CreateTrail - ActionTrail - Alibaba Cloud Documentation Center

Creates a trail.

You can create a trail to deliver events to Log Service, Object Storage Service (OSS), or both. Before you call this operation to create a trail, make sure that the following requirements are met:

Deliver events to Log Service: A project is created in Log Service.
Note After you create a trail to deliver events Log Service, a Logstore named in the actiontrail_<Trail name> format is created. This Logstore is automatically configured for subsequent auditing. To be specific, indexes and a dashboard are created for the Logstore to facilitate event query. In addition, you are not allowed to manually write data to the Logstore. This ensures the data integrity. You do not need to create a Logstore in advance.
Deliver events to OSS: A bucket is created in OSS.

This topic shows you how to create a sample single-account trail named trail-test and configure the trail to deliver events to a sample OSS bucket named audit-log.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter	Type	Required	Example	Description
Action	String	Yes	CreateTrail	The operation that you want to perform. Set the value to CreateTrail.
Name	String	Yes	trail-test	The name of the trail to be created. The name must be 6 to 36 characters in length. The name must start with a lowercase letter and can contain lowercase letters, digits, hyphens (-), and underscores (_). Note The name must be unique within your Alibaba Cloud account.
OssBucketName	String	No	audit-log	The name of the OSS bucket to which events are to be delivered. The name must be 3 to 63 characters in length. The name must start with a lowercase letter or a digit and can contain lowercase letters, digits, and hyphens (-). Note You must specify at least one of the OssBucketName and SlsProjectArn parameters.
OssKeyPrefix	String	No	at-product-account-audit-B	The prefix of the log files to be stored in the destination OSS bucket. The prefix must be 6 to 32 characters in length. The prefix must start with a letter and can contain letters, digits, hyphens (-), forward slashes (/), and underscores (_).
RoleName	String	No	aliyunserviceroleforactiontrail	The service-linked role that is assumed by ActionTrail. Default value: aliyunserviceroleforactiontrail.
SlsProjectArn	String	No	acs:log:cn-shanghai::project/***	The Alibaba Cloud Resource Name (ARN) of the Log Service project to which events are to be delivered. Note You must specify at least one of the OssBucketName and SlsProjectArn parameters.
SlsWriteRoleArn	String	No	acs:ram::***:role/aliyunserviceroleforactiontrail	The ARN of the service-linked role that is assumed by ActionTrail to deliver events to the destination Log Service project. If you do not specify this parameter, ActionTrail creates a service-linked role to create the corresponding resource. For more information, see Manage the service-linked role. If you specify this parameter, you must grant the permissions of the service-linked role that is assumed by ActionTrail to the RAM role before you can deliver events to your Alibaba Cloud account. If you need to deliver events to other Alibaba Cloud accounts, you must attach the permission policy that is used to grant permissions related to event delivery to the RAM role. For more information about how to deliver events across Alibaba Cloud accounts, see Aggregate events across Alibaba Cloud accounts.
EventRW	String	No	Write	The read/write type of the events to be delivered. Valid values: Write: write events. It is the default value. Read: read events. All: read and write events.
TrailRegion	String	No	All	The one or more regions from which the trail delivers events. The default value is All, which indicates that the trail delivers events from all regions. You can also specify specific regions. You can call the DescribeRegions operation to query all the supported regions.
MnsTopicArn	String	No	acs:mns:cn-hangzhou:1111:/topics/your-topic-name	The ARN of the Message Service (MNS) topic to which ActionTrail sends messages. The ARN is in the format of `acs:mns:<Region>:<Account ID>:/topics/<Topic name>`. If the ARN is specified, a message is generated and delivered to the MNS topic whenever an event is delivered to OSS.
IsOrganizationTrail	Boolean	No	false	Specifies whether to create a multi-account trail. Valid values: true: creates a multi-account trail. false: creates a single-account trail. It is the default value.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter	Type	Example	Description
MnsTopicArn	String	acs:mns:cn-hangzhou:1111:/topics/your-topic-name	The ARN of the MNS topic to which ActionTrail sends messages.
SlsProjectArn	String	acs:log:cn-hangzhou:151266687691****:project/test-project	The ARN of the Log Service project to which events are to be delivered.
RoleName	String	aliyunserviceroleforactiontrail	The service-linked role that is assumed by ActionTrail.
EventRW	String	Write	The read/write type of the events to be delivered.
RequestId	String	145318BE-DEE1-4C57-AA7C-5BE7D34A6AE0	The ID of the request.
HomeRegion	String	cn-hangzhou	The home region of the trail.
OssKeyPrefix	String	at-product-account-audit-B	The prefix of the log files to be stored in the destination OSS bucket.
OssBucketName	String	audit-log	The name of the OSS bucket to which events are to be delivered.
SlsWriteRoleArn	String	acs:ram::***:role/aliyunserviceroleforactiontrail	The ARN of the service-linked role that is assumed by ActionTrail to deliver events to the destination Log Service project.
TrailRegion	String	All	The one or more regions from which the trail delivers events.
Name	String	trail-test	The name of the trail.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateTrail
&Name=trail-test
&OssBucketName=audit-log
&<Common request parameters>

Sample success responses

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RoleName" : "aliyunserviceroleforactiontrail",
  "EventRW" : "Write",
  "RequestId" : "AB7A5AE1-EC3C-4C00-91B0-BE7BDEE354AE",
  "HomeRegion" : "cn-hangzhou",
  "OssBucketName" : "audit-log",
  "TrailRegion" : "All",
  "Name" : "trail-test"
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidPrefixException	The specified OSS bucket prefix is invalid.	The error message returned because the log file prefix specified for the destination OSS bucket is invalid.
400	InvalidQueryParameter	The specified query parameter is invalid.	The error message returned because one or more specified request parameters are invalid.
400	InvalidTrailNameException	The specified Trail name is invalid.	The error message returned because the specified trail name is invalid. Specify a valid trail name.
400	TrailAlreadyExistsException	The specified Trail name already exists.	The error message returned because the specified trail name exists. Modify the name.
400	MaximumNumberOfOrganizationTrailExceeded	Your account can create only one organization trail.	The error message returned because a multi-account trail exists within your Alibaba Cloud account.
400	NotAllowCreateOrganizationTrail	Your account does not allow you to create organization trail. Submit a ticket to get customer support.	The error message returned because you cannot create a multi-account trail by using your Alibaba Cloud account. To resolve this issue, submit a ticket to contact the customer service team.
403	InsufficientSlsPolicyException	Access to the specified Log Service project was denied.	The error message returned because you are not authorized to access the specified Log Service project.
403	MaximumNumberOfTrailsExceededException	The number of Trails in the same region exceeds the upper limit (5).	The error message returned because you cannot create more than five trails in a region.

For a list of error codes, visit the API Error Center.