Auditing events for service instances
IBM Cloud® service instances generate activity tracking events.
Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.
You can use IBM Cloud Activity Tracker Event Routing, a platform service, to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Viewing activity tracking events for IBM® Db2® Warehouse as a Service
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Launching IBM Cloud Logs from the Observability page
For information on launching the IBM Cloud Logs UI, see Launching the UI in the IBM Cloud Logs documentation.
Events for provisioning and managing service instances
The following table lists the actions that generate an event:
| Action | Description |
|---|---|
service_name.instance.create |
An event is generated when you provision a service instance. |
service_name.instance.update |
An event is generated when you rename a service instance or when you change the service plan. |
service_name.instance.delete |
An event is generated when a service instance is deleted. |
service_name.instance.schedule_reclaim |
An event is generated when a service instance is pending_reclamation. |
service_name.instance.restore |
An event is generated when a service instance is restored. |
Events for managing aliases that are associated to a service instance
An alias is a connection between your IAM-managed service within a resource group and an application within an org or a space.
The following table lists the actions that generate an event:
| Action | Description |
|---|---|
service_name.alias.create |
An event is generated when an alias for an instance is created. |
service_name.alias.update |
An event is generated when an alias for an instance is updated. |
service_name.alias.delete |
An event is generated when an alias for an instance is deleted. |
Events for managing service credentials that are associated to a service instance
A service credential provides the necessary information to connect an application to a service instance.
The following table lists the actions that generate an event:
| Action | Description |
|---|---|
service_name.key.create |
An event is generated when an API key is created for a service instance through the Service credentials section of the service instance UI. |
service_name.key.delete |
An event is generated when an API key that is associated with a service instance is deleted from the Service credentials section of the service instance UI. |
Events for binding and unbinding a service instance to an app
The following table lists the actions that generate an event:
| Action | Description |
|---|---|
service_name.binding.create |
An event is generated when you bind a service instance to an application. |
service_name.binding.delete |
An event is generated when you unbind a service instance from an application. |
Analyzing events
Action service_name.instance.delete
When a service instance is deleted, consider the following information:
- Other actions are automatically triggered to clean up IAM permissions. These actions remove policies that are configured for users and service IDs in the account to work with the service instance.
- The initiator of these actions is an IBM service ID.
When the service instance that is deleted does not have IAM policies configured for users and service IDs, the events that are automatically generated for any of these resources report an outcome offailure with a 404 outcome code. The following sample shows the events that are generated when a service instance that does not have policies configured in the account is deleted:
Apr 30 09:04:16 cloudcerts: delete instance Certificate Manager-v1
Apr 30 09:41:20 IAM Access Management: delete policy -failure
Apr 30 09:41:20 IAM Access Management: delete policy -failure