# 使用 AWS CloudTrail 记录 Amazon CloudWatch API 和控制台操作
Amazon CloudWatch、CloudWatch Synthetics、CloudWatch RUM 和 Amazon Q 开发者版操作调查、网络流量监测仪和 CloudWatch 网络监测仪与 AWS CloudTrail 集成,后者是一种提供由用户、角色或 AWS 服务所采取操作的记录的服务。CloudTrail 捕获由您的 AWS 账户发出或代表该账户发出的 API 调用。捕获的调用包括来自 CloudWatch 控制台的调用和对 CloudWatch API 操作的代码调用。借助 CloudTrail 收集的信息,您可以确定向 CloudWatch 发出的请求、发出请求的 IP 地址、请求的发出时间及其他详细信息。
每个事件或日志条目都包含有关生成请求的人员信息。身份信息有助于您确定以下内容:
+ 请求是使用根用户凭证还是用户凭证发出的。
+ 请求是否代表 IAM Identity Center 用户发出。
+ 请求是使用角色还是联合用户的临时安全凭证发出的。
+ 请求是否由其他 AWS 服务 发出。
当您创建账户并可以自动访问 CloudTrail **事件历史记录**时,CloudTrail 在您的 AWS 账户 中处于活动状态。CloudTrail **事件历史记录**提供对 AWS 区域 中过去 90 天的已记录管理事件的可查看、可搜索、可下载和不可变记录。有关更多信息,请参阅《AWS CloudTrail 用户指南》的[使用 CloudTrail 事件历史记录](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html)**。查看**事件历史记录**不会收取 CloudTrail 费用。
要持续记录您的 AWS 账户 过去 90 天的事件,请创建跟踪或 [CloudTrail Lake](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake.html) 事件数据存储。
**CloudTrail 跟踪**
通过*跟踪记录*,CloudTrail 可将日志文件传送至 Amazon S3 存储桶。使用 AWS 管理控制台 创建的所有跟踪均具有多区域属性。您可以通过使用 AWS CLI 创建单区域或多区域跟踪。建议创建多区域跟踪,因为您可记录您账户中的所有 AWS 区域 的活动。如果您创建单区域跟踪,则只能查看跟踪的 AWS 区域 中记录的事件。有关跟踪的更多信息,请参阅《AWS CloudTrail 用户指南》**中的[为您的 AWS 账户 创建跟踪](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)和[为组织创建跟踪](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html)。
通过创建跟踪,您可以从 CloudTrail 免费向您的 Amazon S3 存储桶传送一份正在进行的管理事件的副本,但会收取 Amazon S3 存储费用。有关 CloudTrail 定价的更多信息,请参阅 [AWS CloudTrail 定价](https://aws.amazon.com/cloudtrail/pricing/)。有关 Amazon S3 定价的信息,请参阅 [Amazon S3 定价](https://aws.amazon.com/s3/pricing/)。
**CloudTrail Lake 事件数据存储**
*CloudTrail Lake* 允许您对事件运行基于 SQL 的查询。CloudTrail Lake 可将基于行的 JSON 格式的现有事件转换为 [Apache ORC](https://orc.apache.org/) 格式。ORC 是一种针对快速检索数据进行优化的列式存储格式。事件将被聚合到*事件数据存储*中,它是基于您通过应用[高级事件选择器](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake-concepts.html#adv-event-selectors)选择的条件的不可变的事件集合。应用于事件数据存储的选择器用于控制哪些事件持续存在并可供您查询。有关 CloudTrail Lake 的更多信息,请参阅《AWS CloudTrail 用户指南》**中的[使用 AWS CloudTrail Lake](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake.html)。
CloudTrail Lake 事件数据存储和查询会产生费用。创建事件数据存储时,您可以选择要用于事件数据存储的[定价选项](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake-manage-costs.html#cloudtrail-lake-manage-costs-pricing-option)。定价选项决定了摄取和存储事件的成本,以及事件数据存储的默认和最长保留期。有关 CloudTrail 定价的更多信息,请参阅 [AWS CloudTrail 定价](https://aws.amazon.com/cloudtrail/pricing/)。
**注意**
有关 CloudTrail 中记录的 CloudWatch Logs API 调用的信息,请参阅 [CloudTrail 中的 CloudWatch Logs 信息](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/logging_cw_api_calls_cwl.html#cwl_info_in_ct)。
**Topics**
+ [CloudTrail 中的 CloudWatch 信息](#cw_info_in_ct)
+ [CloudTrail 中的 CloudWatch 数据事件](#CloudWatch-data-plane-events)
+ [CloudTrail 中的查询生成信息](#cwl_query-generation-cloudtrail)
+ [CloudTrail 中 Amazon Q 开发者版操作调查事件](#Q-Developer-Investigations-Cloudtrail)
+ [CloudTrail 中的网络流量监测仪](#CloudWatch-NetworkFlowMonitor-info-in-ct)
+ [CloudTrail 中的网络流量监测仪数据面板事件](#CloudWatch-NetworkFlowMonitor-data-plane-events)
+ [CloudTrail 中的网络监测仪](#cw_im_info_in_ct)
+ [CloudTrail 中的 CloudWatch Synthetics 信息](#cw_synthetics_info_in_ct)
+ [CloudTrail 中的 CloudWatch RUM 信息](#RUM-CloudTrail)
+ [CloudTrail 中的 CloudWatch RUM 数据面板事件](#RUM-data-plane-events)
+ [CloudTrail 中的网络综合监测仪信息](#cw_network_synthetic_monitor_info_in_ct)
+ [CloudTrail 中的 CloudWatch Observability Access Manager 信息](#cw_observability_access_manager_info_in_ct)
+ [CloudTrail 中的 CloudWatch Observability Admin 信息](#cw_observability_admin_info_in_ct)
+ [CloudTrail 中的 CloudWatch Application Signals 信息](#cw_application_signals_info_in_ct)
+ [CloudTrail 中的 CloudWatch Application Insights 信息](#cw_application_insights_info_in_ct)
## CloudTrail 中的 CloudWatch 信息
CloudWatch 支持将以下操作记录为 CloudTrail 日志文件中的事件:
+ [DeleteAlarmActions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteAlarmActions.html)
+ [DeleteAnomalyDetector](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteAnomalyDetector.html)
+ [DeleteDashboards](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteDashboards.html)
+ [DeleteInsightRules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteInsightRules.html)
+ [DeleteMetricStream](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteMetricStream.html)
+ [DescribeAlarmHistory](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarmHistory.html)
+ [DescribeAlarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarms.html)
+ [DescribeAlarmsForMetric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarmsForMetric.html)
+ [DescribeAnomalyDetectors](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAnomalyDetectors.html)
+ [DescribeInsightRules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeInsightRules.html)
+ [DisableAlarmActions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DisableAlarmActions.html)
+ [DisableInsightRules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DisableInsightRules.html)
+ [EnableAlarmActions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_EnableAlarmActions.html)
+ [EnableInsightRules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_EnableInsightRules.html)
+ [GetDashboard](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetDashboard.html)
+ [GetInsightRuleReport](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetInsightRuleReport.html)
+ [GetMetricStream](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStream.html)
+ [ListDashboards](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListDashboards.html)
+ [ListManagedInsightRules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListManagedInsightRules.html)
+ [ListMetricStreams](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetricStreams.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListTagsForResource.html)
+ [PutAnomalyDetector](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutAnomalyDetector.html)
+ [PutCompositeAlarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutCompositeAlarm.html)
+ [PutDashboard](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutDashboard.html)
+ [PutInsightRule](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutInsightRule.html)
+ [PutManagedInsightRules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutManagedInsightRules.html)
+ [PutMetricAlarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricAlarm.html)
+ [PutMetricStream](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricStream.html)
+ [SetAlarmState](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_SetAlarmState.html)
+ [StartMetricStreams](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_StartMetricStreams.html)
+ [StopMetricStreams](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_StopMetricStreams.html)
+ [TagResource](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_UntagResource.html)
### 示例:CloudWatch 日志文件条目
下面的示例显示了一个 CloudTrail 日志条目,该条目演示了 `PutMetricAlarm` 操作。
```
{
"Records": [{
"eventVersion": "1.01",
"userIdentity": {
"type": "Root",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:root",
"accountId": "123456789012",
"accessKeyId": "EXAMPLE_KEY_ID"
},
"eventTime": "2014-03-23T21:50:34Z",
"eventSource": "monitoring.amazonaws.com",
"eventName": "PutMetricAlarm",
"awsRegion": "us-east-1",
"sourceIPAddress": "127.0.0.1",
"userAgent": "aws-sdk-ruby2/2.0.0.rc4 ruby/1.9.3 x86_64-linux Seahorse/0.1.0",
"requestParameters": {
"threshold": 50.0,
"period": 60,
"metricName": "CloudTrail Test",
"evaluationPeriods": 3,
"comparisonOperator": "GreaterThanThreshold",
"namespace": "AWS/CloudWatch",
"alarmName": "CloudTrail Test Alarm",
"statistic": "Sum"
},
"responseElements": null,
"requestID": "29184022-b2d5-11e3-a63d-9b463e6d0ff0",
"eventID": "b096d5b7-dcf2-4399-998b-5a53eca76a27"
},
..additional entries
]
}
```
以下日志文件条目显示某个用户调用了 CloudWatch Events `PutRule` 操作。
```
{
"eventVersion":"1.03",
"userIdentity":{
"type":"Root",
"principalId":"123456789012",
"arn":"arn:aws:iam::123456789012:root",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"sessionContext":{
"attributes":{
"mfaAuthenticated":"false",
"creationDate":"2015-11-17T23:56:15Z"
}
}
},
"eventTime":"2015-11-18T00:11:28Z",
"eventSource":"events.amazonaws.com",
"eventName":"PutRule",
"awsRegion":"us-east-1",
"sourceIPAddress":"AWS Internal",
"userAgent":"AWS CloudWatch Console",
"requestParameters":{
"description":"",
"name":"cttest2",
"state":"ENABLED",
"eventPattern":"{\"source\":[\"aws.ec2\"],\"detail-type\":[\"EC2 Instance State-change Notification\"]}",
"scheduleExpression":""
},
"responseElements":{
"ruleArn":"arn:aws:events:us-east-1:123456789012:rule/cttest2"
},
"requestID":"e9caf887-8d88-11e5-a331-3332aa445952",
"eventID":"49d14f36-6450-44a5-a501-b0fdcdfaeb98",
"eventType":"AwsApiCall",
"apiVersion":"2015-10-07",
"recipientAccountId":"123456789012"
}
```
以下日志文件条目显示某个用户调用了 CloudWatch Logs `CreateExportTask` 操作。
```
{
"eventVersion": "1.03",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:user/someuser",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "someuser"
},
"eventTime": "2016-02-08T06:35:14Z",
"eventSource": "logs.amazonaws.com",
"eventName": "CreateExportTask",
"awsRegion": "us-east-1",
"sourceIPAddress": "127.0.0.1",
"userAgent": "aws-sdk-ruby2/2.0.0.rc4 ruby/1.9.3 x86_64-linux Seahorse/0.1.0",
"requestParameters": {
"destination": "yourdestination",
"logGroupName": "yourloggroup",
"to": 123456789012,
"from": 0,
"taskName": "yourtask"
},
"responseElements": {
"taskId": "15e5e534-9548-44ab-a221-64d9d2b27b9b"
},
"requestID": "1cd74c1c-ce2e-12e6-99a9-8dbb26bd06c9",
"eventID": "fd072859-bd7c-4865-9e76-8e364e89307c",
"eventType": "AwsApiCall",
"apiVersion": "20140328",
"recipientAccountId": "123456789012"
}
```
## CloudTrail 中的 CloudWatch 数据事件
CloudTrail 可以在指标 [GetMetricData](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html)、[GetMetricWidgetImage](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricWidgetImage.html)、[PutMetricData](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricData.html)、[GetMetricStatistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStatistics.html) 和 [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) API 上捕获与 CloudWatch 数据面板相关的 API 活动。
[数据事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events)也称为数据面板操作,可让您深入了解在资源上或资源内执行的资源操作。数据事件通常是高容量活动。
默认情况下,CloudTrail 不记录数据事件。CloudTrail **事件历史记录**不记录数据事件。
记录数据事件将收取额外费用。有关 CloudTrail 定价的更多信息,请参阅 [AWS CloudTrail 定价](https://aws.amazon.com/cloudtrail/pricing/)。
您可以使用 CloudTrail 控制台、AWS CLI 或 CloudTrail API 操作记录 CloudWatch 资源类型的数据事件。有关如何记录数据事件的更多信息,请参阅《AWS CloudTrail 用户指南》**中的[使用 AWS 管理控制台 记录数据事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-console)和[使用 AWS Command Line Interface 记录数据事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-with-the-AWS-CLI)。
可以按资源类型筛选数据面板事件。由于在 CloudTrail 中使用数据事件会产生额外费用,因此按资源筛选可以让您更好地控制自己记录和支付费用的内容。
使用 CloudTrail 采集的信息,可以确定任何指标 API、请求者的 IP 地址、请求者的身份以及请求的日期和时间。使用 CloudTrail 记录 **GetMetricData**、**GetMetricWidgetImage**、**PutMetricData**、**GetMetricStatistics** 和 **ListMetrics** API,可帮助您实现 AWS 账户的运营和风险审计、治理与合规性。
**注意**
当您在 CloudTrail 中查看 **GetMetricData** 事件时,可能会看到比您发起的调用更多的调用。这是因为 CloudWatch 将由内部组件发起的 **GetMetricData** 操作的事件记录到 CloudTrail。例如,在跨账户可观测性中,您将看到 CloudWatch 控制面板发起 **GetMetricData** 调用以刷新小组件数据,而监控账户发起 **GetMetricData** 调用以从源账户检索数据。这些内部发起的调用不会产生 CloudWatch 费用,但会计入 CloudTrail 中记录的事件数量,而 CloudTrail 根据记录的事件数量收费。
以下是 **GetMetricData** 操作的 CloudTrail 事件示例。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "IAMUser",
"principalId": "AIDA2NYTR2EPCTNY7AF3L",
"arn": "arn:aws:iam::111122223333:user/admin",
"accountId": "111122223333",
"accessKeyId": "EXAMPLE1234567890",
"userName": "admin"
},
"eventTime": "2024-05-08T16:20:34Z",
"eventSource": "monitoring.amazonaws.com",
"eventName": "GetMetricData",
"awsRegion": "us-east-1",
"sourceIPAddress": "99.45.3.7",
"userAgent": "aws-cli/2.13.23 Python/3.11.5 Darwin/23.4.0 exe/x86_64 prompt/off command/cloudwatch.get-metric-data",
"requestParameters": {
"metricDataQueries": [{
"id": "e1",
"expression": "m1 / m2",
"label": "ErrorRate"
},
{
"id": "m1",
"metricStat": {
"metric": {
"namespace": "CWAgent",
"metricName": "disk_used_percent",
"dimensions": [{
"name": "LoadBalancerName",
"value": "EXAMPLE4623a5cb6a7384c5229"
}]
},
"period": 300,
"stat": "Sum",
"unit": "Count"
},
"returnData": false
},
{
"id": "m2",
"metricStat": {
"metric": {
"namespace": "CWAgent",
"metricName": "disk_used_percent",
"dimensions": [{
"name": "LoadBalancerName",
"value": "EXAMPLE4623a5cb6a7384c5229"
}]
},
"period": 300,
"stat": "Sum"
},
"returnData": true
}
],
"startTime": "Apr 19, 2024, 4:00:00 AM",
"endTime": "May 8, 2024, 4:30:00 AM"
},
"responseElements": null,
"requestID": "EXAMPLE-57ac-47d5-938c-f5917c6799d5",
"eventID": "EXAMPLE-211c-404b-b13d-36d93c8b4fbf",
"readOnly": true,
"resources": [{
"type": "AWS::CloudWatch::Metric"
}],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "111122223333",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "monitoring.us-east-1.amazonaws.com"
}
}
```
以下是 **PutMetricData** 操作的 CloudTrail 事件示例。
```
{
"eventVersion": "1.11",
"userIdentity": {
"type": "AssumedRole",
"principalId": "111122223333:example.amazon.com",
"arn": "arn:aws:sts::111122223333:assumed-role/cloudwatch.full.access/example.amazon.com",
"accountId": "111122223333",
"accessKeyId": "EXAMPLE1234567890",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROA3FLD4LJVPWYJ6BCNM",
"arn": "arn:aws:iam::111122223333:role/cloudwatch.full.access",
"accountId": "111122223333",
"userName": "cloudwatch.full.access"
},
"attributes": {
"creationDate": "2025-06-19T23:19:50Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2025-06-19T23:51:04Z",
"eventSource": "monitoring.amazonaws.com",
"eventName": "PutMetricData",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "AWS Internal",
"requestParameters": {
"namespace": "CloudTrailTests",
"metricData": [
{
"metricName": "CloudTrailPutMetricDataTest",
"dimensions": [
{
"name": "TestDimName",
"value": "TestDimValue"
}
]
}
]
},
"responseElements": null,
"requestID": "877db913-2620-4929-97f3-f3c93c6f689b",
"eventID": "0c0c4516-75f4-4b27-8a83-213821a96a2b",
"readOnly": false,
"resources": [
{
"type": "AWS::CloudWatch::Metric"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "111122223333",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "monitoring.us-east-1.amazonaws.com"
}
}
```
## CloudTrail 中的查询生成信息
还支持查询生成器控制台事件的 CloudTrail 日志记录。查询生成器目前支持 CloudWatch Metric Insights 和 CloudWatch Logs Insights。在这些 CloudTrail 事件中,`eventSource` 为 `monitoring.amazonaws.com`。
以下示例显示了一个 CloudTrail 日志条目,该条目演示了 CloudWatch Metrics Insights 中的 **GenerateQuery** 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:assumed-role/role_name",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111222333444:role/Administrator",
"accountId": "123456789012",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2020-04-08T21:43:24Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2020-04-08T23:06:30Z",
"eventSource": "monitoring.amazonaws.com",
"eventName": "GenerateQuery",
"awsRegion": "us-east-1",
"sourceIPAddress": "127.0.0.1",
"userAgent": "exampleUserAgent",
"requestParameters": {
"query_ask": "***",
"query_type": "MetricsInsights",
"metrics_insights": {
"aws_namespaces": [
"AWS/S3",
"AWS/Lambda",
"AWS/DynamoDB"
]
},
"include_description": true
},
"responseElements": null,
"requestID": "2f56318c-cfbd-4b60-9d93-1234567890",
"eventID": "52723fd9-4a54-478c-ac55-1234567890",
"readOnly": true,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
## CloudTrail 中 Amazon Q 开发者版操作调查事件
Amazon Q 开发者版操作调查支持将以下操作记录为 CloudTrail 日志文件中的事件。
+ [CreateInvestigationGroup](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_CreateInvestigationGroup.html)
+ [GetInvestigationGroup](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_GetInvestigationGroup.html)
+ [DeleteInvestigationGroup](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_DeleteInvestigationGroup.html)
+ [ListInvestigationGroup](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_ListInvestigationGroups.html)
+ [PutInvestigationGroupPolicy](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_PutInvestigationGroupPolicy.html)
+ [DeleteInvestigationGroupPolicy](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_DeleteInvestigationGroupPolicy.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_ListTagsForResource.html)
+ [GetInvestigationGroupPolicy](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_GetInvestigationGroupPolicy.html)
+ [TagResource](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_UntagResource.html)
+ [UpdateInvestigationGroup](https://docs.aws.amazon.com/cloudwatchinvestigations/latest/APIReference/API_UpdateInvestigationGroup.html)
### 示例:Amazon Q 开发者版操作调查日志文件条目
下面的示例显示了 Amazon Q 开发者版操作调查日志条目,该条目演示了 `CreateInvestigationGroup` 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:assumed-role/role_name",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:role/role_name",
"accountId": "123456789012",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-10-30T18:42:05Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-10-30T18:48:26Z",
"eventSource": "aiops.amazonaws.com",
"eventName": "CreateInvestigationGroup",
"awsRegion": "us-east-1",
"sourceIPAddress": "127.0.0.1",
"userAgent": "exampleUserAgent",
"requestParameters": {
"name": "exampleName",
"roleArn": "arn:aws:iam::123456789012:role/role_name" },
"responseElements": {
"arn": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890"
},
"requestId": "e9caf887-8d88-11e5-a331-3332aa445952",
"requestId": "49d14f36-6450-44a5-a501-b0fdcdfaeb98",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management"
}
```
下面的示例显示了 Amazon Q 开发者版操作调查日志条目,该条目演示了 `CreateInvestigationEvent` 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:sts::123456789012:assumed-role/role_name",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:role/role_name",
"accountId": "123456789012",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-10-30T16:17:49Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-10-30T16:35:34Z",
"eventSource": "aiops.amazonaws.com",
"eventName": "CreateInvestigationEvent",
"awsRegion": "us-east-1",
"sourceIPAddress": "127.0.0.1",
"userAgent": "exampleUserAgent",
"requestParameters": {
"identifier": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890",
"investigationId": "bcdef01234567890",
"clientToken": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"type": "METRIC_OBSERVATION",
"body": "***"
},
"responseElements": {
"investigationGroupArn": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890",
"investigationId": "bcdef01234567890",
"investigationEventId": "14567890abcdef0g"
},
"requestId": "e9caf887-8d88-11e5-a331-3332aa445952",
"eventId": "49d14f36-6450-44a5-a501-b0fdcdfaeb98",
"readOnly": false,
"resources": [{
"accountId": "123456789012",
"type": "AWS::AIOps::InvestigationGroup",
"ARN": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890"
}],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data"
}
```
下面的示例显示了 Amazon Q 开发者版操作调查日志条目,该条目演示了 `UpdateInvestigationEvent` 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:sts::123456789012:assumed-role/role_name",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:role/role_name",
"accountId": "123456789012",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-10-30T16:17:49Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-10-30T16:24:48Z",
"eventSource": "aiops.amazonaws.com",
"eventName": "UpdateInvestigationEvent",
"awsRegion": "us-east-1",
"sourceIPAddress": "127.0.0.1",
"userAgent": "exampleUserAgent",
"requestParameters": {
"identifier": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890",
"investigationId": "bcdef01234567890",
"investigationEventId": "14567890abcdef0g",
"comment": "***"
},
"responseElements": null,
"requestId": "e9caf887-8d88-11e5-a331-3332aa445952",
"eventId": "49d14f36-6450-44a5-a501-b0fdcdfaeb98",
"readOnly": false,
"resources": [{
"accountId": "123456789012",
"type": "AWS::AIOps::InvestigationGroup",
"ARN": "arn:aws:aiops:us-east-1:123456789012:investigation-group/021345abcdef67890"
}],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data"
}
```
## CloudTrail 中的网络流量监测仪
网络流量监测仪支持将以下操作记录为 CloudTrail 日志文件中的事件。
+ [CreateMonitor](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_CreateMonitor.html)
+ [CreateScope](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_CreateScope.html)
+ [DeleteMonitor](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_DeleteMonitor.html)
+ [DeleteScope](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_DeleteScope.html)
+ [GetMonitor](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetMonitor.html)
+ [GetScope](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetScope.html)
+ [ListMonitors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_ListMonitors.html)
+ [ListScopes](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_ListScopes.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_ListTagsForResource.html)
+ [TagResource](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_UntagResource.html)
+ [UpdateMonitor](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_UpdateMonitor.html)
+ [UpdateScope](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_UpdateScope.html)
### 示例:网络流量监测仪日志文件条目
以下示例显示了网络流量监测仪 CloudTrail 日志条目,该条目演示了 `CreateMonitor` 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:assumed-role/role_name",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:role/Admin",
"accountId": "123456789012",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-11-03T15:43:27Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-11-03T15:58:11Z",
"eventSource": "networkflowmonitor.amazonaws.com",
"eventName": "CreateMonitor",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"requestParameters": {
"MonitorName": "TestMonitor",
"ClientToken": "33551db7-1618-4aab-cdef-EXAMPLE33333",
"LocalResources": [
{
"Type": "AWS::EC2::Subnet",
"Identifier": "subnet-cdef-EXAMPLEbbbbb"
},
{
"Type": "AWS::EC2::Subnet",
"Identifier": "subnet-cdef-EXAMPLEccccc"
},
{
"Type": "AWS::EC2::Subnet",
"Identifier": "subnet-cdef-EXAMPLEddddd"
},
{
"Type": "AWS::EC2::Subnet",
"Identifier": "subnet-cdef-EXAMPLEeeeee"
},
{
"Type": "AWS::EC2::Subnet",
"Identifier": "subnet-cdef-EXAMPLEfffff"
},
{
"Type": "AWS::EC2::Subnet",
"Identifier": "subnet-cdef-EXAMPLEggggg"
}
]
},
"responseElements": {
"Access-Control-Expose-Headers": "*",
"MonitorArn": "arn:aws:networkflowmonitor:us-east-1:000000000000:monitor/TestMonitor",
"MonitorName": "TestMonitor",
"MonitorStatus": "ACTIVE"
},
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:assumed-role/role_name",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:role/Admin",
"accountId":"123456789012",
"userName": "SAMPLE_NAME"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2022-10-11T17:25:41Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2022-10-11T17:30:18Z",
"eventSource": "networkflowmonitor.amazonaws.com",
"eventName": "ListMonitors",
"awsRegion": "us-east-2",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"requestParameters": null,
"responseElements": null,
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": true,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
## CloudTrail 中的网络流量监测仪数据面板事件
CloudTrail 可以捕获与 CloudWatch-NetworkFlowMonitor 数据面板操作相关的 API 活动。
[数据事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events)也称为数据面板操作,可让您深入了解在资源上或资源内执行的资源操作。数据事件通常是高容量活动。
要在 CloudTrail 中启用网络流量监测仪数据事件,需要在 CloudTrail 中启用数据面板 API 活动日志记录。有关更多信息,请参阅[记录数据事件用于跟踪](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html)。
可以按资源类型筛选数据面板事件。由于在 CloudTrail 中使用数据事件会产生额外费用,因此按资源筛选可以让您更好地控制自己记录和支付费用的内容。
使用 CloudTrail 收集的信息,可以确定向 CloudWatch-NetworkFlowMonitor 数据面板 API 发出的特定请求、请求者的 IP 地址、请求者的身份以及请求的日期和时间。使用 CloudTrail 记录数据面板 API 可帮助您实现 AWS 账户的运营和风险审计、治理与合规性。
以下是网络流量监测仪中的数据面板 API。
+ [GetQueryResultsMonitorTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryResultsMonitorTopContributors.html)
+ [GetQueryResultsMonitorsTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryResultsMonitorsTopContributors.html)
+ [GetQueryResultsWorkloadInsightsTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryResultsWorkloadInsightsTopContributors.html)
+ [GetQueryResultsWorkloadInsightsTopContributorsData](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryResultsWorkloadInsightsTopContributorsData.html)
+ [GetQueryStatusMonitorTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryStatusMonitorTopContributors.html)
+ [GetQueryStatusMonitorsTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryStatusMonitorsTopContributors.html)
+ [GetQueryStatusWorkloadInsightsTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryStatusWorkloadInsightsTopContributors.html)
+ [GetQueryStatusWorkloadInsightsTopContributorsData](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryStatusWorkloadInsightsTopContributorsData.html)
+ [StartQueryMonitorTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StartQueryMonitorTopContributors.html)
+ [StartQueryMonitorsTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StartQueryMonitorsTopContributors.html)
+ [StartQueryWorkloadInsightsTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StartQueryWorkloadInsightsTopContributors.html)
+ [StartQueryWorkloadInsightsTopContributorsData](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StartQueryWorkloadInsightsTopContributorsData.html)
+ [StopQueryMonitorTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StopQueryMonitorTopContributors.html)
+ [StopQueryMonitorsTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StopQueryMonitorsTopContributors.html)
+ [StopQueryWorkloadInsightsTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StopQueryWorkloadInsightsTopContributors.html)
+ [StopQueryWorkloadInsightsTopContributorsData](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StopQueryWorkloadInsightsTopContributorsData.html)
下面的示例显示了一个 CloudTrail 日志条目,该条目演示了 [GetQueryResultsMonitorsTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryResultsMonitorsTopContributors.html) 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:assumed-role/role_name",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:role/Admin",
"accountId": "123456789012",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-11-03T15:43:27Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-11-15T14:08:04Z",
"eventSource": "networkflowmonitor.amazonaws.com",
"eventName": "GetQueryResultsMonitorTopContributors",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"errorCode": "AccessDenied",
"requestParameters": {
"QueryId": "a1b2c3d4-5678-90ab-cdef-EXAMPLEQuery,
"MaxResults": "20",
"MonitorName": "TestMonitor"
},
"responseElements": null,
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": true,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::NetworkFlowMonitor::Monitor",
"ARN": "arn:aws:networkflowmonitor:us-east-1:123456789012:monitor/TestMonitor"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "000000000000",
"eventCategory": "Data"
}
```
下面的示例显示了一个 CloudTrail 日志条目,该条目演示了 [GetQueryResultsWorkloadInsightsTopContributors](https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryResultsWorkloadInsightsTopContributors.html) 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:assumed-role/role_name",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:role/Admin",
"accountId": "123456789012",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-11-03T15:43:27Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-11-15T14:08:04Z",
"eventSource": "networkflowmonitor.amazonaws.com",
"eventName": "GetQueryResultsWorkloadInsightsTopContributorsData",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"errorCode": "AccessDenied",
"requestParameters": {
"QueryId": "a1b2c3d4-5678-90ab-cdef-EXAMPLEQuery",
"ScopeId": "a1b2c3d4-5678-90ab-cdef-EXAMPLEScope"
},
"responseElements": null,
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": true,
"resources": [
{
"accountId": "496383180932",
"type": "AWS::NetworkFlowMonitor::Scope",
"ARN": "arn:aws:networkflowmonitor:us-east-1:123456789012:scope/a1b2c3d4-5678-90ab-cdef-EXAMPLEScope"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "000000000000",
"eventCategory": "Data"
}
```
## CloudTrail 中的网络监测仪
网络监测仪支持将以下操作记录为 CloudTrail 日志文件中的事件。
+ [CreateMonitor](https://docs.aws.amazon.com/internet-monitor/latest/api/API_CreateMonitor.html)
+ [DeleteMonitor](https://docs.aws.amazon.com/internet-monitor/latest/api/API_DeleteMonitor.html)
+ [GetHealthEvent](https://docs.aws.amazon.com/internet-monitor/latest/api/API_GetHealthEvent.html)
+ [GetMonitor](https://docs.aws.amazon.com/internet-monitor/latest/api/API_GetMonitor.html)
+ [GetQueryResults](https://docs.aws.amazon.com/internet-monitor/latest/api/API_GetQueryResults.html)
+ [GetQueryStatus](https://docs.aws.amazon.com/internet-monitor/latest/api/API_GetQueryStatus.html)
+ [ListHealthEvents](https://docs.aws.amazon.com/internet-monitor/latest/api/API_ListHealthEvents.html)
+ [ListInternetEvents](https://docs.aws.amazon.com/internet-monitor/latest/api/API_ListInternetEvents.html)
+ [ListMonitors](https://docs.aws.amazon.com/internet-monitor/latest/api/API_ListMonitors.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/internet-monitor/latest/api/API_ListTagsForResource.html)
+ [StartQuery](https://docs.aws.amazon.com/internet-monitor/latest/api/API_StartQuery.html)
+ [StopQuery](https://docs.aws.amazon.com/internet-monitor/latest/api/API_StopQuery.html)
+ [TagResource](https://docs.aws.amazon.com/internet-monitor/latest/api/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/internet-monitor/latest/api/API_UntagResource.html)
+ [UpdateMonitor](https://docs.aws.amazon.com/internet-monitor/latest/api/API_UpdateMonitor.html)
### 示例:网络监测仪日志文件条目
以下示例显示了一个 CloudTrail Internet Monitor 日志条目,该条目演示了 `ListMonitors` 操作。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:assumed-role/role_name",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:role/Admin",
"accountId":"123456789012",
"userName": "SAMPLE_NAME"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2022-10-11T17:25:41Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2022-10-11T17:30:18Z",
"eventSource": "internetmonitor.amazonaws.com",
"eventName": "ListMonitors",
"awsRegion": "us-east-2",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"requestParameters": null,
"responseElements": null,
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": true,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
以下示例显示了一个 CloudTrail Internet Monitor 日志条目,该条目演示了 `CreateMonitor` 操作。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:assumed-role/role_name",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::000000000000:role/Admin",
"accountId":"123456789012",
"userName": "SAMPLE_NAME"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2022-10-11T17:25:41Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2022-10-11T17:30:08Z",
"eventSource": "internetmonitor.amazonaws.com",
"eventName": "CreateMonitor",
"awsRegion": "us-east-2",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"requestParameters": {
"MonitorName": "TestMonitor",
"Resources": ["arn:aws:ec2:us-east-2:444455556666:vpc/vpc-febc0b95"],
"ClientToken": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333"
},
"responseElements": {
"Arn": "arn:aws:internetmonitor:us-east-2:444455556666:monitor/ct-onboarding-test",
"Status": "PENDING"
},
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
## CloudTrail 中的 CloudWatch Synthetics 信息
CloudWatch Synthetics 支持在 CloudTrail 日志文件中将以下操作记录为事件:
+ [AssociateResource](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_AssociateResource.html)
+ [CreateCanary](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_CreateCanary.html)
+ [CreateGroup](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_CreateGroup.html)
+ [DeleteCanary](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_DeleteCanary.html)
+ [DeleteGroup](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_DeleteGroup.html)
+ [DescribeCanaries](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_DescribeCanaries.html)
+ [DescribeCanariesLastRun](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_DescribeCanariesLastRun.html)
+ [DescribeRuntimeVersions](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_DescribeRuntimeVersions.html)
+ [DisassociateResource](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_DisassociateResource.html)
+ [GetCanary](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_GetCanary.html)
+ [GetCanaryRuns](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_GetCanaryRuns.html)
+ [GetGroup](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_GetGroup.html)
+ [ListAssociatedGroups](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_ListAssociatedGroups.html)
+ [ListGroupResources](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_ListGroupResources.html)
+ [ListGroups](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_ListGroups.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_ListTagsForResource.html)
+ [StartCanary](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_StartCanary.html)
+ [StartCanaryDryRun](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_StartCanaryDryRun.html)
+ [StopCanary](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_StopCanary.html)
+ [TagResource](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_UntagResource.html)
+ [UpdateCanary](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_UpdateCanary.html)
### 示例:CloudWatch Synthetics 日志文件条目
下面的示例显示了一个 CloudTrail Synthetics 日志条目,该条目说明了 `DescribeCanaries` 操作。
```
{
"eventVersion": "1.05",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:assumed-role/role_name",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111222333444:role/Administrator",
"accountId":"123456789012",
"userName": "SAMPLE_NAME"
},
"webIdFederationData": {},
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2020-04-08T21:43:24Z"
}
}
},
"eventTime": "2020-04-08T23:06:47Z",
"eventSource": "synthetics.amazonaws.com",
"eventName": "DescribeCanaries",
"awsRegion": "us-east-1",
"sourceIPAddress": "127.0.0.1",
"userAgent": "aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation",
"requestParameters": null,
"responseElements": null,
"requestID": "201ed5f3-15db-4f87-94a4-123456789",
"eventID": "73ddbd81-3dd0-4ada-b246-123456789",
"readOnly": true,
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
}
```
下面的示例显示了一个 CloudTrail Synthetics 日志条目,该条目说明了 `UpdateCanary` 操作。
```
{
"eventVersion": "1.05",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:assumed-role/role_name",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111222333444:role/Administrator",
"accountId":"123456789012",
"userName": "SAMPLE_NAME"
},
"webIdFederationData": {},
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2020-04-08T21:43:24Z"
}
}
},
"eventTime": "2020-04-08T23:06:47Z",
"eventSource": "synthetics.amazonaws.com",
"eventName": "UpdateCanary",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation",
"requestParameters": {
"Schedule": {
"Expression": "rate(1 minute)"
},
"name": "sample_canary_name",
"Code": {
"Handler": "myOwnScript.handler",
"ZipFile": "SAMPLE_ZIP_FILE"
}
},
"responseElements": null,
"requestID": "fe4759b0-0849-4e0e-be71-1234567890",
"eventID": "9dc60c83-c3c8-4fa5-bd02-1234567890",
"readOnly": false,
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
}
```
下面的示例显示了一个 CloudTrail Synthetics 日志条目,该条目说明了 `GetCanaryRuns` 操作。
```
{
"eventVersion": "1.05",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:assumed-role/role_name",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111222333444:role/Administrator",
"accountId":"123456789012",
"userName": "SAMPLE_NAME"
},
"webIdFederationData": {},
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2020-04-08T21:43:24Z"
}
}
},
"eventTime": "2020-04-08T23:06:30Z",
"eventSource": "synthetics.amazonaws.com",
"eventName": "GetCanaryRuns",
"awsRegion": "us-east-1",
"sourceIPAddress": "127.0.0.1",
"userAgent": "aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation",
"requestParameters": {
"Filter": "TIME_RANGE",
"name": "sample_canary_name",
"FilterValues": [
"2020-04-08T23:00:00.000Z",
"2020-04-08T23:10:00.000Z"
]
},
"responseElements": null,
"requestID": "2f56318c-cfbd-4b60-9d93-1234567890",
"eventID": "52723fd9-4a54-478c-ac55-1234567890",
"readOnly": true,
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
}
```
## CloudTrail 中的 CloudWatch RUM 信息
CloudWatch RUM 支持将以下操作记录为 CloudTrail 日志文件中的事件:
+ [BatchCreateRumMetricDefinitions](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_BatchCreateRumMetricDefinitions.html)
+ [BatchDeleteRumMetricDefinitions](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_BatchDeleteRumMetricDefinitions.html)
+ [BatchGetRumMetricDefinitions](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_BatchGetRumMetricDefinitions.html)
+ [CreateAppMonitor](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_CreateAppMonitor.html)
+ [DeleteAppMonitor](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_DeleteAppMonitor.html)
+ [DeleteResourcePolicy](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_DeleteResourcePolicy.html)
+ [DeleteRumMetricsDestination](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_DeleteRumMetricsDestination.html)
+ [GetAppMonitor](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_GetAppMonitor.html)
+ [GetAppMonitorData](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_GetAppMonitorData.html)
+ [GetResourcePolicy](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_GetResourcePolicy.html)
+ [ListAppMonitors](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_ListAppMonitors.html)
+ [ListRumMetricsDestinations](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_ListRumMetricsDestinations.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_ListTagsForResource.html)
+ [PutResourcePolicy](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_PutResourcePolicy.html)
+ [PutRumMetricsDestination](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_PutRumMetricsDestination.html)
+ [TagResource](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_UntagResource.html)
+ [UpdateAppMonitor](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_UpdateAppMonitor.html)
+ [UpdateRumMetricDefinition](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_UpdateRumMetricDefinition.html)
### 示例:CloudWatch RUM 日志文件条目
本节包含某些 CloudWatch RUM API 的 CloudTrail 条目示例。
以下示例是演示 [CreateAppMonitor](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_CreateAppMonitor.html) 操作的 CloudTrail 日志条目。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::777777777777:assumed-role/EXAMPLE",
"accountId": "777777777777",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:iam::777777777777:role/EXAMPLE",
"accountId": "777777777777",
"userName": "USERNAME_EXAMPLE"
},
"attributes": {
"creationDate": "2024-07-23T16:48:47Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-07-23T18:02:57Z",
"eventSource": "rum.amazonaws.com",
"eventName": "CreateAppMonitor",
"awsRegion": "us-east-1",
"sourceIPAddress": "54.240.198.39",
"userAgent": "aws-internal/3 aws-sdk-java/1.12.641 Linux/5.10.219-186.866.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.402-b08 java/1.8.0_402 vendor/Oracle_Corporation cfg/retry-mode/standard",
"requestParameters": {
"CustomEvents": {
"Status": "ENABLED"
},
"CwLogEnabled": true,
"Domain": "*.github.io",
"AppMonitorConfiguration": {
"SessionSampleRate": 1,
"IncludedPages": [],
"ExcludedPages": [],
"Telemetries": [
"performance",
"errors",
"http"
],
"EnableXRay": false,
"AllowCookies": true,
"IdentityPoolId": "us-east-1:c81b9a1c-a5c9-4de5-8585-eb8df04e66f0"
},
"Tags": {
"TestAppMonitor": ""
},
"Name": "TestAppMonitor"
},
"responseElements": {
"Id": "65a8cc63-4ae8-4f2c-b5fc-4a54ef43af51"
},
"requestID": "cf7c30ad-25d3-4274-bab1-39c95a558007",
"eventID": "2d43cc69-7f89-4f1a-95ae-0fc7e9b9fb3b",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "777777777777",
"eventCategory": "Management"
}
```
以下示例是演示 [PutRumMetricsDestination](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_PutRumMetricsDestination.html) 操作的 CloudTrail 日志条目。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::777777777777:assumed-role/EXAMPLE",
"accountId": "777777777777",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:iam::777777777777:role/EXAMPLE",
"accountId": "777777777777",
"userName": "USERNAME_EXAMPLE"
},
"attributes": {
"creationDate": "2024-07-23T16:48:47Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-07-23T18:22:22Z",
"eventSource": "rum.amazonaws.com",
"eventName": "PutRumMetricsDestination",
"awsRegion": "us-east-1",
"sourceIPAddress": "52.94.133.142",
"userAgent": "aws-cli/2.13.25 Python/3.11.5 Linux/5.10.219-186.866.amzn2int.x86_64 exe/x86_64.amzn.2 prompt/off command/rum.put-rum-metrics-destination",
"requestParameters": {
"Destination": "CloudWatch",
"AppMonitorName": "TestAppMonitor"
},
"responseElements": null,
"requestID": "9b03fcce-b3a2-44fc-b771-900e1702998a",
"eventID": "6250f9b7-0505-4f96-9668-feb64f82de5b",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "777777777777",
"eventCategory": "Management"
}
```
下面的示例显示了一个 CloudTrail 日志条目,该条目演示了 [BatchCreateRumMetricsDefinitions](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_BatchCreateRumMetricsDefinitions.html) 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::777777777777:assumed-role/EXAMPLE",
"accountId": "777777777777",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:iam::777777777777:role/EXAMPLE",
"accountId": "777777777777",
"userName": "USERNAME_EXAMPLE"
},
"attributes": {
"creationDate": "2024-07-23T16:48:47Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-07-23T18:23:11Z",
"eventSource": "rum.amazonaws.com",
"eventName": "BatchCreateRumMetricDefinitions",
"awsRegion": "us-east-1",
"sourceIPAddress": "52.94.133.142",
"userAgent": "aws-cli/2.13.25 Python/3.11.5 Linux/5.10.219-186.866.amzn2int.x86_64 exe/x86_64.amzn.2 prompt/off command/rum.batch-create-rum-metric-definitions",
"requestParameters": {
"Destination": "CloudWatch",
"MetricDefinitions": [
{
"Name": "NavigationToleratedTransaction",
"Namespace": "AWS/RUM",
"DimensionKeys": {
"metadata.browserName": "BrowserName"
},
"EventPattern": "{\"metadata\":{\"browserName\":[\"Chrome\"]},\"event_type\":[\"com.amazon.rum.performance_navigation_event\"],\"event_details\": {\"duration\": [{\"numeric\": [\"<=\",2000,\"<\",8000]}]}}"
},
{
"Name": "HttpErrorCount",
"DimensionKeys": {
"metadata.browserName": "BrowserName",
"metadata.countryCode": "CountryCode"
},
"EventPattern": "{\"metadata\":{\"browserName\":[\"Chrome\"], \"countryCode\":[\"US\"]},\"event_type\":[\"com.amazon.rum.http_event\"]}"
}
],
"AppMonitorName": "TestAppMonitor"
},
"responseElements": {
"Errors": [],
"MetricDefinitions": []
},
"requestID": "b14c5eda-f107-48e5-afae-1ac20d0962a8",
"eventID": "001b55c6-1de1-48c0-a236-31096dffe249",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "777777777777",
"eventCategory": "Management"
}
```
## CloudTrail 中的 CloudWatch RUM 数据面板事件
CloudTrail 可以捕获与 CloudWatch RUM 数据面板操作 [PutRumEvents](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_PutRumEvents.html) 相关的 API 活动。
[数据事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events)也称为数据面板操作,可让您深入了解在资源上或资源内执行的资源操作。数据事件通常是高容量活动。
要在 CloudTrail 中启用 **PutRumEvents** 数据事件日志记录,需要在 CloudTrail 中启用数据面板 API 活动日志记录。有关更多信息,请参阅[记录数据事件用于跟踪](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html)。
可以按资源类型筛选数据面板事件。由于在 CloudTrail 中使用数据事件会产生额外费用,因此按资源筛选可以让您更好地控制自己记录和支付费用的内容。
使用 CloudTrail 收集的信息,可以确定向 CloudWatch RUM **PutRumEvents** API 发出的特定请求、请求者的 IP 地址、请求者的身份以及请求的日期和时间。使用 CloudTrail 记录 **PutRumEvents** API 可帮助您实现 AWS 账户的运营和风险审计、治理与合规性。
以下示例显示一个 CloudTrail 日志条目,该条目演示 [PutRumEvents](https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_PutRumEvents.html) 操作。
```
{
"Records": [
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::777777777777:assumed-role/EXAMPLE",
"accountId": "777777777777",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:iam::777777777777:role/EXAMPLE",
"accountId": "777777777777",
"userName": "USERNAME_EXAMPLE"
},
"attributes": {
"creationDate": "2024-05-16T20:32:39Z",
"mfaAuthenticated": "false"
}
},
"invokedBy": "AWS Internal"
},
"eventTime": "2024-05-16T20:32:42Z",
"eventSource": "rum.amazonaws.com",
"eventName": "PutRumEvents",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "AWS Internal",
"requestParameters": {
"id": "73ddbd81-1234-5678-b246-123456789",
"batchId": "123456-3dd0-4ada-b246-123456789",
"appMonitorDetails": {
"name": "APP-MONITOR-NAME",
"id": "123456-3dd0-4ada-b246-123456789",
"version": "1.0.0"
},
"userDetails": {
"userId": "73ddbd81-1111-9999-b246-123456789",
"sessionId": "a1b2c3456-15db-4f87-6789-123456789"
},
"rumEvents": [
{
"id": "201f367a-15db-1234-94a4-123456789",
"timestamp": "May 16, 2024, 8:32:20 PM",
"type": "com.amazon.rum.dom_event",
"metadata": "{}",
"details": "{}"
}
]
},
"responseElements": null,
"requestID": "201ed5f3-15db-4f87-94a4-123456789",
"eventID": "73ddbd81-3dd0-4ada-b246-123456789",
"readOnly": false,
"resources": [
{
"accountId": "777777777777",
"type": "AWS::RUM::AppMonitor",
"ARN": "arn:aws:rum:us-east-1:777777777777:appmonitor/APPMONITOR_NAME_EXAMPLE"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "777777777777",
"eventCategory": "Data"
}
]
}
```
## CloudTrail 中的网络综合监测仪信息
网络综合监测仪支持将以下操作作为事件记录到 CloudTrail 日志文件中:
+ [CreateMonitor](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_CreateMonitor.html)
+ [CreateProbe](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_CreateProbe.html)
+ [DeleteMonitor](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_DeleteMonitor.html)
+ [DeleteProbe](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_DeleteProbe.html)
+ [GetMonitor](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_GetMonitor.html)
+ [GetProbe](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_GetProbe.html)
+ [ListMonitors](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_ListMonitors.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_ListTagsForResource.html)
+ [TagResource](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_UntagResource.html)
+ [UpdateMonitor](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_UpdateMonitor.html)
+ [UpdateProbe](https://docs.aws.amazon.com/networkmonitor/latest/APIReference/API_UpdateProbe.html)
### 示例:网络综合监测仪日志文件条目
以下示例显示了一个网络综合监测仪 CloudTrail 日志条目,该条目演示的是 `CreateMonitor` 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:assumed-role/role_name",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:role/Admin",
"accountId": "111122223333",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-11-03T15:43:27Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-11-03T15:58:11Z",
"eventSource": "networksynthetics.amazonaws.com",
"eventName": "CreateMonitor",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"requestParameters": {
"MonitorName": "TestNetworkSyntheticMonitor",
"ClientToken": "33551db7-1618-4aab-cdef-EXAMPLE33333"
},
"responseElements": {
"MonitorArn": "arn:aws:networksynthetics:us-east-1:111122223333:monitor/TestNetworkSyntheticMonitor",
"MonitorName": "TestNetworkSyntheticMonitor",
"MonitorStatus": "ACTIVE"
},
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
## CloudTrail 中的 CloudWatch Observability Access Manager 信息
CloudWatch Observability Access Manager 支持将以下操作作为事件记录到 CloudTrail 日志文件:
+ [CreateLink](https://docs.aws.amazon.com/OAM/latest/APIReference/API_CreateLink.html)
+ [CreateSink](https://docs.aws.amazon.com/OAM/latest/APIReference/API_CreateSink.html)
+ [DeleteLink](https://docs.aws.amazon.com/OAM/latest/APIReference/API_DeleteLink.html)
+ [DeleteSink](https://docs.aws.amazon.com/OAM/latest/APIReference/API_DeleteSink.html)
+ [GetLink](https://docs.aws.amazon.com/OAM/latest/APIReference/API_GetLink.html)
+ [GetSink](https://docs.aws.amazon.com/OAM/latest/APIReference/API_GetSink.html)
+ [GetSinkPolicy](https://docs.aws.amazon.com/OAM/latest/APIReference/API_GetSinkPolicy.html)
+ [ListAttachedLinks](https://docs.aws.amazon.com/OAM/latest/APIReference/API_ListAttachedLinks.html)
+ [ListLinks](https://docs.aws.amazon.com/OAM/latest/APIReference/API_ListLinks.html)
+ [ListSinks](https://docs.aws.amazon.com/OAM/latest/APIReference/API_ListSinks.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/OAM/latest/APIReference/API_ListTagsForResource.html)
+ [PutSinkPolicy](https://docs.aws.amazon.com/OAM/latest/APIReference/API_PutSinkPolicy.html)
+ [TagResource](https://docs.aws.amazon.com/OAM/latest/APIReference/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/OAM/latest/APIReference/API_UntagResource.html)
+ [UpdateLink](https://docs.aws.amazon.com/OAM/latest/APIReference/API_UpdateLink.html)
### 示例:CloudWatch Observability Access Manager 日志文件条目
以下示例显示了一个 CloudWatch Observability Access Manager CloudTrail 日志条目,该条目演示的是 `CreateSink` 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:assumed-role/role_name",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:role/Admin",
"accountId": "111122223333",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-11-03T15:43:27Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-11-03T15:58:11Z",
"eventSource": "oam.amazonaws.com",
"eventName": "CreateSink",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"requestParameters": {
"Name": "TestObservabilitySink"
},
"responseElements": {
"Arn": "arn:aws:oam:us-east-1:111122223333:sink/TestObservabilitySink",
"Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Name": "TestObservabilitySink"
},
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
## CloudTrail 中的 CloudWatch Observability Admin 信息
CloudWatch Observability Admin 支持将以下操作作为事件记录到 CloudTrail 日志文件中:
+ [GetTelemetryEvaluationStatus](https://docs.aws.amazon.com/cloudwatch/latest/observabilityadmin/API_GetTelemetryEvaluationStatus.html)
+ [GetTelemetryEvaluationStatusForOrganization](https://docs.aws.amazon.com/cloudwatch/latest/observabilityadmin/API_GetTelemetryEvaluationStatusForOrganization.html)
+ [ListResourceTelemetry](https://docs.aws.amazon.com/cloudwatch/latest/observabilityadmin/API_ListResourceTelemetry.html)
+ [ListResourceTelemetryForOrganization](https://docs.aws.amazon.com/cloudwatch/latest/observabilityadmin/API_ListResourceTelemetryForOrganization.html)
+ [StartTelemetryEvaluation](https://docs.aws.amazon.com/cloudwatch/latest/observabilityadmin/API_StartTelemetryEvaluation.html)
+ [StartTelemetryEvaluationForOrganization](https://docs.aws.amazon.com/cloudwatch/latest/observabilityadmin/API_StartTelemetryEvaluationForOrganization.html)
+ [StopTelemetryEvaluation](https://docs.aws.amazon.com/cloudwatch/latest/observabilityadmin/API_StopTelemetryEvaluation.html)
+ [StopTelemetryEvaluationForOrganization](https://docs.aws.amazon.com/cloudwatch/latest/observabilityadmin/API_StopTelemetryEvaluationForOrganization.html)
### 示例:CloudWatch Observability Admin 日志文件条目
以下示例显示了一个 CloudWatch Observability Admin CloudTrail 日志条目,该条目演示的是 `StartTelemetryEvaluation` 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:assumed-role/role_name",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:role/Admin",
"accountId": "111122223333",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-11-03T15:43:27Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-11-03T15:58:11Z",
"eventSource": "observabilityadmin.amazonaws.com",
"eventName": "StartTelemetryEvaluation",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"requestParameters": {},
"responseElements": null,
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
## CloudTrail 中的 CloudWatch Application Signals 信息
CloudWatch Application Signals 支持将以下操作作为事件记录到 CloudTrail 日志文件中:
+ [BatchGetServiceLevelObjectiveBudgetReport](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_BatchGetServiceLevelObjectiveBudgetReport.html)
+ [BatchUpdateExclusionWindows](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_BatchUpdateExclusionWindows.html)
+ [CreateServiceLevelObjective](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_CreateServiceLevelObjective.html)
+ [DeleteServiceLevelObjective](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_DeleteServiceLevelObjective.html)
+ [GetService](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_GetService.html)
+ [GetServiceLevelObjective](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_GetServiceLevelObjective.html)
+ [ListServiceDependencies](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_ListServiceDependencies.html)
+ [ListServiceDependents](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_ListServiceDependents.html)
+ [ListServiceLevelObjectives](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_ListServiceLevelObjectives.html)
+ [ListServiceOperations](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_ListServiceOperations.html)
+ [ListServices](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_ListServices.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_ListTagsForResource.html)
+ [StartDiscovery](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_StartDiscovery.html)
+ [TagResource](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_UntagResource.html)
+ [UpdateServiceLevelObjective](https://docs.aws.amazon.com/applicationsignals/latest/APIReference/API_UpdateServiceLevelObjective.html)
### 示例:CloudWatch Application Signals 日志文件条目
以下示例显示了一个 CloudWatch Application Signals CloudTrail 日志条目,该条目演示的是 `CreateServiceLevelObjective` 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:assumed-role/role_name",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:role/Admin",
"accountId": "111122223333",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-11-03T15:43:27Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-11-03T15:58:11Z",
"eventSource": "applicationsignals.amazonaws.com",
"eventName": "CreateServiceLevelObjective",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"requestParameters": {
"Name": "TestSLO",
"Description": "Test Service Level Objective"
},
"responseElements": {
"Arn": "arn:aws:applicationsignals:us-east-1:111122223333:slo/TestSLO"
},
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
## CloudTrail 中的 CloudWatch Application Insights 信息
CloudWatch Application Insights 支持将以下操作作为事件记录到 CloudTrail 日志文件中:
+ [AddWorkload](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_AddWorkload.html)
+ [CreateApplication](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_CreateApplication.html)
+ [CreateComponent](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_CreateComponent.html)
+ [CreateLogPattern](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_CreateLogPattern.html)
+ [DeleteApplication](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DeleteApplication.html)
+ [DeleteComponent](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DeleteComponent.html)
+ [DeleteLogPattern](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DeleteLogPattern.html)
+ [DescribeApplication](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DescribeApplication.html)
+ [DescribeComponent](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DescribeComponent.html)
+ [DescribeComponentConfiguration](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DescribeComponentConfiguration.html)
+ [DescribeComponentConfigurationRecommendation](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DescribeComponentConfigurationRecommendation.html)
+ [DescribeLogPattern](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DescribeLogPattern.html)
+ [DescribeObservation](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DescribeObservation.html)
+ [DescribeProblem](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DescribeProblem.html)
+ [DescribeProblemObservations](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DescribeProblemObservations.html)
+ [DescribeWorkload](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_DescribeWorkload.html)
+ [ListApplications](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_ListApplications.html)
+ [ListComponents](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_ListComponents.html)
+ [ListConfigurationHistory](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_ListConfigurationHistory.html)
+ [ListLogPatterns](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_ListLogPatterns.html)
+ [ListLogPatternSets](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_ListLogPatternSets.html)
+ [ListProblems](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_ListProblems.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_ListTagsForResource.html)
+ [ListWorkloads](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_ListWorkloads.html)
+ [RemoveWorkload](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_RemoveWorkload.html)
+ [TagResource](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_UntagResource.html)
+ [UpdateApplication](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_UpdateApplication.html)
+ [UpdateComponent](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_UpdateComponent.html)
+ [UpdateComponentConfiguration](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_UpdateComponentConfiguration.html)
+ [UpdateLogPattern](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_UpdateLogPattern.html)
+ [UpdateProblem](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_UpdateProblem.html)
+ [UpdateWorkload](https://docs.aws.amazon.com/cloudwatch/latest/APIReference/API_UpdateWorkload.html)
### 示例:CloudWatch Application Insights 日志文件条目
以下示例显示了一个 CloudWatch Application Insights CloudTrail 日志条目,该条目演示了 `CreateApplication` 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:assumed-role/role_name",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:role/Admin",
"accountId": "111122223333",
"userName": "SAMPLE_NAME"
},
"attributes": {
"creationDate": "2024-11-03T15:43:27Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-11-03T15:58:11Z",
"eventSource": "applicationinsights.amazonaws.com",
"eventName": "CreateApplication",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"requestParameters": {
"ResourceGroupName": "TestApplicationResourceGroup"
},
"responseElements": {
"ApplicationInfo": {
"ResourceGroupName": "TestApplicationResourceGroup",
"LifeCycle": "ACTIVE"
}
},
"requestID": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```