This section describes the ActionTrail APIs that can be authorized to a RAM account.
Before an API is called, permissions are checked to ensure that the caller is authorized to call the API to operate specific resources.
The following table describes the API authentication rules.
| Action | Resource description |
|---|---|
| actiontrail:CreateTrail | acs:actiontrail:${region}:${AccountId}:* |
| actiontrail:DescribeTrails | acs:actiontrail:${region}:${AccountId}:* |
| actiontrail:GetTrailStatus | acs:actiontrail:${region}:${AccountId}:* |
| actiontrail:StartLogging | acs:actiontrail:${region}:${AccountId}:* |
| actiontrail:StopLogging | acs:actiontrail:${region}:${AccountId}:* |
| actiontrail:UpdateTrail | acs:actiontrail:${region}:${AccountId}:* |
| actiontrail:DeleteTrail | acs:actiontrail:${region}:${AccountId}:* |
| actiontrail:LookupEvents | acs:actiontrail:${region}:${AccountId}:* |