Help Center> Cloud Trace Service> Getting Started> Enabling CTS
Updated on 2022-09-27 GMT+08:00
View PDF

Enabling CTS

Scenarios

You need to enable Cloud Trace Service (CTS) before using it to record operations on resources. After being enabled, CTS automatically creates a management tracker named system and records all operations of your tenant account in the tracker. CTS displays traces generated in the last seven days. To store traces for a long time, you can transfer them to Object Storage Service (OBS). Ensure that you have enabled OBS and have full permissions for the OBS bucket you are going to use.

This section describes how to enable CTS.

Associated Services

  • OBS: used to store trace files.

    You must select a standard OBS bucket because CTS needs to frequently access the OBS bucket that stores traces.

  • Data Encryption Workshop (DEW): Provides keys that can be used to encrypt trace files.
  • Simple Message Notification (SMN): Sends email or SMS message notifications to users when key operations are performed.

Procedure

  1. Log in to the management console.
  2. If you have logged in as an account administrator, go to 3 directly. If you have logged in as an IAM user, first contact your administrator (account owner, a user in the admin user group, or a user who has been granted the Security Administrator permissions) to obtain the following permissions:

    • Security Administrator
    • CTS FullAccess

    For details, see Assigning Permissions to an IAM User.

  3. Click in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS authorization page is displayed.

    Figure 1 Enabling CTS

  4. Click Enable and Authorize.

    After you enable CTS, two trackers are automatically created to record management traces, which are operations (such as creation, login, and deletion) performed on all cloud resources.

    • In the current region, a tracker is created to record management traces of all project-level services deployed in this region.
    • In the EU-Dublin region, a tracker is created to record management traces of all global services, such as IAM.

    When using CTS, you only need the required permissions for relevant operations, but do not need the Security Administrator permissions.