ALIYUN::ACTIONTRAIL::Trail is used to create a trail to deliver events to a Log Service Logstore or an Object Storage Service (OSS) bucket.
Syntax
{
"Type": "ALIYUN::ACTIONTRAIL::Trail",
"Properties": {
"Name": String,
"OssBucketName": String,
"RoleName": String,
"OssKeyPrefix": String,
"EventRW": String,
"SlsProjectArn": String,
"SlsWriteRoleArn": String
}
} Properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| Name | String | Yes | No | The name of the trail. | The name must be 6 to 36 characters in length and can contain letters, digits, hyphens (-), and underscores (_). It must start with a letter. Note The name must be unique within your Alibaba Cloud account. |
| OssBucketName | String | Yes | Yes | The name of the OSS bucket to which events are to be delivered. | The name must be 3 to 63 characters in length. It must start with a lowercase letter or a digit and can contain lowercase letters, digits, and hyphens (-). Note
|
| RoleName | String | Yes | Yes | The service-linked role assumed by ActionTrail. | Default value: AliyunServiceRoleForActionTrail. |
| OssKeyPrefix | String | No | Yes | The prefix of the log files to be stored in the desired OSS bucket. | The prefix must be 6 to 32 characters in length and can contain letters, digits, hyphens (-), forward slashes (/), and underscores (_). It must start with a letter. |
| EventRW | String | No | Yes | Specifies whether the event is a read or write event. | Default value: Write. Valid values:
|
| SlsProjectArn | String | No | Yes | The Alibaba Cloud Resource Name (ARN) of the Log Service project to which events are to be delivered. | Make sure that a Log Service project and a Logstore are created. The Logstore is named in the format of actiontrail_<Trail name>. For more information, see Create a Logstore and Create a project. Note You must specify at least one of the OssBucketName and SlsProjectArn parameters. |
| SlsWriteRoleArn | String | No | Yes | The ARN of the service-linked role that is assumed by ActionTrail to deliver events to the desired Log Service project. | None |
Response parameters
Fn::GetAtt
Name: The name of the trail.
Examples
JSONformat{ "ROSTemplateFormatVersion": "2015-09-01", "Parameters": { }, "Resources": { "Role": { "Type": "ALIYUN::RAM::Role", "Properties": { "RoleName": "TestRole", "Policies": [ { "PolicyName": { "Fn::Sub": "ActionTrailPolicy-${ALIYUN::StackId}" }, "PolicyDocument": { "Version": "1", "Statement": [ { "Action": [ "oss:GetBucketLocation", "oss:ListObjects", "oss:PutObject" ], "Resource": [ "*" ], "Effect": "Allow" }, { "Action": [ "log:PostLogStoreLogs", "log:CreateLogstore", "Log:GetLogstore" ], "Resource": [ "*" ], "Effect": "Allow" }, { "Action": [ "mns:PublishMessage" ], "Resource": [ "*" ], "Effect": "Allow" } ] } } ], "AssumeRolePolicyDocument": { "Version": "1", "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": [ "actiontrail.aliyuncs.com" ] } } ] } } }, "Bucket": { "Type": "ALIYUN::OSS::Bucket", "Properties": { "AccessControl": "private", "BucketName": "MyTestBucket", "DeletionForce": true } }, "SlsProject": { "Type": "ALIYUN::SLS::Project", "Properties": { "Name": "DemoSls" } }, "SlsLogStore": { "Type": "ALIYUN::SLS::Logstore", "DependsOn": "SlsProject", "Properties": { "LogstoreName": "ActiontrailTestTrail", "PreserveStorage": true, "ProjectName": { "Fn::GetAtt": [ "SlsProject", "Name" ] }, "AppendMeta": true, "MaxSplitShard": 64, "AutoSplit": true, "EnableTracking": false, "ShardCount": 2 } }, "Trail": { "DependsOn": [ "Role", "Bucket", "SlsLogStore" ], "Type": "ALIYUN::ACTIONTRAIL::Trail", "Properties": { "SlsProjectArn": { "Fn::Sub": "acs:log:${ALIYUN::Region}::project/DemoSls" }, "RoleName": { "Fn::GetAtt": [ "Role", "RoleName" ] }, "EventRW": "All", "OssKeyPrefix": "TestFile", "OssBucketName": { "Fn::GetAtt": [ "Bucket", "Name" ] }, "SlsWriteRoleArn": { "Fn::Sub": "acs:ram::${ALIYUN::TenantId}:role/${Role.RoleName}" }, "Name": "TestTrail" } }, "TrailLogging": { "Type": "ALIYUN::ACTIONTRAIL::TrailLogging", "Properties": { "Name": { "Fn::GetAtt": [ "Trail", "Name" ] }, "Enable": { "Ref": "Enable" } } } }, "Outputs": { "Name": { "Value": { "Fn::GetAtt": [ "Trail", "Name" ] } } } }
To view more examples, visit TrailLogging.json and TrailLogging.yml. In the examples, the ALIYUN::ACTIONTRAIL::Trail and ALIYUN::ACTIONTRAIL::TrailLogging resource types are involved.