监控 Amazon EBS 快照锁 - Amazon EBS
监视器使用 CloudTrail监视器使用 EventBridge

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

监控 Amazon EBS 快照锁

您可以使用以下工具监控与 Amazon EBS 快照锁定相关的操作:

使用监控亚马逊EBS快照锁定 AWS CloudTrail

您可以将快照锁定API调用作为事件进行监视,包括来自控制台的调用和对的代码调用APIs。使用收集到的信息 CloudTrail,您可以确定发出的请求、发出请求的 IP 地址、谁发出了请求、何时发出请求以及其他详细信息。

有关更多信息,请参阅使用记录API呼叫 AWS CloudTrail

使用亚马逊监控亚马逊EBS快照锁定 EventBridge

Amazon 会EBS发出与快照锁定操作相关的事件。您可以使用 AWS Lambda 和 Amazon EventBridge 以编程方式处理事件通知。尽最大努力发出事件。有关更多信息,请参阅 Amazon EventBridge 用户指南

系统将发出以下事件:

  • 成功在监管或合规模式下锁定快照。

    {
  "version": "0", 
  "id": "01234567-01234-0123-0123-012345678901", 
  "detail-type": "EBS Snapshot Notification", 
  "source": "aws.ec2", 
  "account": "012345678901", 
  "time": "yyyy-mm-ddThh:mm:ssZ", 
  "region": "us-east-1", 
  "resources": [
    "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef" 
  ], 
  "detail": {
    "event": "lockSnapshot", 
    "result": "succeeded", 
    "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef", 
    "source": 012345678901, 
    "lockState": "compliance-cooloff", 
    "lockCreatedOn": "yyyy-mm-ddThh:mm:ssZ", 
    "lockExpiresOn": "yyyy-mm-ddThh:mm:ssZ",
    "lockDuration": 123, 
    "lockStartDurationTime": "yyyy-mm-ddThh:mm:ssZ", 
    "cooOffPeriod": 24, 
    "coolOffPeriodExpiresOn": "yyyy-mm-ddThh:mm:ssZ"
  } 
}

  • 当快照处于 pending 状态且被锁定时,锁定事件失败,而且快照无法达到 completed 状态。

    {
  "version": "0", 
  "id": "01234567-01234-0123-0123-012345678901", 
  "detail-type": "EBS Snapshot Notification", 
  "source": "aws.ec2", 
  "account": "012345678901", 
  "time": "yyyy-mm-ddThh:mm:ssZ", 
  "region": "us-east-1", 
  "resources": [
    "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef"
  ], 
  "detail": {
    "event": "lockSnapshot", 
    "result": "failed", 
    "cause": "snapshot failed", 
    "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef", 
    "lockState": "pending-compliance", 
    "lockCreatedOn": "yyyy-mm-ddThh:mm:ssZ",
    "lockDuration": 123, 
    "lockStartDurationTime": "yyyy-mm-ddThh:mm:ssZ", 
    "cooOffPeriod": 24, 
    "coolOffPeriodExpiresOn": "yyyy-mm-ddThh:mm:ssZ" 
  }
}

  • 锁定已过期

    {
  "version": "0", 
  "id": "01234567-01234-0123-0123-012345678901", 
  "detail-type": "EBS Snapshot Notification", 
  "source": "aws.ec2", 
  "account": "012345678901", 
  "time": "yyyy-mm-ddThh:mm:ssZ", 
  "region": "us-east-1", 
  "resources": [
    "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef"
  ], 
  "detail": {
    "event": "lockDurationExpiry", 
    "result": "succeeded", 
    "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef", 
    "lockState": "expired", 
    "lockCreatedOn": "yyyy-mm-ddThh:mm:ssZ", 
    "lockExpiresOn": "yyyy-mm-ddThh:mm:ssZ", 
    "lockDuration": 123
  }
}

  • 在合规模式下锁定之后,冷静期已过期。

    {
  "version": "0", 
  "id": "01234567-01234-0123-0123-012345678901", 
  "detail-type": "EBS Snapshot Notification", 
  "source": "aws.ec2", 
  "account": "012345678901", 
  "time": "yyyy-mm-ddThh:mm:ssZ", 
  "region": "us-east-1", 
  "resources": [ 
    "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef" 
  ], 
  "detail": {
    "event": "cooloffperiodExpiry", 
    "result": "succeeded", 
    "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef", 
    "lockState": "compliance", 
    "lockCreatedOn": "yyyy-mm-ddThh:mm:ssZ", 
    "lockExpiresOn": "yyyy-mm-ddThh:mm:ssZ",
    "lockDuration": 123, 
    "lockStartDurationTime": "yyyy-mm-ddThh:mm:ssZ", 
    "cooOffPeriod": 24, 
    "coolOffPeriodExpiresOn": "yyyy-mm-ddThh:mm:ssZ"
  }
}