Key Operations Supported by CTS
With Cloud Trace Service (CTS), you can record IAM Identity Center operations for later query, auditing, and backtracking.
|
Operation |
Resource Type |
Event Name |
|---|---|---|
|
Enabling IAM Identity Center |
Instance |
StartIdentityCenter |
|
Disabling IAM Identity Center |
Instance |
DeleteIdentityCenter |
|
Registering a region |
Instance |
RegisterRegion |
|
Updating single sign-on (SSO) configuration |
Instance |
UpdateSsoConfiguration |
|
Updating the MFA device management in the identity store |
Instance |
UpdateMfaDeviceManagementForIdentityStore |
|
Adding a user-defined domain name |
Instance |
CreateAlias |
|
Enabling access control attributes for a specified instance |
Instance |
CreateInstanceAccessControlAttributeConfiguration |
|
Disabling access control attributes for a specified instance |
Instance |
DeleteInstanceAccessControlAttributeConfiguration |
|
Updating access control attributes for a specified instance |
Instance |
UpdateInstanceAccessControlAttributeConfiguration |
|
Assigning users/groups to a specified account with a specified permission set |
AccountAssignment |
CreateAccountAssignment |
|
Removing users/groups from a specified account with a specified permission set |
AccountAssignment |
DeleteAccountAssignment |
|
Deleting all permission sets associated with a user/group |
AccountAssignment |
DisassociateProfile |
|
Creating a permission set in a specified IAM Identity Center instance |
PermissionSet |
CreatePermissionSet |
|
Deleting a specified permission set |
PermissionSet |
DeletePermissionSet |
|
Updating a specified permission set |
PermissionSet |
UpdatePermissionSet |
|
Attaching a system-defined policy to a permission set |
PermissionSet |
AttachManagedPolicyToPermissionSet |
|
Detaching a system-defined policy from a permission set |
PermissionSet |
DetachManagedPolicyFromPermissionSet |
|
Attaching a system-defined role to a permission set |
PermissionSet |
AttachManagedRoleToPermissionSet |
|
Detaching a system-defined role from a permission set |
PermissionSet |
DetachManagedRoleFromPermissionSet |
|
Attaching a specified permission set to a specified account |
PermissionSet |
ProvisionPermissionSet |
|
Deleting a custom policy from a specified permission set |
PermissionSet |
DeleteCustomPolicy |
|
Attaching a custom policy to a permission set |
PermissionSet |
PutCustomPolicy |
|
Generating a credential for an IAM Identity Center user after user login |
User |
Authenticate |
|
Activating a device authorization code |
User |
ActiveDevice |
|
Canceling a device authorization code |
User |
CancelDevice |
|
Creating a user |
User |
CreateUser |
|
Deleting a user |
User |
DeleteUser |
|
Updating a user |
User |
UpdateUser |
|
Disabling a user |
User |
DisableUser |
|
Enabling a user |
User |
EnableUser |
|
Creating a virtual MFA device |
User |
CreateMfaDeviceForUser |
|
Deleting a virtual MFA device |
User |
DeleteMfaDeviceForUser |
|
Updating MFA information |
User |
UpdateMfaDeviceForUser |
|
Sending an email containing the password reset link or a one-time password |
User |
UpdatePwdMode |
|
Resetting a user password |
User |
ResetPassword |
|
Sending an email verification link |
User |
VerifyEmail |
|
Updating the email verification status |
User |
UpdateEmailStatus |
|
Creating a group |
Group |
CreateGroup |
|
Deleting a group |
Group |
DeleteGroup |
|
Updating a group |
Group |
UpdateGroup |
|
Adding a user to a group |
GroupMembership |
CreateGroupMembership |
|
Removing a user from a group |
GroupMembership |
DeleteGroupMembership |
|
Batch adding IAM Identity Center users to groups |
GroupMembership |
BatchCreateMembership |
|
Batch removing IAM Identity Center users from groups |
GroupMembership |
BatchDeleteMembership |
|
Batch replacing IAM Identity Center users in groups |
GroupMembership |
BatchReplaceMembership |
|
Creating external identity provider configuration |
IDP |
CreateExternalIdpConfigurationForDirectory |
|
Enabling external identity provider |
IDP |
EnableExternalIdpConfigurationForDirectory |
|
Deleting external identity provider configuration |
IDP |
DeleteExternalIdpConfigurationForDirectory |
|
Disabling external identity provider |
IDP |
DisableExternalIdpConfigurationForDirectory |
|
Updating external identity provider configuration |
IDP |
UpdateExternalIdpConfigurationForDirectory |
|
Deleting a certificate |
IDP |
DeleteExternalIdpCertificate |
|
Importing a certificate |
IDP |
ImportExternalIdpCertificate |
|
Creating a bearer token |
IDP |
CreateBearerToken |
|
Creating the tenant information corresponding to the identity source |
IDP |
CreateProvisioningTenant |
|
Deleting a bearer token |
IDP |
DeleteBearerToken |
|
Deleting the tenant information corresponding to the identity source |
IDP |
DeleteProvisioningTenant |
|
Adding tags to the specified resource |
Tag |
CreateTagResource |
|
Deleting specified tags from specified resources |
Tag |
DeleteTagResource |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
