This section describes the ActionTrail APIs that can be authorized to a RAM account.

Before an API is called, permissions are checked to ensure that the caller is authorized to call the API to operate specific resources.

The following table describes the API authentication rules.

Action Resource description
actiontrail:CreateTrail acs:actiontrail:${region}:${AccountId}:*
actiontrail:DescribeTrails acs:actiontrail:${region}:${AccountId}:*
actiontrail:GetTrailStatus acs:actiontrail:${region}:${AccountId}:*
actiontrail:StartLogging acs:actiontrail:${region}:${AccountId}:*
actiontrail:StopLogging acs:actiontrail:${region}:${AccountId}:*
actiontrail:UpdateTrail acs:actiontrail:${region}:${AccountId}:*
actiontrail:DeleteTrail acs:actiontrail:${region}:${AccountId}:*
actiontrail:LookupEvents acs:actiontrail:${region}:${AccountId}:*