Enabling CTS
CTS records operations performed on cloud resources in your account. The operation logs can be used to perform security analysis, track resource changes, perform compliance audits, and locate faults.
It is recommended that you enable the CTS service to record key IAM operations, such as creating and deleting users.
Procedure
- Log in to the management console.
- If you log in to HUAWEI CLOUD using an account, go to 3. If you log in as an IAM user, request the administrator to grant you the following permissions:
- Security Administrator
- CTS FullAccess
For details, see Assigning Permissions to an IAM User.
- Choose Service List > Management & Governance > Cloud Trace Service.
Figure 1 Enabling and authorizing CTS
- On the displayed authorization page, click Enable and Authorize.
- When using CTS, you must have the required permissions for relevant operations, but do not need to be granted the Security Administrator role again.
- After you enable CTS, the system automatically creates two trackers to record management traces, that is, operations (such as creation, login, and deletion) performed on all cloud resources.
- In the current region, a tracker is created to record management traces of all project-level services deployed in this region.
- In the CN North-Beijing4 region, a tracker is created to record management traces of all global services, such as IAM.
|
Operation |
Resource Type |
Trace Name |
|---|---|---|
|
Login |
user |
login |
|
Login failure |
user |
loginFailed |
|
Logout |
user |
logout |
|
Changing the password at first login (by an IAM user) |
user |
changePassword |
|
Resetting the password |
user |
fpwdResetSuccess |
|
Creating a user |
user |
createUser |
|
Changing the email address or mobile number |
user |
updateUser |
|
Deleting a user |
user |
deleteUser |
|
Creating an access key (AK/SK) |
user |
createCredential |
|
Deleting an access key (AK/SK) |
user |
deleteCredential |
|
Changing the password |
user |
updateUserPwd |
|
Successful initial login as a federated user |
user |
tenantLoginBySamlSuccess |
|
Successful login using cached information as a federated user |
user |
federationLoginNoPwdSuccess |
|
Creating a user group |
userGroup |
createGroup |
|
Modifying a user group |
userGroup |
updateGroup |
|
Deleting a user group |
userGroup |
deleteGroup |
|
Adding users to a user group |
userGroup |
addUserToGroup |
|
Removing users from a user group |
userGroup |
removeUserFromGroup |
|
Unbinding a virtual MFA device |
MFA |
UnBindMFA |
|
Binding a virtual MFA device |
MFA |
BindMFA |
|
Creating a project |
project |
createProject |
|
Modifying a project |
project |
updateProject |
|
Creating an agency |
agency |
createAgency |
|
Modifying an agency |
agency |
updateAgency |
|
Deleting an agency |
agency |
deleteAgency |
|
Registering an identity provider |
identityProvider |
createIdentityProvider |
|
Modifying an identity provider |
identityProvider |
updateIdentityProvider |
|
Deleting an identity provider |
identityProvider |
deleteIdentityProvider |
|
Updating the login authentication policy |
SecurityPolicy |
modifySecurityPolicy |
|
Modifying the password policy |
SecurityPolicy |
modifySecurityPolicy |
|
Modifying the ACL |
SecurityPolicy |
modifySecurityPolicy |
Last Article: Viewing IAM Operation Records
Next Article: Viewing IAM Audit Logs
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.