This topic describes the key fields in a management event. This topic also provides an example of a management event.
Key fields
Field | Description |
acsRegion | The ID of the region where the management event is generated. |
additionalEventData | The additional information about the management event. |
apiVersion | If the value of eventType is ApiCall, the management event records an API operation call. In this case, the field indicates the version of the API operation. |
eventCategory | The type of the event. Valid values: Management, which indicates a management event. |
eventId | The ID of the management event. |
eventName | The name of the management event.
|
eventRW | The read/write type of the management event. Valid values:
|
eventSource | The source of the management event. |
eventTime | The time when the management event is generated, in UTC. |
eventType | The type of the operation that is recorded in the management event. Valid values:
|
eventVersion | The format version of the management event. The current version is 1. |
errorCode | The error code that is returned when an error occurred during the processing of the API request. |
errorMessage | The error message that is returned when an error occurred during the processing of the API request. |
requestId | The request ID. |
requestParameters | The parameters specified in the API request. |
requestParameterJson | The parameters specified in the API request, in the JSON format. This field serves the same purpose as the requestParameters field. |
resourceName | The name of the event-associated resource. The name is the unique identifier of the resource. Note The names of resources of the same type are separated by commas (,). The names of resources of different types are separated by semicolons (;). |
resourceType | The type of the event-associated resource. Note Multiple resource types are separated by semicolons (;). |
responseElements | The response that is returned for the API request. |
referencedResources | The resources that are involved in the management event. |
serviceName | The name of the Alibaba Cloud service for which the management event is generated. |
sourceIpAddress | The IP address from which the management event is generated. Valid values:
|
userAgent | The agent that sends the API request. |
isGlobal | Indicates whether the event is a global event. Valid values:
|
eventAttributes | The attribute of the event. For more information, see Fields included in eventAttributes. |
userIdentity | The identity information about the requester. For more information, see Fields included in userIdentity. |
Table 1. Fields included in eventAttributes
Field | Description |
SensitiveAction | Indicates whether the operation that is recorded in the event is a sensitive operation. Valid values: true. |
Table 2. Fields included in userIdentity
Field | Description |
type | The type of the identity. Valid values:
|
principalId | The ID of the requester. You can use this field together with the type field to confirm the identity of the requester.
|
accountId | The ID of the Alibaba Cloud account of the requester. |
accessKeyId | The AccessKey ID that is used by the requester.
|
userName | The name of the requester.
|
sessionContext | The session context that is recorded when the requester sends an API request by using an STS token or performs an operation in the Alibaba Cloud Management Console. The session context includes creationDate and mfaAuthenticated.
|
Example
{
"eventId": "92b33345-0cef-47be-821f-fb9914d3****",
"eventAttributes": {
"SensitiveAction": "true"
},
"eventVersion": 1,
"sourceIpAddress": "ecs.aliyuncs.com",
"userAgent": "ecs.aliyuncs.com",
"eventRW": "Write",
"eventType": "ApiCall",
"referencedResources": {
"ACS::ECS::Instance": [
"i-8vb0smn1lf6g77md****"
],
"ACS::ECS::Disk": [
"d-8vbf8rpv2nn0l1zm****"
]
},
"userIdentity": {
"type": "system",
"userName": "ecs.aliyuncs.com"
},
"serviceName": "Ecs",
"requestId": "32B7EB75-62EE-511E-9449-E19EBF67C2ED",
"eventTime": "2022-10-22T21:52:00Z",
"isGlobal": false,
"acsRegion": "cn-hangzhou",
"eventName": "DeleteDisk"
}