Key concepts
KakaoCloud Cloud Trail events are generated based on user activity history, and viewable event scope and retention period vary according to specific conditions. Events can only be viewed for last 90 days, so if long-term retention is required, you must use log storage feature. In addition, event view scope differs depending on user role.
This document describes event types, components, and key concepts that affect view scope.
Event
Event is record unit generated based on user action requests (console or OpenAPI calls). Not only change operations such as resource creation, modification, and deletion but also view operations are recorded as events. Each event is provided as JSON-format log, and you can check user activity history and resource change history.
Event fields
Cloud Trail events are composed as follows, and each item corresponds to field in event log (JSON).
| Category | Key components |
|---|---|
| Event | Information about event itself - Event name and ID: Type and unique ID of performed action - Occurrence time: Time when event occurred - Service name: Target service where event occurred ㄴ Console: View or action performed in console UI ㄴ Service name (Virtual Machine, VPC, etc.): Resource change operation ㄴ OpenAPI: Event generated through API call |
| User | Information about subject that generated event - User ID: Login account (email format) - User unique ID: Unique value for internal identification (UUID) - Includes console users and API call subjects (service accounts) |
| Resource | Information about target resource for event - Resource type: Resource classification value by service - Resource name: Name or value used to identify resource - Resource ID: Value used to uniquely identify resource ※ Resource information is dynamically recorded according to service and operation and is not provided as fixed list |
Detailed event items can be checked in console. For more information, see View event details.
Event example
You can identify who performed which action and when through following key fields in event log. However, included fields may differ depending on service and operation type.
Following is example of event generated in console.
{
"event_name": "Get Widget Catalog List",
"event_source": "Console",
"event_time": "2026-04-17T05:21:06.963Z",
"region": "kr-central-2",
"user_id": "115e19f2e8b0471abd48be078069fb47",
"source_ip_address": "165.85.218.89",
"user_agent": "Mozilla/5.0 ...",
"project_name": "my-project-1",
"project_id": "347ab7e602db4a6cb7366be4f39d45fc",
"resource_type": "Widget"
}
Field composition in event log may differ depending on service and operation type, and some values may not be provided or may be displayed in different format.
Event type
Cloud Trail events are classified as follows according to occurrence scope and can be checked through filter conditions during event search.
| Category | Description | Example |
|---|---|---|
| Organization event | Event generated in organization-level service | User invitation and removal, organization role changes, project creation and deletion, billing inquiry |
| Project event | Event generated in project-level service | Resource creation, resource deletion |
View scope by role
In Cloud Trail, viewable event scope differs depending on user role.
Organization role
If user with project role also has following organization role, both project events and organization events can be viewed.
| Permission | Organization administrator(Admin) | Trail viewer(Viewer) |
|---|---|---|
| View organization events | ✓ | ✓ |
| View project events | ✓ | ✓ |
Project role
If user has project role, events for corresponding project can be viewed.
| Permission | Project administrator(Admin) | Project member(Member) | Project reader(Reader) |
|---|---|---|---|
| View organization events | |||
| View project events | ✓ | ✓ | ✓ |
- You can check your role in KakaoCloud console > Top-right profile > Organization role or Project role.
- For more information about IAM roles and user role management, see IAM > Key concepts and Manage user IAM roles.