Enabling CTS
Cloud Trace Service (CTS) is a professional log auditing service in security solutions, providing collection, storage, and querying capabilities for operation records of various cloud resources. It supports common application scenarios such as security analysis, compliance auditing, resource tracking, and issue troubleshooting.
To facilitate the review of key IAM operation events—such as user creation, user deletion, and others—administrators need to enable the CTS.
Procedure
Step 1: The administrator logs in to the console.
Step 2: Select Console > Cloud Audit . If the account has not previously activated CTS, the system will redirect to the CTS authorization page. Click Consent to authorize and activate to proceed to the CTS page.
Step 3: Create a management tracker in the Guizhou region to record IAM service management operation events.
When performing IAM operations (e.g., creating users, user groups, etc.), CTS will log these activities. The table below lists the IAM-related operation events supported by CTS for recording.
Table List of IAM Operations Supported by CTS
Operation Name | Resource Type | Event Name |
User Login | user | login |
User Logout | user | logout |
Create a User | user | createUser |
Modify User Information | user | updateUser |
Delete a User | user | deleteUser |
Create AK/SK | user | createCredential, addCredential |
Delete AK/SK | user | deleteCredential |
Deactivate or Activate AK/SK | user | changeCredentialStatus |
Modify AK/SK | user | updateCredential |
Create a User Group | userGroup | createUserGroup |
Update a User Group | userGroup | updateGroup, updateUserGroup |
Delete a User Group | userGroup | deleteUserGroup |
Add a User to a User Group | userGroup | addUserToGroup, updateUser/updateUserGroup |
Remove a User from a User Group | userGroup | removeUserFromGroup, updateUser/updateUserGroup |
Create a Delegation | agency | createAgency |
Update a Delegation | agency | updateAgency |
Delete a Delegation | agency | deleteAgency |
Switch Role | agency | switchRole |
Token | createToken | |
Create a Custom Policy | role | createRole |
Update a Custom Policy | role | updateRole |
Delete a Custom Policy | role | deleteRole |
Viewing IAM Cloud Audit Logs
After enabling the eSurfing Cloud CTS service, it begins recording operational events, including those from IAM and other services. This service retains operation records for the last 7 days.
Procedure
Step 1: The administrator performs operations on the IAM Console, such as logging into the console or creating an IAM user.
Step 2: Go to the to Console view the IAM operation records.
Step 3: Click to view the basic information of the event.
Step 4: Click View Events to check the event structure.