All Products
Search
Document Center

ActionTrail:Overview

Last Updated:Mar 08, 2024

ActionTrail provides the AccessKey pair audit feature to monitor account access activities in a comprehensive manner. You can use the feature to perform in-depth review and management of AccessKey pair usage within your account. The AccessKey pair audit feature allows you to query the basic information about an AccessKey pair, the accessed Alibaba Cloud services by using the AccessKey pair, and related IP addresses and resources. This helps understand the usage records of the AccessKey pair and handle exceptions such as AccessKey pair leaks at the earliest opportunity. You can rotate the AccessKey pair based on the query results.

Use scenarios

Enterprises may encounter issues related to AccessKey pairs in the cloud, such as alerts for and leaks of AccessKey pairs. The AccessKey pair audit feature allows you to query the logs of AccessKey pairs. The logs can be used as a reference for subsequent operations. The following list describes the use scenarios of the AccessKey pair audit feature:

  • Track exceptions

    If anomalous activities are detected for an AccessKey pair, you can query the usage records of the AccessKey pair and check whether the AccessKey pair is used to access resources within expectations. For example, Enterprise A receives an alert for an AccessKey pair in Security Center. In this case, Enterprise A must query the recent usage records of the AccessKey pair to identify the exception.

  • Confirm leaks

    If an AccessKey pair is suspected of being leaked, you can query the logs of the AccessKey pair that are generated within a specific period of time to check whether the AccessKey pair is leaked. The logs also provide a reference for whether to rotate the AccessKey pair. For example, the information about an AccessKey pair of Enterprise A is found in open source documentation. The AccessKey pair is suspected of being leaked. In this case, Enterprise A must query the logs of the AccessKey pair to check whether the AccessKey pair is leaked.

Usage notes

You can query the usage records of an AccessKey pair that is used to access Alibaba Cloud services for up to 400 days since February 1, 2022.

Note

Audit data is updated at 1-hour intervals, which can cause query latency. We recommend that you do not change an AccessKey pair unless necessary.

Supported Alibaba Cloud services and events

For more information about the Alibaba Cloud services and events that are supported by the AccessKey pair audit feature, see Supported Alibaba Cloud services and events.