Yandex Audit Trails event reference
Written by
Updated at November 20, 2024
Audit Trails supports tracking of management (control plane) events and data (data plane) events for Yandex Identity and Access Management.
The general view of the event_type field value is as follows:
yandex.cloud.audit.iam.<event_name>
Management event reference
| Event name | Description |
|---|---|
AddFederatedUserAccounts |
Adding a user to a federation |
CreateAccessKey |
Creating a static key |
CreateApiKey |
Creating API keys |
CreateCertificate |
Adding a certificate for a federation |
CreateFederation |
Creating a federation |
CreateIamCookieForSubject |
Federated user login * |
CreateKey |
Creating a key pair for a service account |
CreateServiceAccount |
Creating a service account |
DeleteAccessKey |
Deleting a static key |
DeleteApiKey |
Deleting API keys |
DeleteCertificate |
Deleting a certificate for a federation |
DeleteFederatedUserAccounts |
Deleting a user from a federation |
DeleteFederation |
Deleting a federation |
DeleteKey |
Deleting a key pair for a service account |
DeleteServiceAccount |
Deleting a service account |
DetectLeakedCredential |
Detecting a secret in a public source |
SetServiceAccountAccessBindings |
Assigning access permissions for a service account |
UpdateAccessKey |
Updating a static key |
UpdateApiKey |
Updating an API key |
UpdateCertificate |
Renewing a certificate |
UpdateFederation |
Updating a federation |
UpdateKey |
Updating a key pair |
UpdateServiceAccount |
Updating a service account |
UpdateServiceAccountAccessBindings |
Updating access permissions for a service account |
workload.CreateFederatedCredential |
Creating a link in a service account federation |
workload.DeleteFederatedCredential |
Deleting a link from a service account federation |
workload.oidc.CreateFederation |
Creating a service account federation |
workload.oidc.DeleteFederation |
Deleting a service account federation |
workload.oidc.UpdateFederation |
Updating a service account federation |
* The event will not end up in the audit log unless the audit log collection scope for the trail is Organization.
Data event reference
| Event name | Description |
|---|---|
CreateIamToken |
Creating an IAM token |
RevokeIamToken |
Revoking an IAM token |
oslogin.CheckSshPolicy |
Checking permissions to connect via SSH with OS Login access |
oslogin.GenerateSshCertificate |
Generating an SSH certificate for OS Login access |