IAM Operations Supported by CTS
Scenarios
With Cloud Trace Service (CTS), you can record operations associated with IAM for future query, audit, and backtracking.
Prerequisites
CTS has been enabled.
Key Operations Recorded by CTS
|
Operation |
Resource Type |
Trace Name |
|---|---|---|
|
Creating an IAM user |
user |
createUserV5 |
|
Deleting an IAM user |
user |
deleteUserV5 |
|
Modifying IAM user information |
user |
updateUserV5 |
|
Creating a user group |
group |
createGroupV5 |
|
Deleting a user group |
group |
deleteGroupV5 |
|
Modifying a user group |
group |
updateGroupV5 |
|
Adding an IAM user to a user group |
group |
addUserToGroupV5 |
|
Removing an IAM user from a user group |
group |
removeUserFromGroupV5 |
|
Attaching an identity policy to a group |
group |
attachGroupPolicyV5 |
|
Detaching an identity policy from a user group |
group |
detachGroupPolicyV5 |
|
Querying user group attributes |
group |
getGroupSummaryV5 |
|
Querying user groups |
group |
listGroupsV5 |
|
Querying user group details |
group |
showGroupV5 |
|
Querying all identity policies attached to a specified group |
group |
listAttachedGroupPoliciesV5 |
|
Creating a trust agency |
agency |
createAgencyV5 |
|
Deleting a trust agency |
agency |
deleteAgencyV5 |
|
Modifying a trust agency |
agency |
updateAgencyV5 |
|
Modifying the trust policy of a trust agency |
agency |
updateTrustPolicyV5 |
|
Attaching an identity policy to an agency or a trust agency |
agency |
attachAgencyPolicyV5 |
|
Detaching an identity policy from an agency or a trust agency |
agency |
detachAgencyPolicyV5 |
|
Creating a service-linked agency |
agency |
createServiceLinkedAgencyV5 |
|
Deleting a service-linked agency |
agency |
deleteServiceLinkedAgencyV5 |
|
Querying agency or trust agency details |
agency |
getAgencyV5 |
|
Listing agencies and trust agencies based on specified conditions |
agency |
listAgenciesV5 |
|
Querying all identity policies attached to a specified agency or trust agency |
agency |
listAttachedAgencyPoliciesV5 |
|
Obtaining the deletion status of a service-linked agency |
agency |
getServiceLinkedAgencyDeletionStatusV5 |
|
Obtaining temporary security credentials through an agency or trust agency |
agency |
agencyAssume |
|
Obtain temporary security credentials using a service-linked agency |
agency |
assumeWithServicePrincipal |
|
Attaching an identity policy to an IAM user |
user |
attachUserPolicyV5 |
|
Detaching an identity policy from an IAM user |
user |
detachUserPolicyV5 |
|
Changing the password of an IAM user |
user |
changePasswordV5 |
|
Creating IAM user login information |
user |
createLoginProfileV5 |
|
Modifying IAM user login information |
user |
updateLoginProfileV5 |
|
Deleting IAM user login information |
user |
deleteLoginProfileV5 |
|
Querying all identity policies attached to a specified IAM user |
user |
listAttachedUserPoliciesV5 |
|
Querying the user list |
user |
listUsersV5 |
|
Querying IAM user details |
user |
showUserV5 |
|
Querying the last login time of an IAM user |
user |
showUserLastLoginV5 |
|
Querying the login information of an IAM user |
user |
showLoginProfileV5 |
|
Creating a permanent access key |
AccessKey |
createAccessKeyV5 |
|
Modifying a permanent access key |
AccessKey |
updateAccessKeyV5 |
|
Deleting a permanent access key |
AccessKey |
deleteAccessKeyV5 |
|
Querying all permanent access keys |
AccessKey |
listAccessKeysV5 |
|
Querying the last use time of a specified permanent access key |
AccessKey |
showAccessKeyLastUsedV5 |
|
Modifying the password policy |
- |
updatePasswordPolicyV5 |
|
Modifying the login authentication policy |
- |
updateLoginPolicyV5 |
|
Enabling or disabling the asymmetric signature for a user |
- |
setAsymmetricSignatureSwitchV5 |
|
Obtaining account summary information |
- |
getAccountSummaryV5 |
|
Obtaining the asymmetric signature switch status of an account |
- |
getAsymmetricSignatureSwitchV5 |
|
Querying the authorization summary of a specified service |
- |
getAuthorizationSchemaV5 |
|
Listing registered cloud services |
- |
listRegisteredServicesForAuthSchemaV5 |
|
Obtaining the function status of an account |
- |
getFeatureStatusV5 |
|
Querying the login authentication policy |
- |
showLoginPolicyV5 |
|
Querying the password policy |
- |
showPasswordPolicyV5 |
|
Querying the token support policy |
- |
showTokenPolicyV5 |
|
Obtaining all service principals |
- |
listServicePrincipalsV5 |
|
Creating a virtual MFA device |
mfa |
createVirtualMfaDeviceV5 |
|
Disabling a virtual MFA device |
mfa |
disableMfaDeviceV5 |
|
Enabling a virtual MFA device |
mfa |
enableMfaDeviceV5 |
|
Deleting a virtual MFA device |
mfa |
deleteVirtualMfaDeviceV5 |
|
Listing all MFA devices |
mfa |
listMfaDevicesV5 |
|
Adding a tag to IAM resources |
agency or user |
tagResourceV5 |
|
Deleting some tags of specified resources |
agency or user |
deleteResourceTagsV5 |
|
Creating a custom identity policy |
policy |
createPolicyV5 |
|
Deleting a custom identity policy |
policy |
deletePolicyV5 |
|
Setting a specified identity policy version as the default version |
policy |
setDefaultPolicyVersionV5 |
|
Deleting a specified identity policy version |
policy |
deletePolicyVersionV5 |
|
Creating a version for a specified identity policy |
policy |
createPolicyVersionV5 |
|
Obtaining an identity policy based on the identity policy ID |
policy |
getPolicyV5 |
|
Querying all identity policies |
policy |
listPoliciesV5 |
|
Querying a specified identity policy version |
policy |
getPolicyVersionV5 |
|
Querying all versions of a specified identity policy |
policy |
listPolicyVersionsV5 |
|
Creating an access analyzer |
Analyzer |
CreateAnalyzer |
|
Deleting an access analyzer |
Analyzer |
DeleteAnalyzer |
|
Scanning the policy of specified resources |
Analyzer |
StartResourceScan |
|
Updating the finding status |
Analyzer |
UpdateFindings |
|
Adding a tag to an analyzer |
Analyzer |
TagResource |
|
Deleting a tag from an analyzer |
Analyzer |
UntagResource |
|
Creating an access preview |
Analyzer |
CreateAccessPreview |
|
Creating an archive rule for an analyzer |
ArchiveRule |
CreateArchiveRule |
|
Deleting an archive rule |
ArchiveRule |
DeleteArchiveRule |
|
Updating an archive rule |
ArchiveRule |
UpdateArchiveRule |
|
Applying an archive rule |
ArchiveRule |
ApplyArchiveRule |
|
Creating notification settings |
NotificationSetting |
CreateNotificationSetting |
|
Updating notification settings |
NotificationSetting |
UpdateNotificationSetting |
|
Deleting message notification settings |
NotificationSetting |
DeleteNotificationSetting |
|
Obtaining all tags of a specified resource |
resource_type |
listResourceTagsV5 |
|
Decoding the authentication failure cause |
authorizationMessage |
decodeAuthorizationMessage |
|
Obtaining the identity information of a caller |
identity |
callerIdentity |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
