Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
AWS Management Console acara masuk
CloudTrail log mencoba untuk masuk ke AWS Management Console, Forum AWS Diskusi, dan Pusat AWS Dukungan. Semua peristiwa masuk IAM pengguna dan pengguna root, serta semua peristiwa masuk pengguna gabungan, menghasilkan catatan dalam CloudTrail file log. Untuk informasi tentang menemukan dan melihat log, lihat Menemukan file CloudTrail log Anda danMengunduh file CloudTrail log Anda.
Anda dapat menggunakan Notifikasi Pengguna AWSuntuk mengatur saluran pengiriman untuk mendapatkan pemberitahuan tentang AWS CloudTrail acara. Anda akan menerima notifikasi saat ada sebuah peristiwa yang cocok dengan sebuah aturan yang Anda tentukan. Anda dapat menerima notifikasi untuk peristiwa melalui beberapa saluran, termasuk email, notifikasi obrolan AWS Chatbot, atau notifikasi push AWS Console Mobile Application. Anda juga dapat melihat notifikasi di Pusat Pemberitahuan Konsol
catatan
Wilayah yang direkam dalam suatu ConsoleLogin peristiwa bervariasi berdasarkan jenis pengguna dan apakah Anda menggunakan titik akhir global atau regional untuk masuk.
-
Jika Anda masuk sebagai pengguna root, CloudTrail catat peristiwa di us-east-1.
-
Jika Anda masuk dengan IAM pengguna dan menggunakan titik akhir global, CloudTrail catat Wilayah
ConsoleLoginacara sebagai berikut:-
Jika cookie alias akun ada di browser, CloudTrail catat
ConsoleLoginperistiwa di salah satu wilayah berikut: us-east-2, eu-north-1, atau ap-southeast-2. Ini karena proxy konsol mengalihkan pengguna berdasarkan latensi dari lokasi masuk pengguna. -
Jika cookie alias akun tidak ada di browser, CloudTrail catat
ConsoleLoginperistiwa tersebut di us-east-1. Ini karena proxy konsol mengalihkan kembali ke proses masuk global.
-
-
Jika Anda masuk dengan IAM pengguna dan menggunakan titik akhir Regional, CloudTrail mencatat
ConsoleLoginperistiwa di Wilayah yang sesuai untuk titik akhir. Untuk informasi selengkapnya tentang AWS Sign-In titik akhir, lihat AWS Sign-In titik akhir dan kuota.
Topik
Contoh catatan peristiwa untuk IAM pengguna
Contoh berikut menunjukkan catatan peristiwa untuk beberapa skenario login IAM pengguna.
Topik
IAMpengguna, berhasil masuk tanpa MFA
Catatan berikut menunjukkan bahwa pengguna bernama Anaya berhasil masuk ke AWS Management Console tanpa menggunakan otentikasi multi-faktor ()MFA.
{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EXAMPLE6E4XEGITWATV6R", "arn": "arn:aws:iam::999999999999:user/Anaya", "accountId": "999999999999", "userName": "Anaya" }, "eventTime": "2023-07-19T21:44:40Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0", "requestParameters": null, "responseElements": { "ConsoleLogin": "Success" }, "additionalEventData": { "LoginTo": "https://console.aws.amazon.com/console/home?hashArgs=%23&isauthcode=true&state=hashArgsFromTB_us-east-1_examplee9aba7f8", "MobileVersion": "No", "MFAUsed": "No" }, "eventID": "e1bf1000-86a4-4a78-81d7-EXAMPLE83102", "readOnly": false, "eventType": "AwsConsoleSignIn", "managementEvent": true, "recipientAccountId": "999999999999", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com" } }
IAMpengguna, berhasil masuk dengan MFA
Catatan berikut menunjukkan bahwa IAM pengguna bernama Anaya berhasil masuk ke AWS Management Console menggunakan otentikasi multi-faktor ()MFA.
{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EXAMPLE6E4XEGITWATV6R", "arn": "arn:aws:iam::999999999999:user/Anaya", "accountId": "999999999999", "userName": "Anaya" }, "eventTime": "2023-07-19T22:01:30Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0", "requestParameters": null, "responseElements": { "ConsoleLogin": "Success" }, "additionalEventData": { "LoginTo": "https://console.aws.amazon.com/console/home?hashArgs=%23&isauthcode=true&state=hashArgsFromTB_us-east-1_examplebde32f3c9", "MobileVersion": "No", "MFAIdentifier": "arn:aws:iam::999999999999:mfa/mfa-device", "MFAUsed": "Yes" }, "eventID": "e1f76697-5beb-46e8-9cfc-EXAMPLEbde31", "readOnly": false, "eventType": "AwsConsoleSignIn", "managementEvent": true, "recipientAccountId": "999999999999", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com" } }
IAMpengguna, tidak berhasil masuk
Catatan berikut menunjukkan upaya masuk yang gagal dari IAM pengguna bernama. Paulo
{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EXAMPLE6E4XEGITWATV6R", "accountId": "123456789012", "accessKeyId": "", "userName": "Paulo" }, "eventTime": "2023-07-19T22:01:20Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0", "errorMessage": "Failed authentication", "requestParameters": null, "responseElements": { "ConsoleLogin": "Failure" }, "additionalEventData": { "LoginTo": "https://console.aws.amazon.com/console/home?hashArgs=%23&isauthcode=true&state=hashArgsFromTB_us-east-1_examplebde32f3c9", "MobileVersion": "No", "MFAUsed": "Yes" }, "eventID": "66c97220-2b7d-43b6-a7a0-EXAMPLEbae9c", "readOnly": false, "eventType": "AwsConsoleSignIn", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com" } }
IAMpengguna, proses masuk memeriksa MFA (tipe MFA perangkat tunggal)
Berikut ini menunjukkan bahwa proses masuk memeriksa apakah otentikasi multi-faktor (MFA) diperlukan untuk pengguna selama login. IAM Dalam contoh ini, mfaType nilainya adalahU2F MFA, yang menunjukkan bahwa IAM pengguna mengaktifkan satu MFA perangkat atau beberapa MFA perangkat dengan tipe yang sama (U2F MFA).
{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EXAMPLE6E4XEGITWATV6R", "accountId": "123456789012", "accessKeyId": "", "userName": "Alice" }, "eventTime": "2023-07-19T22:01:26Z", "eventSource": "signin.amazonaws.com", "eventName": "CheckMfa", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0", "requestParameters": null, "responseElements": { "CheckMfa": "Success" }, "additionalEventData": { "MfaType": "Virtual MFA" }, "eventID": "7d8a0746-b2e7-44f5-9917-EXAMPLEfb77c", "readOnly": false, "eventType": "AwsConsoleSignIn", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com" } }
IAMpengguna, proses masuk memeriksa MFA (beberapa jenis MFA perangkat)
Berikut ini menunjukkan bahwa proses masuk memeriksa apakah otentikasi multi-faktor (MFA) diperlukan untuk pengguna selama login. IAM Dalam contoh ini, mfaType nilainya adalahMultiple MFA Devices, yang menunjukkan bahwa IAM pengguna mengaktifkan beberapa jenis MFA perangkat.
{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EXAMPLE6E4XEGITWATV6R", "accountId": "123456789012", "accessKeyId": "", "userName": "Mary" }, "eventTime": "2023-07-19T23:10:09Z", "eventSource": "signin.amazonaws.com", "eventName": "CheckMfa", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0", "requestParameters": null, "responseElements": { "CheckMfa": "Success" }, "additionalEventData": { "MfaType": "Multiple MFA Devices" }, "eventID": "19bd1a1c-76b1-4806-9d8f-EXAMPLE02a96", "readOnly": false, "eventType": "AwsConsoleSignIn", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "signin.aws.amazon.com" } }
Contoh catatan peristiwa untuk pengguna root
Contoh berikut menunjukkan catatan peristiwa untuk beberapa skenario login root pengguna. Saat Anda masuk menggunakan pengguna root, CloudTrail merekam ConsoleLogin peristiwa di us-east-1.
Topik
Pengguna root, berhasil masuk tanpa MFA
Berikut ini menunjukkan peristiwa login yang berhasil untuk pengguna root yang tidak menggunakan otentikasi multi-faktor (). MFA
{ "eventVersion": "1.08", "userIdentity": { "type": "Root", "principalId": "111122223333", "arn": "arn:aws:iam::111122223333:root", "accountId": "111122223333", "accessKeyId": "" }, "eventTime": "2023-07-12T13:35:31Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "requestParameters": null, "responseElements": { "ConsoleLogin": "Success" }, "additionalEventData": { "LoginTo": "https://console.aws.amazon.com/console/home?hashArgs=%23&isauthcode=true&nc2=h_ct&src=header-signin&state=hashArgsFromTB_ap-southeast-2_example80afacd389", "MobileVersion": "No", "MFAUsed": "No" }, "eventID": "4217cc13-7328-4820-a90c-EXAMPLE8002e6", "readOnly": false, "eventType": "AwsConsoleSignIn", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "signin.aws.amazon.com" } }
Pengguna root, berhasil masuk dengan MFA
Berikut ini menunjukkan peristiwa login yang berhasil untuk pengguna root menggunakan otentikasi multi-faktor (). MFA
{ "eventVersion": "1.08", "userIdentity": { "type": "Root", "principalId": "444455556666", "arn": "arn:aws:iam::444455556666:root", "accountId": "444455556666", "accessKeyId": "" }, "eventTime": "2023-07-13T03:04:43Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "requestParameters": null, "responseElements": { "ConsoleLogin": "Success" }, "additionalEventData": { "LoginTo": "https://ap-southeast-1.console.aws.amazon.com/ec2/home?region=ap-southeast-1&state=hashArgs%23Instances%3Av%3D3%3B%24case%3Dtags%3Atrue%255C%2Cclient%3Afalse%3B%24regex%3Dtags%3Afalse%255C%2Cclient%3Afalse&isauthcode=true", "MobileVersion": "No", "MFAIdentifier": "arn:aws:iam::444455556666:mfa/root-account-mfa-device", "MFAUsed": "Yes" }, "eventID": "e0176723-ea76-4275-83a3-EXAMPLEf03fb", "readOnly": false, "eventType": "AwsConsoleSignIn", "managementEvent": true, "recipientAccountId": "444455556666", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "signin.aws.amazon.com" } }
Pengguna root, masuk tidak berhasil
Berikut ini menunjukkan peristiwa login yang gagal untuk pengguna root yang tidak menggunakan. MFA
{ "eventVersion": "1.08", "userIdentity": { "type": "Root", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "" }, "eventTime": "2023-07-16T04:33:40Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36", "errorMessage": "Failed authentication", "requestParameters": null, "responseElements": { "ConsoleLogin": "Failure" }, "additionalEventData": { "LoginTo": "https://us-east-1.console.aws.amazon.com/billing/home?region=us-east-1&state=hashArgs%23%2Faccount&isauthcode=true", "MobileVersion": "No", "MFAUsed": "No" }, "eventID": "f28d4329-5050-480b-8de0-EXAMPLE07329", "readOnly": false, "eventType": "AwsConsoleSignIn", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "signin.aws.amazon.com" } }
Pengguna root, MFA diubah
Berikut ini menunjukkan contoh peristiwa untuk pengguna root mengubah pengaturan otentikasi multi-faktor (MFA).
{ "eventVersion": "1.08", "userIdentity": { "type": "Root", "principalId": "111122223333", "arn": "arn:aws:iam::111122223333:root", "accountId": "111122223333", "accessKeyId": "EXAMPLE4XX3IEV4PFQTH", "userName": "AWS ROOT USER", "sessionContext": { "sessionIssuer": {}, "webIdFederationData": {}, "attributes": { "creationDate": "2023-07-15T03:51:12Z", "mfaAuthenticated": "false" } } }, "eventTime": "2023-07-15T04:37:08Z", "eventSource": "iam.amazonaws.com", "eventName": "EnableMFADevice", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36", "requestParameters": { "userName": "AWS ROOT USER", "serialNumber": "arn:aws:iam::111122223333:mfa/root-account-mfa-device" }, "responseElements": null, "requestID": "9b45cd4c-a598-41e7-9170-EXAMPLE535f0", "eventID": "b4f18d55-d36f-49a0-afcb-EXAMPLEc026b", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management", "sessionCredentialFromConsole": "true" }
Pengguna root, kata sandi diubah
Berikut ini menunjukkan contoh peristiwa untuk pengguna root yang mengubah kata sandi mereka.
{ "eventVersion": "1.08", "userIdentity": { "type": "Root", "principalId": "444455556666", "arn": "arn:aws:iam::444455556666:root", "accountId": "444455556666", "accessKeyId": "EXAMPLEAOTKEG44KPW5P", "sessionContext": { "sessionIssuer": {}, "webIdFederationData": {}, "attributes": { "creationDate": "2022-11-25T13:01:14Z", "mfaAuthenticated": "false" } } }, "eventTime": "2022-11-25T13:01:14Z", "eventSource": "iam.amazonaws.com", "eventName": "ChangePassword", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36", "requestParameters": null, "responseElements": null, "requestID": "c64254c2-e4ff-49c0-900e-EXAMPLE9e6d2", "eventID": "d059176c-4f4d-4a9e-b8d7-EXAMPLE2b7b3", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "444455556666", "eventCategory": "Management" }
Contoh catatan peristiwa untuk pengguna federasi
Contoh berikut menunjukkan catatan peristiwa untuk pengguna federasi. Pengguna federasi diberikan kredensi keamanan sementara untuk mengakses AWS sumber daya melalui permintaan. AssumeRole
Berikut ini menunjukkan contoh peristiwa untuk permintaan enkripsi federasi. ID kunci akses asli disediakan di accessKeyId bidang userIdentity elemen. accessKeyIdKolom di responseElements berisi ID kunci akses baru jika diminta sessionDuration diteruskan dalam permintaan enkripsi, jika tidak maka berisi nilai ID kunci akses asli.
catatan
Dalam contoh ini, mfaAuthenticated nilainya adalah false dan MFAUsed nilainya No karena permintaan dibuat oleh pengguna federasi. Bidang ini hanya akan disetel ke true jika permintaan dibuat oleh IAM pengguna atau pengguna root yang menggunakanMFA.
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "EXAMPLEUU4MH7OYK5ZCOA:JohnDoe", "arn": "arn:aws:sts::123456789012:assumed-role/roleName/JohnDoe", "accountId": "123456789012", "accessKeyId": "originalAccessKeyID", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EXAMPLEUU4MH7OYK5ZCOA", "arn": "arn:aws:iam::123456789012:role/roleName", "accountId": "123456789012", "userName": "roleName" }, "webIdFederationData": {}, "attributes": { "creationDate": "2023-09-25T21:30:39Z", "mfaAuthenticated": "false" } } }, "eventTime": "2023-09-25T21:30:39Z", "eventSource": "signin.amazonaws.com", "eventName": "GetSigninToken", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Java/1.8.0_382", "requestParameters": null, "responseElements": { "credentials": { "accessKeyId": "accessKeyID" }, "GetSigninToken": "Success" }, "additionalEventData": { "MobileVersion": "No", "MFAUsed": "No" }, "eventID": "1d66615b-a417-40da-a38e-EXAMPLE8c89b", "readOnly": false, "eventType": "AwsConsoleSignIn", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com" } }
Berikut ini menunjukkan peristiwa login yang berhasil untuk pengguna federasi; tidak menggunakan otentikasi multi-faktor (). MFA
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "EXAMPLEPHCNW7ZCASLJOH:JohnDoe", "arn": "arn:aws:sts::123456789012:assumed-role/RoleName/JohnDoe", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "EXAMPLEPHCNW7ZCASLJOH", "arn": "arn:aws:iam::123456789012:role/RoleName", "accountId": "123456789012", "userName": "RoleName" }, "webIdFederationData": {}, "attributes": { "creationDate": "2023-09-22T16:15:47Z", "mfaAuthenticated": "false" } } }, "eventTime": "2023-09-22T16:15:47Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36", "requestParameters": null, "responseElements": { "ConsoleLogin": "Success" }, "additionalEventData": { "MobileVersion": "No", "MFAUsed": "No" }, "eventID": "b73f1ec6-c064-4cd3-ba83-EXAMPLE441d7", "readOnly": false, "eventType": "AwsConsoleSignIn", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com" } }
