ActionTrail:Work with ROS

Supported resources

ROS is an Alibaba Cloud service that simplifies the management of cloud computing resources. You can create a template to describe the required cloud computing resources such as Elastic Compute Service (ECS) and ApsaraDB RDS instances, as well as the dependencies between the resources. ROS automatically creates and configures all resources based on the template to implement automated deployment and O&M. For more information, see What is ROS?

You can use ROS to call the API operations of ActionTrail for the following resources:

• ALIYUN::ACTIONTRAIL::Trail: creates a trail.

• ALIYUN::ACTIONTRAIL::TrailLogging: enables or disables trail logging.

Permissions

In this example, you must create a trail. By default, Resource Orchestration Service uses the credentials of the user who logs on to the ROS console. The user must be granted the following permissions:

• AliyunActionTrailFullAccess: grants full permissions on ActionTrail.

• AliyunLogFullAccess: grants full permissions on Simple Log Service.

An Alibaba Cloud account has permissions on all API operations. Security risks may arise if you use an Alibaba Cloud account to call API operations. We recommend that you use a Resource Access Management (RAM) user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. Before you call API operations as a RAM user, grant the required permissions to the RAM user based on your business requirements. The RAM user must have the permissions to manage Cloud Backup resources. For more information, see Authorize a RAM User.

Procedure

1. Log on to the ROS console. In the top navigation bar, select a region from the Region drop-down list.

2. In the left-side navigation pane, click Stacks. On the Stacks page, choose Create Stack > Use ROS.

   • Specify Template: Select Select an Existing Template.

   • Template Import Method: Select Enter Template Content.

3. Template Content: Select ROS and enter code in JSON or YAML mode.

   For more information about the syntax, description, and examples of how to create a trail, see ALIYUN::ACTIONTRAIL::Trail. In this example, a trail named test-trail is created.

   YAML format

   ROSTemplateFormatVersion: '2015-09-01'
   Resources:
     SlsProject:
       Type: ALIYUN::SLS::Project
       Properties:
         Name: test-sls-project-for-actiontrail
     TrailLogging:
       Type: ALIYUN::ACTIONTRAIL::TrailLogging
       Properties:
         Enable: true
         Name:
           Fn::GetAtt:
             - Trail
             - Name
     SlsLogStore:
       Type: ALIYUN::SLS::Logstore
       Properties:
         ProjectName:
           Fn::GetAtt:
             - SlsProject
             - Name
         AutoSplit: true
         MaxSplitShard: 64
         LogstoreName: actiontrail_test-trail
         AppendMeta: true
         ShardCount: 2
         EnableTracking: false
         PreserveStorage: true
       DependsOn: SlsProject
     Trail:
       Type: ALIYUN::ACTIONTRAIL::Trail
       Properties:
         SlsProjectArn:
           Fn::Sub: acs:log:${ALIYUN::Region}::project/test-sls-project-for-actiontrail
         EventRW: All
         Name: test-trail
       DependsOn:
         - SlsLogStore
   Parameters: {}
   Outputs:
     Name:
       Value:
         Fn::GetAtt:
           - Trail
           - Name

   JSON format

   {
     "ROSTemplateFormatVersion": "2015-09-01",
     "Resources": {
       "SlsProject": {
         "Type": "ALIYUN::SLS::Project",
         "Properties": {
           "Name": "test-sls-project-for-actiontrail"
         }
       },
       "TrailLogging": {
         "Type": "ALIYUN::ACTIONTRAIL::TrailLogging",
         "Properties": {
           "Enable": true,
           "Name": {
             "Fn::GetAtt": [
               "Trail",
               "Name"
             ]
           }
         }
       },
       "SlsLogStore": {
         "Type": "ALIYUN::SLS::Logstore",
         "Properties": {
           "ProjectName": {
             "Fn::GetAtt": [
               "SlsProject",
               "Name"
             ]
           },
           "AutoSplit": true,
           "MaxSplitShard": 64,
           "LogstoreName": "actiontrail_test-trail",
           "AppendMeta": true,
           "ShardCount": 2,
           "EnableTracking": false,
           "PreserveStorage": true
         },
         "DependsOn": "SlsProject"
       },
       "Trail": {
         "Type": "ALIYUN::ACTIONTRAIL::Trail",
         "Properties": {
           "SlsProjectArn": {
             "Fn::Sub": "acs:log:${ALIYUN::Region}::project/test-sls-project-for-actiontrail"
           },
           "EventRW": "All",
           "Name": "test-trail"
         },
         "DependsOn": [
           "SlsLogStore"
         ]
       }
     },
     "Parameters": {},
     "Outputs": {
       "Name": {
         "Value": {
           "Fn::GetAtt": [
             "Trail",
             "Name"
           ]
         }
       }
     }
   }

4. Click Next. Then, select Yes for Rollback on Failure.

5. Click Create and execute the created stack.

6. View the result.

   

7. After the trail is created, you can call API operations, use SDKs, or go to the ActionTrail console to view the trail named test-trail.