Yandex Audit Trails event reference
Written by
Updated at December 5, 2024
Audit Trails supports tracking of management (control plane) events and data (data plane) events for Yandex Identity and Access Management.
The general view of the event_type field value is as follows:
yandex.cloud.audit.iam.<event_name>
Management event reference
| Event name | Description |
|---|---|
AddFederatedUserAccounts |
Adding a user to a federation |
CreateAccessKey |
Creating a static key |
CreateApiKey |
Creating API keys |
CreateCertificate |
Adding a certificate for a federation |
CreateFederation |
Creating a federation |
CreateIamCookieForSubject |
Federated user login * |
CreateKey |
Creating a key pair for a service account |
CreateServiceAccount |
Creating a service account |
DeleteAccessKey |
Deleting a static key |
DeleteApiKey |
Deleting API keys |
DeleteCertificate |
Deleting a certificate for a federation |
DeleteFederation |
Deleting a federation |
DeleteKey |
Deleting a key pair for a service account |
DeleteServiceAccount |
Deleting a service account |
DetectLeakedCredential |
Detecting a secret in a public source |
DisableService |
Revoking service access to resources of other cloud services |
EnableService |
Granting service access to resources of other cloud services |
SetServiceAccountAccessBindings |
Assigning access permissions for a service account |
UpdateAccessKey |
Updating a static key |
UpdateApiKey |
Updating an API key |
UpdateCertificate |
Renewing a certificate |
UpdateFederation |
Updating a federation |
UpdateKey |
Updating a key pair |
UpdateServiceAccount |
Updating a service account |
UpdateServiceAccountAccessBindings |
Updating access permissions for a service account |
workload.CreateFederatedCredential |
Creating a link in a service account federation |
workload.DeleteFederatedCredential |
Deleting a link from a service account federation |
workload.oidc.CreateFederation |
Creating a service account federation |
workload.oidc.DeleteFederation |
Deleting a service account federation |
workload.oidc.UpdateFederation |
Updating a service account federation |
* The event is not logged in the audit log unless the audit log collection scope for the trail is Organization.
Data event reference
| Event name | Description |
|---|---|
CreateIamToken |
Creating an IAM token |
RevokeIamToken |
Revoking an IAM token |
oslogin.CheckSshPolicy |
Checking permissions to connect via SSH with OS Login access |
oslogin.GenerateSshCertificate |
Generating an SSH certificate for OS Login access |