ActionTrail allows you to monitor and record events that are generated within your Alibaba Cloud account. You can use ActionTrail to audit events within your Alibaba Cloud account in the last 90 days to ensure that the use of cloud services meets compliance requirements and security standards. For example, you can use ActionTrail to identify the Resource Access Management (RAM) user who performed a specific operation at a specific point in time. This topic describes how to query NAT gateway events in ActionTrail.
Background information
As the team manager, you use an Alibaba Cloud account to create multiple RAM users for your team members and grant the RAM users administrator permissions.
When you use a RAM user to associate an elastic IP address (EIP) with a NAT gateway that you created, the NAT gateway is already associated with an EIP. All RAM users have administrator permissions, and you cannot identify the RAM user who associated the existing EIP with the NAT gateway. In this case, you can query the events of the NAT gateway in ActionTrail to identify the RAM user who associated the existing EIP with the NAT gateway.
Procedure
Log on to the ActionTrail console.
In the left-side navigation pane, choose .
In the top navigation bar, select the required region.
Select Resource Name from the drop-down list.
NoteYou can also select the following query conditions: Read/Write Type, Operator, Service Name, Event Name, Resource Type, AccessKey ID, Sensitive Operation, and Event ID. You can select only one query condition at a time.
Enter the ID of the EIP in the search box and click the
icon. Find an event and click View Event Details in the Actions column to view the details of the event and the event code.
NoteThe View Event Details panel shows that a RAM user associated an EIP with the NAT gateway at 13:42:03 on December 20, 2023.
References
For more information about the fields in events, see Management event structure.