Overview

更新时间:
复制 MD 格式

ActionTrail's AccessKey pair audit lets you investigate how an AccessKey pair has been used across Alibaba Cloud services. For any AccessKey pair, you can retrieve its basic information, the services it accessed, the source IP addresses, and the affected resources — giving you the evidence needed to respond to alerts or confirm a suspected leak.

Use cases

When an AccessKey pair issue arises — an alert from Security Center, or credentials found in a public repository — AccessKey pair audit gives you the logs to investigate what happened and decide on next steps.

  • Track exceptions

    If anomalous activity is detected for an AccessKey pair, query its usage records to check whether it accessed resources within expectations.

  • Confirm leaks

    If an AccessKey pair is suspected of being leaked, query its logs for a specific time period to confirm whether unauthorized use occurred. The query results also indicate whether to rotate the AccessKey pair.

Limits

AccessKey pair audit covers usage records from February 1, 2022 onward.

Note

Audit data is updated every hour, so recent activity may not appear immediately. We recommend that you do not modify or rotate an AccessKey pair unless necessary.

Supported Alibaba Cloud services and events

For more information about the Alibaba Cloud services and events that AccessKey pair audit supports, see Supported Alibaba Cloud services and events.

By default, AccessKey pair audit queries management events only. To query data events, first create a trail for data events.