Help Center/ Cloud Trace Service/ Best Practices/ CTS Best Practices
Updated on 2025-07-03 GMT+08:00
View PDF
Share

CTS Best Practices

This document summarizes practices in common application scenarios of Cloud Trace Service (CTS). Each practice case is given detailed solution description and operation guidance, helping you easily build your audit services based on CTS.

Table 1 CTS best practices

Practice

Description

Auditing and Analyzing Logins and Logouts with FunctionGraph

This section describes how to use CTS to record real-time operations on cloud resources and their corresponding results.

You can create a CTS trigger in FunctionGraph to obtain operation records of subscribed cloud resources, analyze and process these operation records using custom functions, and report alarms. Then, Simple Message Notification (SMN) pushes alarm messages to service personnel by SMS or email.

Using LTS to Store and Query Audit Traces

This section takes Elastic Cloud Server (ECS) creation (operation name: createServer) as an example to describe how to store and query traces in Log Tank Service (LTS).

Using CTS to Monitor the Operation of Creating an IAM User

This section describes how to use operation audit and key event notifications of CTS to monitor the operation of creating an Identity and Access Management (IAM) user and send an alarm by email.

Using CTS to Monitor Access Key Usage

This section describes how to use the operation audit and audit log transfer to LTS functions of CTS to monitor access key-related traces, and how to use the log alarm function of LTS to report alarms.

Using CTS to Monitor Huawei Cloud Account Usage

This section describes how to monitor your Huawei Cloud account using the operation audit and audit log transfer to LTS functions of CTS, and how to use the log alarm function of LTS to report alarms.

Downloading Operation Traces from CTS

This section describes how to download traces from CTS, Object Storage Service (OBS), and LTS.

Monitoring DEW Key Usage Using CTS

This section describes how to use the operation audit and trace filtering and querying functions of CTS to monitor Data Encryption Workshop (DEW) key usage.

Continuously Transferring CTS Traces to Specified Services

This section describes how to continuously transfer traces from CTS to OBS and LTS.

Suggestions on CTS Security Configuration

This section provides actionable guidance for enhancing the overall security of CTS.