Enabling CTS

Cloud Trace Service (CTS) is a professional log auditing service in security solutions, providing collection, storage, and querying capabilities for operation records of various cloud resources. It supports common application scenarios such as security analysis, compliance auditing, resource tracking, and issue troubleshooting.

To facilitate the review of key IAM operation events—such as user creation, user deletion, and others—administrators need to enable the CTS.

Procedure

Step 1: The administrator logs in to the console.

Step 2: Select Console > Cloud Audit . If the account has not previously activated CTS, the system will redirect to the CTS authorization page. Click Consent to authorize and activate to proceed to the CTS page.

Step 3: Create a management tracker in the Guizhou region to record IAM service management operation events.

When performing IAM operations (e.g., creating users, user groups, etc.), CTS will log these activities. The table below lists the IAM-related operation events supported by CTS for recording.

Table List of IAM Operations Supported by CTS

Operation Name	Resource Type	Event Name
User Login	user	login
User Logout	user	logout
Create a User	user	createUser
Modify User Information	user	updateUser
Delete a User	user	deleteUser
Create AK/SK	user	createCredential, addCredential
Delete AK/SK	user	deleteCredential
Deactivate or Activate AK/SK	user	changeCredentialStatus
Modify AK/SK	user	updateCredential
Create a User Group	userGroup	createUserGroup
Update a User Group	userGroup	updateGroup, updateUserGroup
Delete a User Group	userGroup	deleteUserGroup
Add a User to a User Group	userGroup	addUserToGroup, updateUser/updateUserGroup
Remove a User from a User Group	userGroup	removeUserFromGroup, updateUser/updateUserGroup
Create a Delegation	agency	createAgency
Update a Delegation	agency	updateAgency
Delete a Delegation	agency	deleteAgency
Switch Role	agency	switchRole
Token	createToken
Create a Custom Policy	role	createRole
Update a Custom Policy	role	updateRole
Delete a Custom Policy	role	deleteRole

Viewing IAM Cloud Audit Logs

After enabling the eSurfing Cloud CTS service, it begins recording operational events, including those from IAM and other services. This service retains operation records for the last 7 days.

Procedure

Step 1: The administrator performs operations on the IAM Console, such as logging into the console or creating an IAM user.

Step 2: Go to the to Console view the IAM operation records.

Step 3: Click to view the basic information of the event.

Step 4: Click View Events to check the event structure.

Identity and Access Management (Class II Node)