Pilih preferensi cookie Anda

Kami menggunakan cookie penting serta alat serupa yang diperlukan untuk menyediakan situs dan layanan. Kami menggunakan cookie performa untuk mengumpulkan statistik anonim sehingga kami dapat memahami cara pelanggan menggunakan situs dan melakukan perbaikan. Cookie penting tidak dapat dinonaktifkan, tetapi Anda dapat mengklik “Kustom” atau “Tolak” untuk menolak cookie performa.

Jika Anda setuju, AWS dan pihak ketiga yang disetujui juga akan menggunakan cookie untuk menyediakan fitur situs yang berguna, mengingat preferensi Anda, dan menampilkan konten yang relevan, termasuk iklan yang relevan. Untuk menerima atau menolak semua cookie yang tidak penting, klik “Terima” atau “Tolak”. Untuk membuat pilihan yang lebih detail, klik “Kustomisasi”.

Logging Amazon CloudWatch API dan operasi konsol dengan AWS CloudTrail

Mode fokus
Logging Amazon CloudWatch API dan operasi konsol dengan AWS CloudTrail - Amazon CloudWatch

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

Investigasi operasional CloudWatch RUM Amazon, CloudWatch Synthetics, Amazon Q Developer, Network Flow Monitor, dan Internet Monitor terintegrasi dengan AWS CloudTrail, layanan yang menyediakan catatan tindakan yang diambil oleh pengguna, peran, atau layanan. CloudWatch AWS CloudTrail menangkap API panggilan yang dilakukan oleh atau atas nama AWS akun Anda. Panggilan yang ditangkap termasuk panggilan dari CloudWatch konsol dan panggilan kode ke CloudWatch API operasi. Dengan menggunakan informasi yang dikumpulkan oleh CloudTrail, Anda dapat menentukan permintaan yang dibuat CloudWatch, alamat IP dari mana permintaan dibuat, kapan dibuat, dan detail tambahan.

Setiap entri peristiwa atau log berisi informasi tentang siapa yang membuat permintaan tersebut. Informasi identitas membantu Anda menentukan berikut hal ini:

  • Baik permintaan tersebut dibuat dengan kredensial pengguna root atau pengguna.

  • Apakah permintaan dibuat atas nama pengguna Pusat IAM Identitas.

  • Apakah permintaan tersebut dibuat dengan kredensial keamanan sementara untuk satu peran atau pengguna terfederasi.

  • Apakah permintaan tersebut dibuat oleh Layanan AWS lain.

CloudTrail aktif di Anda Akun AWS ketika Anda membuat akun dan Anda secara otomatis memiliki akses ke riwayat CloudTrail Acara. Riwayat CloudTrail Acara menyediakan catatan yang dapat dilihat, dapat dicari, dapat diunduh, dan tidak dapat diubah dari 90 hari terakhir dari peristiwa manajemen yang direkam dalam file. Wilayah AWS Untuk informasi selengkapnya, lihat Bekerja dengan riwayat CloudTrail Acara di Panduan AWS CloudTrail Pengguna. Tidak ada CloudTrail biaya untuk melihat riwayat Acara.

Untuk catatan acara yang sedang berlangsung dalam 90 hari Akun AWS terakhir Anda, buat jejak atau penyimpanan data acara CloudTrailDanau.

CloudTrail jalan setapak

Jejak memungkinkan CloudTrail untuk mengirimkan file log ke bucket Amazon S3. Semua jalur yang dibuat menggunakan AWS Management Console Multi-region. Anda dapat membuat jalur Single-region atau Multi-region dengan menggunakan. AWS CLI Membuat jejak Multi-wilayah disarankan karena Anda menangkap aktivitas Wilayah AWS di semua akun Anda. Jika Anda membuat jejak wilayah Tunggal, Anda hanya dapat melihat peristiwa yang dicatat di jejak. Wilayah AWS Untuk informasi selengkapnya tentang jejak, lihat Membuat jejak untuk Anda Akun AWS dan Membuat jejak untuk organisasi di Panduan AWS CloudTrail Pengguna.

Anda dapat mengirimkan satu salinan acara manajemen yang sedang berlangsung ke bucket Amazon S3 Anda tanpa biaya CloudTrail dengan membuat jejak, namun, ada biaya penyimpanan Amazon S3. Untuk informasi selengkapnya tentang CloudTrail harga, lihat AWS CloudTrail Harga. Untuk informasi tentang harga Amazon S3, lihat Harga Amazon S3.

CloudTrail Menyimpan data acara danau

CloudTrail Lake memungkinkan Anda menjalankan kueri SQL berbasis pada acara Anda. CloudTrail Lake mengonversi peristiwa yang ada dalam JSON format berbasis baris ke format Apache. ORC ORCadalah format penyimpanan kolumnar yang dioptimalkan untuk pengambilan data dengan cepat. Peristiwa digabungkan ke dalam penyimpanan data peristiwa, yang merupakan kumpulan peristiwa yang tidak dapat diubah berdasarkan kriteria yang Anda pilih dengan menerapkan pemilih acara tingkat lanjut. Penyeleksi yang Anda terapkan ke penyimpanan data acara mengontrol peristiwa mana yang bertahan dan tersedia untuk Anda kueri. Untuk informasi lebih lanjut tentang CloudTrail Danau, lihat Bekerja dengan AWS CloudTrail Danau di Panduan AWS CloudTrail Pengguna.

CloudTrail Penyimpanan data acara danau dan kueri menimbulkan biaya. Saat Anda membuat penyimpanan data acara, Anda memilih opsi harga yang ingin Anda gunakan untuk penyimpanan data acara. Opsi penetapan harga menentukan biaya untuk menelan dan menyimpan peristiwa, dan periode retensi default dan maksimum untuk penyimpanan data acara. Untuk informasi selengkapnya tentang CloudTrail harga, lihat AWS CloudTrail Harga.

catatan

Untuk informasi tentang API panggilan CloudWatch Log yang masuk CloudTrail, lihat Informasi CloudWatch log masuk CloudTrail.

CloudWatch informasi di CloudTrail

CloudWatch mendukung pencatatan tindakan berikut sebagai peristiwa dalam file CloudTrail log:

Contoh: entri file CloudWatch log

Contoh berikut menunjukkan entri CloudTrail log yang menunjukkan PutMetricAlarm tindakan.

{ "Records": [{ "eventVersion": "1.01", "userIdentity": { "type": "Root", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "EXAMPLE_KEY_ID" }, "eventTime": "2014-03-23T21:50:34Z", "eventSource": "monitoring.amazonaws.com", "eventName": "PutMetricAlarm", "awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "aws-sdk-ruby2/2.0.0.rc4 ruby/1.9.3 x86_64-linux Seahorse/0.1.0", "requestParameters": { "threshold": 50.0, "period": 60, "metricName": "CloudTrail Test", "evaluationPeriods": 3, "comparisonOperator": "GreaterThanThreshold", "namespace": "AWS/CloudWatch", "alarmName": "CloudTrail Test Alarm", "statistic": "Sum" }, "responseElements": null, "requestID": "29184022-b2d5-11e3-a63d-9b463e6d0ff0", "eventID": "b096d5b7-dcf2-4399-998b-5a53eca76a27" }, ..additional entries ] }

Entri file log berikut menunjukkan bahwa pengguna disebut PutRule tindakan CloudWatch Peristiwa.

{ "eventVersion":"1.03", "userIdentity":{ "type":"Root", "principalId":"123456789012", "arn":"arn:aws:iam::123456789012:root", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "sessionContext":{ "attributes":{ "mfaAuthenticated":"false", "creationDate":"2015-11-17T23:56:15Z" } } }, "eventTime":"2015-11-18T00:11:28Z", "eventSource":"events.amazonaws.com", "eventName":"PutRule", "awsRegion":"us-east-1", "sourceIPAddress":"AWS Internal", "userAgent":"AWS CloudWatch Console", "requestParameters":{ "description":"", "name":"cttest2", "state":"ENABLED", "eventPattern":"{\"source\":[\"aws.ec2\"],\"detail-type\":[\"EC2 Instance State-change Notification\"]}", "scheduleExpression":"" }, "responseElements":{ "ruleArn":"arn:aws:events:us-east-1:123456789012:rule/cttest2" }, "requestID":"e9caf887-8d88-11e5-a331-3332aa445952", "eventID":"49d14f36-6450-44a5-a501-b0fdcdfaeb98", "eventType":"AwsApiCall", "apiVersion":"2015-10-07", "recipientAccountId":"123456789012" }

Entri file log berikut menunjukkan bahwa pengguna bernama CreateExportTask tindakan CloudWatch Log.

{ "eventVersion": "1.03", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:user/someuser", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "someuser" }, "eventTime": "2016-02-08T06:35:14Z", "eventSource": "logs.amazonaws.com", "eventName": "CreateExportTask", "awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "aws-sdk-ruby2/2.0.0.rc4 ruby/1.9.3 x86_64-linux Seahorse/0.1.0", "requestParameters": { "destination": "yourdestination", "logGroupName": "yourloggroup", "to": 123456789012, "from": 0, "taskName": "yourtask" }, "responseElements": { "taskId": "15e5e534-9548-44ab-a221-64d9d2b27b9b" }, "requestID": "1cd74c1c-ce2e-12e6-99a9-8dbb26bd06c9", "eventID": "fd072859-bd7c-4865-9e76-8e364e89307c", "eventType": "AwsApiCall", "apiVersion": "20140328", "recipientAccountId": "123456789012" }

CloudWatch peristiwa data di CloudTrail

CloudTrail dapat menangkap API aktivitas yang terkait dengan operasi pesawat CloudWatch data GetMetricDatadan GetMetricWidgetImage.

Peristiwa data, juga dikenal sebagai operasi bidang data, memberi Anda wawasan tentang operasi sumber daya yang dilakukan pada atau di dalam sumber daya. Peristiwa data seringkali merupakan aktivitas volume tinggi.

Secara default, CloudTrail tidak mencatat peristiwa data. Riwayat CloudTrail peristiwa tidak merekam peristiwa data.

Biaya tambahan berlaku untuk peristiwa data. Untuk informasi selengkapnya tentang CloudTrail harga, lihat AWS CloudTrail Harga.

Anda dapat mencatat peristiwa data untuk jenis CloudWatch sumber daya menggunakan CloudTrail konsol, AWS CLI, atau CloudTrail API operasi. Untuk informasi selengkapnya tentang cara mencatat peristiwa data, lihat Mencatat peristiwa data dengan AWS Management Console dan Logging peristiwa data dengan AWS Command Line Interface di Panduan AWS CloudTrail Pengguna.

Peristiwa bidang data dapat disaring berdasarkan jenis sumber daya. Karena ada biaya tambahan untuk menggunakan peristiwa data CloudTrail, pemfilteran berdasarkan sumber daya memungkinkan Anda memiliki kontrol lebih besar atas apa yang Anda log dan bayar.

Dengan menggunakan informasi yang CloudTrail dikumpulkan, Anda dapat mengidentifikasi permintaan spesifik ke CloudWatch GetMetricData atau GetMetricWidgetImage APIs, alamat IP pemohon, identitas pemohon, dan tanggal dan waktu permintaan. Pencatatan GetMetricDatadan GetMetricWidgetImageAPIspenggunaan CloudTrail membantu Anda mengaktifkan audit operasional dan risiko, tata kelola, dan kepatuhan akun Anda AWS .

catatan

Ketika Anda melihat GetMetricDataacara di CloudTrail, Anda mungkin melihat lebih banyak panggilan daripada panggilan yang Anda mulai. Hal ini karena CloudWatch log peristiwa ke CloudTrail untuk GetMetricDatatindakan yang diprakarsai oleh komponen internal. Misalnya, Anda akan melihat GetMetricDatapanggilan yang diprakarsai oleh CloudWatch dasbor untuk menyegarkan data widget, dan GetMetricDatapanggilan yang dimulai oleh akun pemantauan untuk mengambil data dari akun sumber, dalam pengamatan lintas akun. Panggilan yang dimulai secara internal ini tidak dikenakan CloudWatch biaya, tetapi mereka dihitung terhadap jumlah peristiwa yang masuk CloudTrail, dan CloudTrail biaya sesuai dengan jumlah peristiwa yang dicatat.

Berikut ini adalah contoh CloudTrail acara untuk GetMetricDataoperasi.

{ "eventVersion": "1.09", "userIdentity": { "type": "IAMUser", "principalId": "AIDA2NYTR2EPCTNY7AF3L", "arn": "arn:aws:iam::111122223333:user/admin", "accountId": "111122223333", "accessKeyId": "EXAMPLE1234567890", "userName": "admin" }, "eventTime": "2024-05-08T16:20:34Z", "eventSource": "monitoring.amazonaws.com", "eventName": "GetMetricData", "awsRegion": "us-east-1", "sourceIPAddress": "99.45.3.7", "userAgent": "aws-cli/2.13.23 Python/3.11.5 Darwin/23.4.0 exe/x86_64 prompt/off command/cloudwatch.get-metric-data", "requestParameters": { "metricDataQueries": [{ "id": "e1", "expression": "m1 / m2", "label": "ErrorRate" }, { "id": "m1", "metricStat": { "metric": { "namespace": "CWAgent", "metricName": "disk_used_percent", "dimensions": [{ "name": "LoadBalancerName", "value": "EXAMPLE4623a5cb6a7384c5229" }] }, "period": 300, "stat": "Sum", "unit": "Count" }, "returnData": false }, { "id": "m2", "metricStat": { "metric": { "namespace": "CWAgent", "metricName": "disk_used_percent", "dimensions": [{ "name": "LoadBalancerName", "value": "EXAMPLE4623a5cb6a7384c5229" }] }, "period": 300, "stat": "Sum" }, "returnData": true } ], "startTime": "Apr 19, 2024, 4:00:00 AM", "endTime": "May 8, 2024, 4:30:00 AM" }, "responseElements": null, "requestID": "EXAMPLE-57ac-47d5-938c-f5917c6799d5", "eventID": "EXAMPLE-211c-404b-b13d-36d93c8b4fbf", "readOnly": true, "resources": [{ "type": "AWS::CloudWatch::Metric" }], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "111122223333", "eventCategory": "Data", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "monitoring.us-east-1.amazonaws.com" } }

Informasi pembuatan kueri di CloudTrail

CloudTrail logging untuk acara konsol generator Query juga didukung. Generator kueri saat ini didukung untuk Wawasan CloudWatch Metrik dan Wawasan CloudWatch Log. Dalam CloudTrail peristiwa ini, eventSource adalahmonitoring.amazonaws.com.

Contoh berikut menunjukkan entri CloudTrail log yang menunjukkan GenerateQuerytindakan di Wawasan CloudWatch Metrik.

{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:assumed-role/role_name", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111222333444:role/Administrator", "accountId": "123456789012", "userName": "SAMPLE_NAME" }, "attributes": { "creationDate": "2020-04-08T21:43:24Z", "mfaAuthenticated": "false" } } }, "eventTime": "2020-04-08T23:06:30Z", "eventSource": "monitoring.amazonaws.com", "eventName": "GenerateQuery", "awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "exampleUserAgent", "requestParameters": { "query_ask": "***", "query_type": "MetricsInsights", "metrics_insights": { "aws_namespaces": [ "AWS/S3", "AWS/Lambda", "AWS/DynamoDB" ] }, "include_description": true }, "responseElements": null, "requestID": "2f56318c-cfbd-4b60-9d93-1234567890", "eventID": "52723fd9-4a54-478c-ac55-1234567890", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }

Acara investigasi operasional Pengembang Amazon Q di CloudTrail

Investigasi operasional Pengembang Amazon Q mendukung pencatatan tindakan berikut sebagai peristiwa dalam file CloudTrail log.

  • CreateInvestigation

  • GetInvestigation

  • UpdateInvestigation

  • DeleteInvestigation

  • ListInvestigations

  • CreateInvestigationGroup

  • GetInvestigationGroup

  • UpdateInvestigationGroup

  • DeleteInvestigationGroup

  • ListInvestigationsGroup

  • PutInvestigationGroupPolicy

  • DeleteInvestigationGroupPolicy

  • ListTagsForResource

  • GetInvestigationGroupPolicy

  • TagResource

  • UntagResource

  • CreateInvestigationEvent

  • GetInvestigationEvent

  • UpdateInvestigationEvent

  • ListInvestigationEvents

  • CreateInvestigationResource

  • GetInvestigationResource

Contoh: Entri berkas log investigasi operasional Amazon Q Developer

Contoh berikut menunjukkan entri log investigasi operasional Amazon Q Developer yang menunjukkan tindakan tersebut. CreateInvestigationGroup

{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:assumed-role/role_name", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:role/role_name", "accountId": "123456789012", "userName": "SAMPLE_NAME" }, "attributes": { "creationDate": "2024-10-30T18:42:05Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-10-30T18:48:26Z", "eventSource": "aiops.amazonaws.com", "eventName": "CreateInvestigationGroup", "awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "exampleUserAgent", "requestParameters": { "name": "exampleName", "roleArn": "arn:aws:iam::123456789012:role/role_name" }, "responseElements": { "arn": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890" }, "requestId": "e9caf887-8d88-11e5-a331-3332aa445952", "requestId": "49d14f36-6450-44a5-a501-b0fdcdfaeb98", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management" }

Contoh berikut menunjukkan entri log investigasi operasional Amazon Q Developer yang menunjukkan tindakan tersebut. CreateInvestigationEvent

{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:sts::123456789012:assumed-role/role_name", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:role/role_name", "accountId": "123456789012", "userName": "SAMPLE_NAME" }, "attributes": { "creationDate": "2024-10-30T16:17:49Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-10-30T16:35:34Z", "eventSource": "aiops.amazonaws.com", "eventName": "CreateInvestigationEvent", "awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "exampleUserAgent", "requestParameters": { "identifier": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890", "investigationId": "bcdef01234567890", "clientToken": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "type": "METRIC_OBSERVATION", "body": "***" }, "responseElements": { "investigationGroupArn": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890", "investigationId": "bcdef01234567890", "investigationEventId": "14567890abcdef0g" }, "requestId": "e9caf887-8d88-11e5-a331-3332aa445952", "eventId": "49d14f36-6450-44a5-a501-b0fdcdfaeb98", "readOnly": false, "resources": [{ "accountId": "123456789012", "type": "AWS::AIOps::InvestigationGroup", "ARN": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890" }], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "123456789012", "eventCategory": "Data" }

Contoh berikut menunjukkan entri log investigasi operasional Amazon Q Developer yang menunjukkan tindakan tersebut. UpdateInvestigationEvent

{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:sts::123456789012:assumed-role/role_name", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:role/role_name", "accountId": "123456789012", "userName": "SAMPLE_NAME" }, "attributes": { "creationDate": "2024-10-30T16:17:49Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-10-30T16:24:48Z", "eventSource": "aiops.amazonaws.com", "eventName": "UpdateInvestigationEvent", "awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "exampleUserAgent", "requestParameters": { "identifier": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890", "investigationId": "bcdef01234567890", "investigationEventId": "14567890abcdef0g", "comment": "***" }, "responseElements": null, "requestId": "e9caf887-8d88-11e5-a331-3332aa445952", "eventId": "49d14f36-6450-44a5-a501-b0fdcdfaeb98", "readOnly": false, "resources": [{ "accountId": "123456789012", "type": "AWS::AIOps::InvestigationGroup", "ARN": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890" }], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "123456789012", "eventCategory": "Data" }

Monitor Aliran Jaringan di CloudTrail

Network Flow Monitor mendukung pencatatan tindakan berikut sebagai peristiwa dalam file CloudTrail log.

Contoh: Entri file log Network Flow Monitor

Contoh berikut menunjukkan entri file CloudTrail log Network Flow Monitor yang menunjukkan CreateMonitor tindakan.

{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:assumed-role/role_name", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:role/Admin", "accountId": "123456789012", "userName": "SAMPLE_NAME" }, "attributes": { "creationDate": "2024-11-03T15:43:27Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-11-03T15:58:11Z", "eventSource": "networkflowmonitor.amazonaws.com", "eventName": "CreateMonitor", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)", "requestParameters": { "MonitorName": "TestMonitor", "ClientToken": "33551db7-1618-4aab-cdef-EXAMPLE33333", "LocalResources": [ { "Type": "AWS::EC2::Subnet", "Identifier": "subnet-cdef-EXAMPLEbbbbb" }, { "Type": "AWS::EC2::Subnet", "Identifier": "subnet-cdef-EXAMPLEccccc" }, { "Type": "AWS::EC2::Subnet", "Identifier": "subnet-cdef-EXAMPLEddddd" }, { "Type": "AWS::EC2::Subnet", "Identifier": "subnet-cdef-EXAMPLEeeeee" }, { "Type": "AWS::EC2::Subnet", "Identifier": "subnet-cdef-EXAMPLEfffff" }, { "Type": "AWS::EC2::Subnet", "Identifier": "subnet-cdef-EXAMPLEggggg" } ] }, "responseElements": { "Access-Control-Expose-Headers": "*", "MonitorArn": "arn:aws:networkflowmonitor:us-east-1:000000000000:monitor/TestMonitor", "MonitorName": "TestMonitor", "MonitorStatus": "ACTIVE" }, "requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:assumed-role/role_name", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:role/Admin", "accountId":"123456789012", "userName": "SAMPLE_NAME" }, "webIdFederationData": {}, "attributes": { "creationDate": "2022-10-11T17:25:41Z", "mfaAuthenticated": "false" } } }, "eventTime": "2022-10-11T17:30:18Z", "eventSource": "networkflowmonitor.amazonaws.com", "eventName": "ListMonitors", "awsRegion": "us-east-2", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)", "requestParameters": null, "responseElements": null, "requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }

Network Flow Monitor peristiwa bidang data di CloudTrail

CloudTrail dapat menangkap API kegiatan yang terkait dengan CloudWatch - operasi pesawat NetworkFlowMonitor data.

Peristiwa data, juga dikenal sebagai operasi bidang data, memberi Anda wawasan tentang operasi sumber daya yang dilakukan pada atau di dalam sumber daya. Peristiwa data seringkali merupakan aktivitas volume tinggi.

Untuk mengaktifkan pencatatan peristiwa data Network Flow Monitor dalam CloudTrail file, Anda harus mengaktifkan pencatatan API aktivitas bidang data CloudTrail. Lihat Mencatat peristiwa data untuk jejak untuk informasi selengkapnya.

Peristiwa bidang data dapat disaring berdasarkan jenis sumber daya. Karena ada biaya tambahan untuk menggunakan peristiwa data CloudTrail, pemfilteran berdasarkan sumber daya memungkinkan Anda memiliki kontrol lebih besar atas apa yang Anda log dan bayar.

Dengan menggunakan informasi yang CloudTrail dikumpulkan, Anda dapat mengidentifikasi permintaan khusus ke bidang NetworkFlowMonitor data CloudWatch -APIs, alamat IP pemohon, identitas pemohon, dan tanggal dan waktu permintaan. Pencatatan pesawat data APIs menggunakan CloudTrail dapat membantu Anda dengan audit operasional dan risiko, tata kelola, dan kepatuhan akun Anda AWS .

Berikut ini adalah bidang data APIs di Network Flow Monitor.

Contoh berikut menunjukkan entri CloudTrail log yang menunjukkan GetQueryResultsMonitorsTopContributorstindakan.

{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:assumed-role/role_name", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:role/Admin", "accountId": "123456789012", "userName": "SAMPLE_NAME" }, "attributes": { "creationDate": "2024-11-03T15:43:27Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-11-15T14:08:04Z", "eventSource": "networkflowmonitor.amazonaws.com", "eventName": "GetQueryResultsMonitorTopContributors", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)", "errorCode": "AccessDenied", "requestParameters": { "QueryId": "a1b2c3d4-5678-90ab-cdef-EXAMPLEQuery, "MaxResults": "20", "MonitorName": "TestMonitor" }, "responseElements": null, "requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb", "readOnly": true, "resources": [ { "accountId": "123456789012", "type": "AWS::NetworkFlowMonitor::Monitor", "ARN": "arn:aws:networkflowmonitor:us-east-1:123456789012:monitor/TestMonitor" } ], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "000000000000", "eventCategory": "Data" }

Contoh berikut menunjukkan entri CloudTrail log yang menunjukkan GetQueryResultsWorkloadInsightsTopContributorstindakan.

{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:assumed-role/role_name", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:role/Admin", "accountId": "123456789012", "userName": "SAMPLE_NAME" }, "attributes": { "creationDate": "2024-11-03T15:43:27Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-11-15T14:08:04Z", "eventSource": "networkflowmonitor.amazonaws.com", "eventName": "GetQueryResultsWorkloadInsightsTopContributorsData", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)", "errorCode": "AccessDenied", "requestParameters": { "QueryId": "a1b2c3d4-5678-90ab-cdef-EXAMPLEQuery", "ScopeId": "a1b2c3d4-5678-90ab-cdef-EXAMPLEScope" }, "responseElements": null, "requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb", "readOnly": true, "resources": [ { "accountId": "496383180932", "type": "AWS::NetworkFlowMonitor::Scope", "ARN": "arn:aws:networkflowmonitor:us-east-1:123456789012:scope/a1b2c3d4-5678-90ab-cdef-EXAMPLEScope" } ], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "000000000000", "eventCategory": "Data" }

Monitor Internet di CloudTrail

Internet Monitor mendukung pencatatan tindakan berikut sebagai peristiwa dalam file CloudTrail log.

Contoh: entri file log Internet Monitor

Contoh berikut menunjukkan entri log CloudTrail Internet Monitor yang menunjukkan ListMonitors tindakan.

{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:assumed-role/role_name", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:role/Admin", "accountId":"123456789012", "userName": "SAMPLE_NAME" }, "webIdFederationData": {}, "attributes": { "creationDate": "2022-10-11T17:25:41Z", "mfaAuthenticated": "false" } } }, "eventTime": "2022-10-11T17:30:18Z", "eventSource": "internetmonitor.amazonaws.com", "eventName": "ListMonitors", "awsRegion": "us-east-2", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)", "requestParameters": null, "responseElements": null, "requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }

Contoh berikut menunjukkan entri log CloudTrail Internet Monitor yang menunjukkan CreateMonitor tindakan.

{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:assumed-role/role_name", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::000000000000:role/Admin", "accountId":"123456789012", "userName": "SAMPLE_NAME" }, "webIdFederationData": {}, "attributes": { "creationDate": "2022-10-11T17:25:41Z", "mfaAuthenticated": "false" } } }, "eventTime": "2022-10-11T17:30:08Z", "eventSource": "internetmonitor.amazonaws.com", "eventName": "CreateMonitor", "awsRegion": "us-east-2", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)", "requestParameters": { "MonitorName": "TestMonitor", "Resources": ["arn:aws:ec2:us-east-2:444455556666:vpc/vpc-febc0b95"], "ClientToken": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333" }, "responseElements": { "Arn": "arn:aws:internetmonitor:us-east-2:444455556666:monitor/ct-onboarding-test", "Status": "PENDING" }, "requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }

CloudWatch Informasi Synthetics di CloudTrail

CloudWatch Synthetics mendukung pencatatan tindakan berikut sebagai peristiwa dalam file CloudTrail log:

Contoh: Entri CloudWatch file log Synthetics

Contoh berikut menunjukkan entri log CloudTrail Synthetics yang menunjukkan tindakan. DescribeCanaries

{ "eventVersion": "1.05", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:assumed-role/role_name", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111222333444:role/Administrator", "accountId":"123456789012", "userName": "SAMPLE_NAME" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2020-04-08T21:43:24Z" } } }, "eventTime": "2020-04-08T23:06:47Z", "eventSource": "synthetics.amazonaws.com", "eventName": "DescribeCanaries", "awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "requestParameters": null, "responseElements": null, "requestID": "201ed5f3-15db-4f87-94a4-123456789", "eventID": "73ddbd81-3dd0-4ada-b246-123456789", "readOnly": true, "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }

Contoh berikut menunjukkan entri log CloudTrail Synthetics yang menunjukkan tindakan. UpdateCanary

{ "eventVersion": "1.05", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:assumed-role/role_name", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111222333444:role/Administrator", "accountId":"123456789012", "userName": "SAMPLE_NAME" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2020-04-08T21:43:24Z" } } }, "eventTime": "2020-04-08T23:06:47Z", "eventSource": "synthetics.amazonaws.com", "eventName": "UpdateCanary", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "requestParameters": { "Schedule": { "Expression": "rate(1 minute)" }, "name": "sample_canary_name", "Code": { "Handler": "myOwnScript.handler", "ZipFile": "SAMPLE_ZIP_FILE" } }, "responseElements": null, "requestID": "fe4759b0-0849-4e0e-be71-1234567890", "eventID": "9dc60c83-c3c8-4fa5-bd02-1234567890", "readOnly": false, "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }

Contoh berikut menunjukkan entri log CloudTrail Synthetics yang menunjukkan tindakan. GetCanaryRuns

{ "eventVersion": "1.05", "userIdentity": { "type": "AssumedRole", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:assumed-role/role_name", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111222333444:role/Administrator", "accountId":"123456789012", "userName": "SAMPLE_NAME" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2020-04-08T21:43:24Z" } } }, "eventTime": "2020-04-08T23:06:30Z", "eventSource": "synthetics.amazonaws.com", "eventName": "GetCanaryRuns", "awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "requestParameters": { "Filter": "TIME_RANGE", "name": "sample_canary_name", "FilterValues": [ "2020-04-08T23:00:00.000Z", "2020-04-08T23:10:00.000Z" ] }, "responseElements": null, "requestID": "2f56318c-cfbd-4b60-9d93-1234567890", "eventID": "52723fd9-4a54-478c-ac55-1234567890", "readOnly": true, "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }

CloudWatch RUMinformasi di CloudTrail

CloudWatch RUMmendukung pencatatan tindakan berikut sebagai peristiwa dalam file CloudTrail log:

Contoh: entri berkas log CloudWatch RUM

Bagian ini berisi contoh CloudTrail entri untuk beberapa CloudWatch RUMAPIs.

Contoh berikut menunjukkan entri CloudTrail log yang menunjukkan CreateAppMonitortindakan.

{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EXAMPLE_PRINCIPAL_ID", "arn": "arn:aws:sts::777777777777:assumed-role/EXAMPLE", "accountId": "777777777777", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EXAMPLE_PRINCIPAL_ID", "arn": "arn:aws:iam::777777777777:role/EXAMPLE", "accountId": "777777777777", "userName": "USERNAME_EXAMPLE" }, "attributes": { "creationDate": "2024-07-23T16:48:47Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-07-23T18:02:57Z", "eventSource": "rum.amazonaws.com", "eventName": "CreateAppMonitor", "awsRegion": "us-east-1", "sourceIPAddress": "54.240.198.39", "userAgent": "aws-internal/3 aws-sdk-java/1.12.641 Linux/5.10.219-186.866.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.402-b08 java/1.8.0_402 vendor/Oracle_Corporation cfg/retry-mode/standard", "requestParameters": { "CustomEvents": { "Status": "ENABLED" }, "CwLogEnabled": true, "Domain": "*.github.io", "AppMonitorConfiguration": { "SessionSampleRate": 1, "IncludedPages": [], "ExcludedPages": [], "Telemetries": [ "performance", "errors", "http" ], "EnableXRay": false, "AllowCookies": true, "IdentityPoolId": "us-east-1:c81b9a1c-a5c9-4de5-8585-eb8df04e66f0" }, "Tags": { "TestAppMonitor": "" }, "Name": "TestAppMonitor" }, "responseElements": { "Id": "65a8cc63-4ae8-4f2c-b5fc-4a54ef43af51" }, "requestID": "cf7c30ad-25d3-4274-bab1-39c95a558007", "eventID": "2d43cc69-7f89-4f1a-95ae-0fc7e9b9fb3b", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "777777777777", "eventCategory": "Management" }

Contoh berikut menunjukkan entri CloudTrail log yang menunjukkan PutRumMetricsDestinationtindakan.

{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EXAMPLE_PRINCIPAL_ID", "arn": "arn:aws:sts::777777777777:assumed-role/EXAMPLE", "accountId": "777777777777", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EXAMPLE_PRINCIPAL_ID", "arn": "arn:aws:iam::777777777777:role/EXAMPLE", "accountId": "777777777777", "userName": "USERNAME_EXAMPLE" }, "attributes": { "creationDate": "2024-07-23T16:48:47Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-07-23T18:22:22Z", "eventSource": "rum.amazonaws.com", "eventName": "PutRumMetricsDestination", "awsRegion": "us-east-1", "sourceIPAddress": "52.94.133.142", "userAgent": "aws-cli/2.13.25 Python/3.11.5 Linux/5.10.219-186.866.amzn2int.x86_64 exe/x86_64.amzn.2 prompt/off command/rum.put-rum-metrics-destination", "requestParameters": { "Destination": "CloudWatch", "AppMonitorName": "TestAppMonitor" }, "responseElements": null, "requestID": "9b03fcce-b3a2-44fc-b771-900e1702998a", "eventID": "6250f9b7-0505-4f96-9668-feb64f82de5b", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "777777777777", "eventCategory": "Management" }

Contoh berikut menunjukkan entri CloudTrail log yang menunjukkan BatchCreateRumMetricsDefinitionstindakan.

{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EXAMPLE_PRINCIPAL_ID", "arn": "arn:aws:sts::777777777777:assumed-role/EXAMPLE", "accountId": "777777777777", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EXAMPLE_PRINCIPAL_ID", "arn": "arn:aws:iam::777777777777:role/EXAMPLE", "accountId": "777777777777", "userName": "USERNAME_EXAMPLE" }, "attributes": { "creationDate": "2024-07-23T16:48:47Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-07-23T18:23:11Z", "eventSource": "rum.amazonaws.com", "eventName": "BatchCreateRumMetricDefinitions", "awsRegion": "us-east-1", "sourceIPAddress": "52.94.133.142", "userAgent": "aws-cli/2.13.25 Python/3.11.5 Linux/5.10.219-186.866.amzn2int.x86_64 exe/x86_64.amzn.2 prompt/off command/rum.batch-create-rum-metric-definitions", "requestParameters": { "Destination": "CloudWatch", "MetricDefinitions": [ { "Name": "NavigationToleratedTransaction", "Namespace": "AWS/RUM", "DimensionKeys": { "metadata.browserName": "BrowserName" }, "EventPattern": "{\"metadata\":{\"browserName\":[\"Chrome\"]},\"event_type\":[\"com.amazon.rum.performance_navigation_event\"],\"event_details\": {\"duration\": [{\"numeric\": [\"<=\",2000,\"<\",8000]}]}}" }, { "Name": "HttpErrorCount", "DimensionKeys": { "metadata.browserName": "BrowserName", "metadata.countryCode": "CountryCode" }, "EventPattern": "{\"metadata\":{\"browserName\":[\"Chrome\"], \"countryCode\":[\"US\"]},\"event_type\":[\"com.amazon.rum.http_event\"]}" } ], "AppMonitorName": "TestAppMonitor" }, "responseElements": { "Errors": [], "MetricDefinitions": [] }, "requestID": "b14c5eda-f107-48e5-afae-1ac20d0962a8", "eventID": "001b55c6-1de1-48c0-a236-31096dffe249", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "777777777777", "eventCategory": "Management" }

CloudWatch RUMperistiwa pesawat data di CloudTrail

CloudTrail dapat menangkap API aktivitas yang terkait dengan operasi pesawat CloudWatch RUM data PutRumEvents.

Peristiwa data, juga dikenal sebagai operasi bidang data, memberi Anda wawasan tentang operasi sumber daya yang dilakukan pada atau di dalam sumber daya. Peristiwa data seringkali merupakan aktivitas volume tinggi.

Untuk mengaktifkan pencatatan peristiwa PutRumEventsdata dalam CloudTrail file, Anda harus mengaktifkan pencatatan API aktivitas bidang data CloudTrail. Lihat Mencatat peristiwa data untuk jejak untuk informasi selengkapnya.

Peristiwa bidang data dapat disaring berdasarkan jenis sumber daya. Karena ada biaya tambahan untuk menggunakan peristiwa data CloudTrail, pemfilteran berdasarkan sumber daya memungkinkan Anda memiliki kontrol lebih besar atas apa yang Anda log dan bayar.

Menggunakan informasi yang CloudTrail dikumpulkan, Anda dapat mengidentifikasi permintaan khusus untuk CloudWatch RUM PutRumEventsAPI, alamat IP pemohon, identitas pemohon, dan tanggal dan waktu permintaan. Pencatatan PutRumEventsAPIpenggunaan CloudTrail membantu Anda mengaktifkan audit operasional dan risiko, tata kelola, dan kepatuhan akun Anda AWS .

Contoh berikut menunjukkan entri CloudTrail log yang menunjukkan PutRumEventstindakan.

{ "Records": [ { "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EXAMPLE_PRINCIPAL_ID", "arn": "arn:aws:sts::777777777777:assumed-role/EXAMPLE", "accountId": "777777777777", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EXAMPLE_PRINCIPAL_ID", "arn": "arn:aws:iam::777777777777:role/EXAMPLE", "accountId": "777777777777", "userName": "USERNAME_EXAMPLE" }, "attributes": { "creationDate": "2024-05-16T20:32:39Z", "mfaAuthenticated": "false" } }, "invokedBy": "AWS Internal" }, "eventTime": "2024-05-16T20:32:42Z", "eventSource": "rum.amazonaws.com", "eventName": "PutRumEvents", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "AWS Internal", "requestParameters": { "id": "73ddbd81-1234-5678-b246-123456789", "batchId": "123456-3dd0-4ada-b246-123456789", "appMonitorDetails": { "name": "APP-MONITOR-NAME", "id": "123456-3dd0-4ada-b246-123456789", "version": "1.0.0" }, "userDetails": { "userId": "73ddbd81-1111-9999-b246-123456789", "sessionId": "a1b2c3456-15db-4f87-6789-123456789" }, "rumEvents": [ { "id": "201f367a-15db-1234-94a4-123456789", "timestamp": "May 16, 2024, 8:32:20 PM", "type": "com.amazon.rum.dom_event", "metadata": "{}", "details": "{}" } ] }, "responseElements": null, "requestID": "201ed5f3-15db-4f87-94a4-123456789", "eventID": "73ddbd81-3dd0-4ada-b246-123456789", "readOnly": false, "resources": [ { "accountId": "777777777777", "type": "AWS::RUM::AppMonitor", "ARN": "arn:aws:rum:us-east-1:777777777777:appmonitor/APPMONITOR_NAME_EXAMPLE" } ], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "777777777777", "eventCategory": "Data" } ] }
PrivasiSyarat situsPreferensi cookie
© 2025, Amazon Web Services, Inc. atau afiliasinya. Semua hak dilindungi undang-undang.