Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
  • Blog
  • Pricing
  • Documentation
Yandex project
© 2025 Yandex.Cloud LLC
Yandex Audit Trails
  • Getting started
    • All guides
    • Creating a trail
    • Managing a trail
    • Handling errors
    • Viewing operations with service resources
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Management event reference
  • Data event reference
  • Release notes

In this article:

  • Object Storage bucket
  • ACCESS_DENIED
  • BUCKET_QUOTA_EXCEEDED
  • BUCKET_CLOUD_QUOTA_EXCEEDED
  • BUCKET_NOT_FOUND
  • BUCKET_INVALID_ENCRYPTION
  • UNKNOWN or INTERNAL_ERROR
  • Data Streams data stream
  • ACCESS_DENIED
  • STREAM_NOT_FOUND
  • DATABASE_INACTIVE
  • DATABASE_NOT_FOUND
  • UNKNOWN or INTERNAL_ERROR
  • Cloud Logging log group
  • ACCESS_DENIED
  • LOG_GROUP_NOT_FOUND
  • UNKNOWN or INTERNAL_ERROR
  • See also
  1. Step-by-step guides
  2. Handling errors

Handling errors

Written by
Yandex Cloud
Updated at April 22, 2025
  • Object Storage bucket
    • ACCESS_DENIED
    • BUCKET_QUOTA_EXCEEDED
    • BUCKET_CLOUD_QUOTA_EXCEEDED
    • BUCKET_NOT_FOUND
    • BUCKET_INVALID_ENCRYPTION
    • UNKNOWN or INTERNAL_ERROR
  • Data Streams data stream
    • ACCESS_DENIED
    • STREAM_NOT_FOUND
    • DATABASE_INACTIVE
    • DATABASE_NOT_FOUND
    • UNKNOWN or INTERNAL_ERROR
  • Cloud Logging log group
    • ACCESS_DENIED
    • LOG_GROUP_NOT_FOUND
    • UNKNOWN or INTERNAL_ERROR
  • See also

If a trail is unable to send audit logs to the destination object, its status will change to Error. This guide contains recommendations on how get the trail back to normal.

Note

A few minutes after the cause of the error is removed, the trail's status will revert to Active. All audit logs will be uploaded to the destination object.

Destination objects:

  • Object Storage bucket.
  • Data Streams stream.
  • log group Cloud Logging.

Object Storage bucketObject Storage bucket

ACCESS_DENIEDACCESS_DENIED

  • Make sure the service account used by the trail to upload audit logs to the bucket has the storage.uploader role or higher.
  • If the bucket is encrypted with the Yandex Key Management Service key, make sure the service account used by the trail to upload audit logs to the bucket has the kms.keys.decrypter role for the key.
  • If the trail delivers events to the encrypted bucket, check that the Key Management Service key for this bucket exists.
  • Check the bucket access control list (ACL) and bucket policy and make sure they contain no rules that disable the service account to write data to the bucket.

BUCKET_QUOTA_EXCEEDEDBUCKET_QUOTA_EXCEEDED

Increase the bucket size and delete the objects you do not need.

BUCKET_CLOUD_QUOTA_EXCEEDEDBUCKET_CLOUD_QUOTA_EXCEEDED

Contact support to have your Object Storage quota for the cloud increased.

BUCKET_NOT_FOUNDBUCKET_NOT_FOUND

Check the bucket specified in the trail settings. If the bucket was deleted:

  1. Create a new bucket with the same name as that specified in the trail settings.

    You can also change the trail settings by specifying a different bucket under Destination.

  2. If the bucket is encrypted with a Yandex Key Management Service key, assign the kms.keys.decrypter role for the key to the service account used by the trail to upload audit logs to the bucket.

BUCKET_INVALID_ENCRYPTIONBUCKET_INVALID_ENCRYPTION

Make sure the Yandex Key Management Service key used to encrypt the bucket has the Active status.

UNKNOWN or INTERNAL_ERRORUNKNOWN or INTERNAL_ERROR

Contact support for additional information and recommendations.

Data Streams data streamData Streams data stream

ACCESS_DENIEDACCESS_DENIED

Make sure the service account used by the trail to upload audit logs to the stream has the yds.writer role or higher.

STREAM_NOT_FOUNDSTREAM_NOT_FOUND

Check the stream specified in the trail settings. If the stream or its YDB database was deleted:

  1. Create a new stream.
  2. Change the trail settings by specifying the new stream under Destination.

DATABASE_INACTIVEDATABASE_INACTIVE

Make sure the YDB database has the Running status. Start the database if you need to, e.g., via the management console:

  1. From the list of services, select Managed Service for YDB.
  2. Click to the right of the database name and select Start.

DATABASE_NOT_FOUNDDATABASE_NOT_FOUND

Make sure the YDB database has the Running status, and the linked stream is Active. If the stream or its YDB database were deleted, create a new stream or database.

UNKNOWN or INTERNAL_ERRORUNKNOWN or INTERNAL_ERROR

Contact support for additional information and recommendations.

Cloud Logging log groupCloud Logging log group

ACCESS_DENIEDACCESS_DENIED

Make sure the service account used by the trail to upload audit logs to the log group has the logging.writer role or higher.

LOG_GROUP_NOT_FOUNDLOG_GROUP_NOT_FOUND

Check the log group specified in the trail settings. If the log group was deleted:

  1. Create a new log group.
  2. Change the trail settings by specifying the new log group under Destination.

UNKNOWN or INTERNAL_ERRORUNKNOWN or INTERNAL_ERROR

Contact support for additional information and recommendations.

See alsoSee also

  • Assigning roles to a service account

Was the article helpful?

Previous
Revoking roles assigned for a trail
Next
Getting a list of trails
Yandex project
© 2025 Yandex.Cloud LLC