alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch
Table: alicloud_action_trail
Alibaba Cloud ActionTrail is a service that monitors and records the actions of your Alibaba Cloud account, including the access to and use of cloud products and services through the Alibaba Cloud console, API operations, and SDKs. ActionTrail records these actions as events. You can download these events from the ActionTrail console or configure ActionTrail to deliver these events to Log Service Logstores or Object Storage Service (OSS) buckets. Then, you can perform behavior analysis, security analysis, resource change tracking, and compliance auditing based on the events.
Examples
Basic info
select name, home_region, event_rw, status, trail_regionfrom alicloud_action_trail;List enabled trails
select name, home_region, event_rw, status, trail_regionfrom alicloud_action_trailwhere status = 'Enable';List multi-account trails
select name, home_region, is_organization_trail, status, trail_regionfrom alicloud_action_trailwhere is_organization_trail;List shadow trails
select name, region, home_regionfrom alicloud_action_trailwhere trail_region = 'All' and home_region <> region;Query examples
Control examples
- actiontrail_multiple_global_trails
- actiontrail_multiple_regional_trails
- action_trail_enabled
- action_trail_oss_bucket_not_public
.inspect alicloud_action_trail
Alicloud Action Trail
| Name | Type | Description |
|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
| account_id | text | The Alicloud Account ID in which the resource is located. |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
| create_time | timestamp with time zone | The time when the trail was created. |
| event_rw | text | The read/write type of the delivered events. |
| home_region | text | The home region of the trail. |
| is_organization_trail | boolean | Indicates whether the trail was created as a multi-account trail. |
| name | text | The name of the trail. |
| oss_bucket_name | text | The name of the OSS bucket to which events are delivered. |
| oss_key_prefix | text | The prefix of log files stored in the OSS bucket. |
| region | text | The Alicloud region in which the resource is located. |
| role_name | text | The name of the Resource Access Management (RAM) role that ActionTrail is allowed to assume. |
| sls_project_arn | text | The ARN of the Log Service project to which events are delivered. |
| sls_write_role_arn | text | The ARN of the RAM role assumed by ActionTrail for delivering logs to the destination Log Service project. |
| start_logging_time | timestamp with time zone | The most recent date and time when logging was enabled for the trail. |
| status | text | The status of the trail. |
| stop_logging_time | timestamp with time zone | The most recent date and time when logging was disabled for the trail. |
| title | text | Title of the resource. |
| trail_region | text | The regions to which the trail is applied. |
| update_time | timestamp with time zone | The most recent time when the configuration of the trail was updated. |