Resource Management is integrated with ActionTrail. In the ActionTrail console, you can query the management events that are generated when you manage Resource Management resources. ActionTrail can deliver management events to Logstores in Log Service or Object Storage Service (OSS) buckets. This way, you can audit the events in real time and locate the causes of issues.
ActionTrail generates management events when you manage cloud resources by using APIs or the Alibaba Cloud Management Console. The following table describes the management events of Resource Management that you can query in the ActionTrail console.
Event name | Description |
AcceptHandshake | Accepts an invitation. |
AcceptResourceShareInvitation | Accepts a resource sharing invitation. |
AssociateResourceShare | Associates resources or members with a resource share. |
AttachControlPolicy | Attaches a custom access control policy. |
AttachPolicy | Attaches a policy to an object. |
BindSecureMobilePhone | Binds a mobile phone number to a resource account. |
CancelCreateCloudAccount | Cancels the creation of a member of the cloud account type. |
CancelHandshake | Cancels an invitation. |
CancelPromoteResourceAccount | Cancels the switching for the type of a member from resource account to cloud account. |
CheckAccountDelete | Performs a member deletion check. |
CheckPayabilityForAccount | Checks whether the Alibaba Cloud account is available. |
CheckServiceLinkedRoleExistence | Checks the service-linked role that you want to delete. |
CheckServiceLinkedRoleForDeleting | Checks whether a service-linked role can be deleted. |
CheckSharingWithResourceDirectoryStatus | Checks the status of resource sharing. |
CreateCloudAccount | Creates a member of the cloud account type. |
CreateControlPolicy | Creates a custom access control policy. |
CreateFolder | Creates a folder. |
CreatePolicy | Creates a policy. |
CreatePolicyVersion | Creates a version of a policy. |
CreateResourceAccount | Creates a member of the resource account type. |
CreateResourceGroup | Creates a resource group. |
CreateResourceShare | Creates a resource share. |
CreateRole | Creates a Resource Access Management (RAM) role. |
CreateServiceLinkedRole | Creates a service-linked role. |
DeclineHandshake | Rejects an invitation. |
DeleteAccount | Deletes a member of the resource account type. |
DeleteControlPolicy | Deletes a custom access control policy. |
DeleteFolder | Deletes a folder. |
DeleteInvalidCloudAccountRecord | Deletes invalid cloud accounts. |
DeletePolicy | Deletes a policy. |
DeletePolicyVersion | Deletes a version of a policy. |
DeleteResourceGroup | Deletes a resource group. |
DeleteResourceShare | Deletes a resource share. |
DeleteRole | Deletes a RAM role. |
DeleteServiceLinkedRole | Deletes a service-linked role. |
DeregisterDelegatedAdministrator | Removes a delegated administrator account. |
DescribeRegions | Queries the regions in which Resource Sharing is available. |
DestoryResourceDirectory | Deletes a resource directory. |
DestroyResourceDirectory | Disables a resource directory. |
DetachControlPolicy | Detaches a custom access control policy. |
DetachPolicy | Detaches a policy from an object. |
DisableControlPolicy | Disables the Control Policy feature. |
DisassociateResourceShare | Disassociates resources or accounts from a resource share. |
EnableControlPolicy | Enables the Control Policy feature. |
EnableResourceDirectory | Enables a resource directory. |
EnableSharingWithResourceDirectory | Enables resource sharing within a resource directory. |
GetAccount | Queries the information about a member. |
GetAccountDeletionCheckResult | Queries the result of a member deletion check. |
GetAccountDeletionStatus | Queries the deletion status of a member. |
GetAccountSummary | Queries the overview information about an Alibaba Cloud account. |
GetControlPolicy | Queries the details of an access control policy. |
GetControlPolicyEnablementStatus | Queries the status of the Control Policy feature. |
GetFolder | Queries the information about a folder. |
GetHandshake | Queries the information about an invitation. |
GetPayerForAccount | Queries the information about a billing account. |
GetPolicy | Queries the information about a policy. |
GetPolicyVersion | Queries the information about a policy version. |
GetResourceDirectory | Queries the information about a resource directory. |
GetResourceDirectoryAccount | Queries a member of a resource directory. |
GetResourceGroup | Queries the information about a resource group. |
GetRole | Queries the information about a RAM role. |
GetServiceLinkedRoleDeletionStatus | Queries the status of the task that is used to delete a service-linked role. |
GetServiceLinkedRoleTemplate | Queries a service-linked role template. |
InitResourceDirectory | Enables a resource directory. |
InitResourceDirectoryCheck | Checks whether a resource directory exists. |
InitSharingWithResourceDirectory | Initializes resource sharing. |
InviteAccountToResourceDirectory | Invites an account to join a resource directory. |
ListAccountRecordsForParent | Queries the information about the accounts in a folder. |
ListAccounts | Queries the information about all members in a resource directory. |
ListAccountsForParent | Queries the information about members in a folder. |
ListAncestors | Queries the information about all parent folders of a specified folder. |
ListChildrenForParent | Queries all members and folders in a specified parent folder. |
ListControlPolicies | Queries access control policies. |
ListControlPolicyAttachmentsForTarget | Queries the access control policies that are attached to a folder or member. |
ListDelegatedAdministrators | Queries delegated administrator accounts. |
ListDelegatedServicesForAccount | Queries the trusted services for which a member is specified as a delegated administrator account. |
ListFoldersForParent | Queries the information about all subfolders of a folder. |
ListHandshakesForAccount | Queries the invitations that are associated with an account. |
ListHandshakesForResourceDirectory | Queries invitations in a resource directory. |
ListParents | Queries the parent folders of a subfolder. |
ListPolicies | Queries permission policies. |
ListPolicyAttachments | Queries the attachment records of permission policies. |
ListPolicyVersions | Queries the versions of a policy. |
ListResourceGroups | Queries resource groups. |
ListResources | Queries resources that can be accessed by the current account in resource groups. |
ListResourceShareAssociations | Queries the association records of resource shares. |
ListResourceShareInvitations | Queries the resource sharing invitations that are received. |
ListResourceShares | Queries resource shares. |
ListRoles | Queries RAM roles. |
ListRolesForService | Queries RAM roles for a service. |
ListSharedResources | Queries the resources you share with other accounts or the resources other accounts share with you. |
ListSharedTargets | Queries principals. |
ListTagKeys | Queries tag keys. |
ListTagResources | Queries tags. |
ListTagValues | Queries tag values. |
ListTargetAttachmentsForControlPolicy | Queries the objects to which an access control policy is attached. |
ListTrustedServiceStatus | Queries the Alibaba Cloud services that are integrated with Resource Directory. |
MoveAccount | Moves a member from a folder to another. |
MoveResources | Moves resources from one resource group to another. |
PrecheckForConsolidatedBillingAccount | Checks whether an account in a resource directory can be the main account. |
PromoteResourceAccount | Upgrades a member from a resource account to a cloud account. |
QueryResource | Queries resources. |
RegisterDelegatedAdministrator | Specifies a member in a resource directory as a delegated administrator account of a trusted service. |
RejectResourceShareInvitation | Rejects a resource sharing invitation. |
RemoveCloudAccount | Removes a member of the cloud account type. |
ResendCreateCloudAccountEmail | Resends an email that is used to confirm the creation of a cloud account. |
ResendPromoteResourceAccountEmail | Resends an email that is used to confirm the upgrade from a resource account to a cloud account. |
SendVerificationCodeForBindSecureMobilePhone | Sends a verification code to the mobile phone number that you want to bind to a resource account in a resource directory for security purposes. |
SendVerificationCodeForEnableRD | Sends a verification code to the mobile phone number bound to a newly created account. |
SetDefaultPolicyVersion | Configures the default version for a policy. |
SetMemberDeletionPermission | Enables or disables the member deletion feature. |
TagResources | Creates and adds tags to specified resources. |
UntagResources | Removes tags from specified resources. |
UpdateAccount | Changes the name of a member. |
UpdateControlPolicy | Updates a custom access control policy. |
UpdateFolder | Changes the name of a folder. |
UpdateResourceGroup | Updates the basic information about a resource group. |
UpdateResourceGroupListAclMode | Changes the status of the switch that controls whether you can query ACLs of a resource group. |
UpdateResourceShare | Modifies the name of a resource share. |
UpdateRole | Updates the information about a RAM role. |