A single-account trail, a multi-account trail, and a trail for the Inner-ActionTrail feature in ActionTrail are all designed to implement long-term event storage and management for subsequent review and tracking. The three types of trail provide different levels of auditing and monitoring capabilities. You can select a type of trail based on your business and compliance requirements to ensure effective monitoring and auditing.
The following table describes the differences among a single-account trail, a multi-account trail, and a trail for the Inner-ActionTrail feature.
Item | Single-account trail | Multi-account trail | Trail for the Inner-ActionTrail feature |
Scenario | An individual user can create a single-account trail to deliver events to a Simple Log Service Logstore, an Object Storage Service (OSS) bucket, or a MaxCompute project. An individual can create multiple single-account trails to perform the following tasks:
| After an enterprise user creates a resource directory, a multi-account trail can be created to deliver events of all members in the resource directory to a Simple Log Service Logstore, an OSS bucket, or a MaxCompute project. | An individual user can create a trail for the Inner-ActionTrail feature to deliver Alibaba Cloud-initiated events that are generated when the Alibaba Cloud O&M team maintains services of the user to a Simple Log Service Logstore. |
Creation method | All Alibaba Cloud accounts can create single-account trails. | After an enterprise creates a resource directory and establishes an organizational structure in the resource directory, the management account of the resource directory can create a multi-account trail in the ActionTrail console. | Submit a ticket or contact your sales manager to add you to the whitelist of users who can create a trail for the Inner-ActionTrail feature. |
Supported services | Key Management Service (KMS), Data Security Center (DSC), OSS, Elastic Compute Service (ECS), ApsaraDB RDS, Container Service for Kubernetes (ACK), Container Registry (ACR), and E-MapReduce (EMR) | ||
Supported accounts | All Alibaba Cloud accounts | Management accounts | All Alibaba Cloud accounts |
Types of events to be delivered | Events that are generated when an individual user performs operations in the Alibaba Cloud Management Console, call API operations, or use developer tools to access and manage services in Alibaba Cloud. | Events that are generated when an enterprise user performs operations in the Alibaba Cloud Management Console, call API operations, or use developer tools to access and manage services in Alibaba Cloud | Alibaba Cloud-initiated events that are generated when the Alibaba Cloud O&M team maintains the services of a user |
Scope of events to be delivered | Events of the current account | Events of all members | Alibaba Cloud-initiated events of the current account |
Storage services for delivered events |
|
| Simple Log Service |
Event query methods |
| Management account:
|
|
Maximum number of trails that can be created | Five in each region | One in all regions | One in all regions |
Event storage path in an OSS bucket |
| N/A | |
Default name of a Simple Log Service Logstore in which events are stored |
|
|
|
MaxCompute table name | actiontrail_<Trail name> | actiontrail_<Multi-account trail name> | N/A |