Auditing the activity of
Dell APEX Navigator for Multicloud Storage in your AWS account
AWS CloudTrail is an AWS service that allows you to record actions that are taken by
Dell APEX Navigator for Multicloud Storage as events. You can audit all the activities of
Dell APEX Navigator in your AWS account with the help of the session name, session tags, and source identity.
Dell APEX Navigator provides a session name, session tags, and source identity for each AWS role session that is opened with your AWS account. You can audit all activities using these attributes.
Session name
Dell-APEX-Navigator-<APEX trace ID>: Use the APEX trace ID in the session name to triage issues related to this role session. Provide this trace ID to Dell support when there are any issues that are related to the AWS account access with this session.
Session tags
Use the following session tags to audit
Dell APEX Navigator activities.
Table 1. Session tagsThis table lists the session tags that are used to audit
Dell APEX Navigator activities.
Session Tag
Value
Summary
DellAPEXOrigin
Dell-APEX-Navigator
All role sessions are tagged with this key-value pair.
DellAPEXJobName
String
Identifies the name of the job that initiated the role session. This tag may not be present in every role session.
DellAPEXJobID
String
Identifier of the APEX job that initiated the role session. This tag may not be present in every role session.
Source identity
This identifier is used on every AWS role session. Use this to identify the user who triggered the action in the AWS account. The email address of a user that was used to access
Dell APEX Navigator is used as a source identity. A service identifier is specified as the source identity for
Dell APEX Navigator services that access the AWS account for monitoring storage deployment infrastructure.
Include the following keys in the trust policy and the permission policy that is used to establish a trust relationship between
Dell APEX Navigator services and your AWS account: