CreateKey - AWS Key Management Service

As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.

CreateKey

Esses exemplos mostram entradas de log do AWS CloudTrail para a operação CreateKey.

Uma entrada de log de CreateKey pode resultar de uma solicitação CreateKey ou da operação CreateKey para uma solicitação ReplicateKey.

O exemplo a seguir mostra uma entrada de log do CloudTrail para uma operação CreateKey que cria uma chave do KMS de criptografia simétrica. Para obter mais informações sobre como criar chaves do KMS, consulte Criar uma chave do KMS.

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2022-08-10T22:38:27Z", "eventSource": "kms.amazonaws.com", "eventName": "CreateKey", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "description": "", "origin": "EXTERNAL", "bypassPolicyLockoutSafetyCheck": false, "customerMasterKeySpec": "SYMMETRIC_DEFAULT", "keySpec": "SYMMETRIC_DEFAULT", "keyUsage": "ENCRYPT_DECRYPT" }, "responseElements": { "keyMetadata": { "AWSAccountId": "111122223333", "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "creationDate": "Aug 10, 2022, 10:38:27 PM", "enabled": false, "description": "", "keyUsage": "ENCRYPT_DECRYPT", "keyState": "PendingImport", "origin": "EXTERNAL", "keyManager": "CUSTOMER", "customerMasterKeySpec": "SYMMETRIC_DEFAULT", "keySpec": "SYMMETRIC_DEFAULT", "encryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "multiRegion": false } }, "requestID": "1aef6713-0223-4ff7-9a6d-781360521930", "eventID": "36327b37-f4f6-40a9-92ab-48064ec905a2", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }

O exemplo a seguir mostra uma entrada de log do CloudTrail para uma operação CreateKey que cria uma chave do KMS de criptografia simétrica em um armazenamento de chaves do AWS CloudHSM.

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2021-10-14T17:39:50Z", "eventSource": "kms.amazonaws.com", "eventName": "CreateKey", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "keyUsage": "ENCRYPT_DECRYPT", "bypassPolicyLockoutSafetyCheck": false, "origin": "AWS_CLOUDHSM", "keySpec": "SYMMETRIC_DEFAULT", "customerMasterKeySpec": "SYMMETRIC_DEFAULT", "customKeyStoreId": "cks-1234567890abcdef0", "description": "" }, "responseElements": { "keyMetadata": { "aWSAccountId": "111122223333", "keyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "arn": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", "creationDate": "Oct 14, 2021, 5:39:50 PM", "enabled": true, "description": "", "keyUsage": "ENCRYPT_DECRYPT", "keyState": "Enabled", "origin": "AWS_CLOUDHSM", "customKeyStoreId": "cks-1234567890abcdef0", "cloudHsmClusterId": "cluster-1a23b4cdefg", "keyManager": "CUSTOMER", "customerMasterKeySpec": "SYMMETRIC_DEFAULT", "keySpec": "SYMMETRIC_DEFAULT", "encryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "multiRegion": false } }, "additionalEventData": { "backingKey": "{\"backingKeyId\":\"backing-key-id\"}" }, "requestID": "4f0b185c-588c-4767-9e90-c618f7e13cad", "eventID": "c73964b8-703d-49e4-bd9e-f773d0ee1e65", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }

O exemplo a seguir mostra uma entrada de log do CloudTrail para uma operação CreateKey que cria uma chave do KMS de criptografia simétrica em um armazenamento de chaves externas.

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2022-09-07T22:37:45Z", "eventSource": "kms.amazonaws.com", "eventName": "CreateKey", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "tags": [], "keyUsage": "ENCRYPT_DECRYPT", "description": "", "origin": "EXTERNAL_KEY_STORE", "multiRegion": false, "keySpec": "SYMMETRIC_DEFAULT", "customerMasterKeySpec": "SYMMETRIC_DEFAULT", "bypassPolicyLockoutSafetyCheck": false, "customKeyStoreId": "cks-1234567890abcdef0", "xksKeyId": "bb8562717f809024" }, "responseElements": { "keyMetadata": { "aWSAccountId": "111122223333", "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "creationDate": "Dec 7, 2022, 10:37:45 PM", "enabled": true, "description": "", "keyUsage": "ENCRYPT_DECRYPT", "keyState": "Enabled", "origin": "EXTERNAL_KEY_STORE", "customKeyStoreId": "cks-1234567890abcdef0", "keyManager": "CUSTOMER", "customerMasterKeySpec": "SYMMETRIC_DEFAULT", "keySpec": "SYMMETRIC_DEFAULT", "encryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "multiRegion": false, "xksKeyConfiguration": { "id": "bb8562717f809024" } } }, "requestID": "ba197c82-3ac7-487a-8ff4-7736bbeb1316", "eventID": "838ad5f4-5fdd-4044-afd7-4dbd88c6af56", "readOnly": false, "resources": [ { "accountId": "227179770375", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-east-1:227179770375:key/39c5eb22-f37c-4956-92ca-89e8f8b57ab2" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }