Item | Single-account trail | Multi-account trail | Trail for the Inner-ActionTrail feature |
Scenario | An individual user can create a single-account trail to deliver events to a Simple Log Service Logstore, an Object Storage Service (OSS) bucket, or a MaxCompute project. An individual can create multiple single-account trails to perform the following tasks: Assign different types of events to different roles for auditing. Manage audit data for multiple regions based on compliance requirements. Create multiple replicas for an event.
| After an enterprise user creates a resource directory, a multi-account trail can be created to deliver events of all members in the resource directory to a Simple Log Service Logstore, an OSS bucket, or a MaxCompute project. | An individual user can create a trail for the Inner-ActionTrail feature to deliver Alibaba Cloud-initiated events that are generated when the Alibaba Cloud O&M team maintains services of the user to a Simple Log Service Logstore. |
Creation method | All Alibaba Cloud accounts can create single-account trails. | After an enterprise creates a resource directory and establishes an organizational structure in the resource directory, the management account of the resource directory can create a multi-account trail in the ActionTrail console. | Submit a ticket or contact your sales manager to add you to the whitelist of users who can create a trail for the Inner-ActionTrail feature. |
Supported services | Services that work with ActionTrail | Services that work with ActionTrail | Key Management Service (KMS), Data Security Center (DSC), OSS, Elastic Compute Service (ECS), ApsaraDB RDS, Container Service for Kubernetes (ACK), Container Registry (ACR), and E-MapReduce (EMR) |
Supported accounts | All Alibaba Cloud accounts | Management accounts | All Alibaba Cloud accounts |
Types of events to be delivered | Events that are generated when an individual user performs operations in the Alibaba Cloud Management Console, call API operations, or use developer tools to access and manage services in Alibaba Cloud. | Events that are generated when an enterprise user performs operations in the Alibaba Cloud Management Console, call API operations, or use developer tools to access and manage services in Alibaba Cloud | Alibaba Cloud-initiated events that are generated when the Alibaba Cloud O&M team maintains the services of a user |
Scope of events to be delivered | Events of the current account | Events of all members | Alibaba Cloud-initiated events of the current account |
Storage services for delivered events | Simple Log Service OSS MaxCompute
| Simple Log Service OSS MaxCompute
| Simple Log Service |
Event query methods | | Management account: | |
Maximum number of trails that can be created | Five in each region | One in all regions | One in all regions |
Event storage path in an OSS bucket | Management events: ooss://<bucket>/<Log file prefix>/AliyunLogs/Actiontrail/<region>/<Year>/<Month>/<Day>/<Log file name> Insights events: oss://<bucket>/<Log file prefix>/AliyunLogs/Actiontrail-insight/<region>/<Year>/<Month>/<Day>/<Log file name>
| | N/A |
Default name of a Simple Log Service Logstore in which events are stored | actiontrail_Single-account trail name
| actiontrail_Multi-account trail name
| innertrail_Name of a trail for the Inner-ActionTrail feature
|
MaxCompute table name | actiontrail_<Trail name> | actiontrail_<Multi-account trail name> | N/A |
Elastic Compute Service (ECS)
Lingma
