acs:ram::${ALIYUN::TenantId}:role/${Role.RoleName}"
            },
            "Name": "TestTrail"
          }
        },
        "TrailLogging": {
          "Type": "ALIYUN::ACTIONTRAIL::TrailLogging",
          "Properties": {
            "Name": {
              "Fn::GetAtt": [
                "Trail",
                "Name"
              ]
            },
            "Enable": {
              "Ref": "Enable"
            }
          }
        }
      },
      "Outputs": {
        "Name": {
          "Value": {
            "Fn::GetAtt": [
              "Trail",
              "Name"
            ]
          }
        }
      }
    }

To view more examples, visit TrailLogging.json and TrailLogging.yml. In the examples, the ALIYUN::ACTIONTRAIL::Trail and ALIYUN::ACTIONTRAIL::TrailLogging resource types are involved.