Help Center/ Cloud Trace Service/ Best Practices/ Auditing and Analyzing Logins and Logouts with FunctionGraph/ Preparation
Updated on 2025-01-06 GMT+08:00
View PDF
Share

Preparation

Enabling CTS for the First Time

  1. Log in to the management console.
  2. If you log in to Huawei Cloud as an administrator, go to 3. If you log in to Huawei Cloud as an IAM user, first contact your CTS administrator (account owner or a user in the admin user group) to obtain the CTS FullAccess permissions.

    For details, see Assigning Permissions to an IAM User.

  3. Click in the upper left corner and choose Management & Governance > Cloud Trace Service. The CTS console is displayed.
  4. Choose Tracker List in the navigation pane on the left and click Enable CTS in the upper right corner. A management tracker named system will be automatically created.

    The management tracker records management traces, which are operations on all cloud resources, such as creation, login, and deletion. For details about the cloud services supported by CTS, see Supported Services and Operations.

Creating an Agency

  1. Log in to the IAM console, and choose Agencies in the navigation pane.
  2. On the Agencies page, click Create Agency.
  3. Set the agency information.

    • For Agency Name: Enter an agency name, for example, serverless_trust.
    • For Agency Type, select Cloud service.
    • For Cloud Service, select FunctionGraph.
    • For Validity Period, select Unlimited.
    • For Description, enter a description.

  4. Click Next. On the Select Policy/Role page, select CTS Administrator and SMN Administrator.

    • SMN Administrator: Users with this permission can perform any operation on SMN resources.
    • CTS Administrator depends on Tenant Guest. When you select the former, the latter will also be selected.

  5. Click Next, select an authorization scope that meets your service requirements, and click OK.

Pushing Alarm Messages

  • Create a topic named cts_test on the SMN console. For details, see Creating a Topic.
  • Add subscriptions to the cts_test topic to push alarm messages. For details, see Adding a Subscription.

    Alarm messages of a subscribed topic can be pushed through emails, SMS messages, and HTTP/HTTPS.

    In this example, when operation log events trigger the specified function, the function filters operations that are performed by users not in the IP address whitelist, and pushes alarm messages to the subscription endpoints.