本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
这些示例显示了CreateKey操作的 AWS CloudTrail 日志条目。
CreateKey日志条目可能源于CreateKey请求或对ReplicateKey请求的CreateKey操作。
以下示例显示了创建对称加密 KMS 密钥的CreateKey操作的 CloudTrail 日志条目。有关创建 KMS 密钥的信息,请参阅 创建 KMS 密钥。
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:user/Alice",
"accountId": "111122223333",
"accessKeyId": "EXAMPLE_KEY_ID",
"userName": "Alice"
},
"eventTime": "2022-08-10T22:38:27Z",
"eventSource": "kms.amazonaws.com",
"eventName": "CreateKey",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.0",
"userAgent": "AWS Internal",
"requestParameters": {
"description": "",
"origin": "EXTERNAL",
"bypassPolicyLockoutSafetyCheck": false,
"customerMasterKeySpec": "SYMMETRIC_DEFAULT",
"keySpec": "SYMMETRIC_DEFAULT",
"keyUsage": "ENCRYPT_DECRYPT"
},
"responseElements": {
"keyMetadata": {
"AWSAccountId": "111122223333",
"keyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
"arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
"creationDate": "Aug 10, 2022, 10:38:27 PM",
"enabled": false,
"description": "",
"keyUsage": "ENCRYPT_DECRYPT",
"keyState": "PendingImport",
"origin": "EXTERNAL",
"keyManager": "CUSTOMER",
"customerMasterKeySpec": "SYMMETRIC_DEFAULT",
"keySpec": "SYMMETRIC_DEFAULT",
"encryptionAlgorithms": [
"SYMMETRIC_DEFAULT"
],
"multiRegion": false
}
},
"requestID": "1aef6713-0223-4ff7-9a6d-781360521930",
"eventID": "36327b37-f4f6-40a9-92ab-48064ec905a2",
"readOnly": false,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
],
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}以下示例显示了在密钥存储中创建对称加密 KMS 密钥的CreateKey操作的 CloudTrail AWS CloudHSM 日志。
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:user/Alice",
"accountId": "111122223333",
"accessKeyId": "EXAMPLE_KEY_ID",
"userName": "Alice"
},
"eventTime": "2021-10-14T17:39:50Z",
"eventSource": "kms.amazonaws.com",
"eventName": "CreateKey",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.0",
"userAgent": "AWS Internal",
"requestParameters": {
"keyUsage": "ENCRYPT_DECRYPT",
"bypassPolicyLockoutSafetyCheck": false,
"origin": "AWS_CLOUDHSM",
"keySpec": "SYMMETRIC_DEFAULT",
"customerMasterKeySpec": "SYMMETRIC_DEFAULT",
"customKeyStoreId": "cks-1234567890abcdef0",
"description": ""
},
"responseElements": {
"keyMetadata": {
"aWSAccountId": "111122223333",
"keyId": "0987dcba-09fe-87dc-65ba-ab0987654321",
"arn": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
"creationDate": "Oct 14, 2021, 5:39:50 PM",
"enabled": true,
"description": "",
"keyUsage": "ENCRYPT_DECRYPT",
"keyState": "Enabled",
"origin": "AWS_CLOUDHSM",
"customKeyStoreId": "cks-1234567890abcdef0",
"cloudHsmClusterId": "cluster-1a23b4cdefg",
"keyManager": "CUSTOMER",
"customerMasterKeySpec": "SYMMETRIC_DEFAULT",
"keySpec": "SYMMETRIC_DEFAULT",
"encryptionAlgorithms": [
"SYMMETRIC_DEFAULT"
],
"multiRegion": false
}
},
"additionalEventData": {
"backingKey": "{\"backingKeyId\":\"backing-key-id\"}"
},
"requestID": "4f0b185c-588c-4767-9e90-c618f7e13cad",
"eventID": "c73964b8-703d-49e4-bd9e-f773d0ee1e65",
"readOnly": false,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321"
}
],
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}以下示例显示了在外部密钥存储中创建对称加密 KMS 密钥的CreateKey操作的 CloudTrail 日志。
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:user/Alice",
"accountId": "111122223333",
"accessKeyId": "EXAMPLE_KEY_ID",
"userName": "Alice"
},
"eventTime": "2022-09-07T22:37:45Z",
"eventSource": "kms.amazonaws.com",
"eventName": "CreateKey",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "AWS Internal",
"requestParameters": {
"tags": [],
"keyUsage": "ENCRYPT_DECRYPT",
"description": "",
"origin": "EXTERNAL_KEY_STORE",
"multiRegion": false,
"keySpec": "SYMMETRIC_DEFAULT",
"customerMasterKeySpec": "SYMMETRIC_DEFAULT",
"bypassPolicyLockoutSafetyCheck": false,
"customKeyStoreId": "cks-1234567890abcdef0",
"xksKeyId": "bb8562717f809024"
},
"responseElements": {
"keyMetadata": {
"aWSAccountId": "111122223333",
"keyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
"arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
"creationDate": "Dec 7, 2022, 10:37:45 PM",
"enabled": true,
"description": "",
"keyUsage": "ENCRYPT_DECRYPT",
"keyState": "Enabled",
"origin": "EXTERNAL_KEY_STORE",
"customKeyStoreId": "cks-1234567890abcdef0",
"keyManager": "CUSTOMER",
"customerMasterKeySpec": "SYMMETRIC_DEFAULT",
"keySpec": "SYMMETRIC_DEFAULT",
"encryptionAlgorithms": [
"SYMMETRIC_DEFAULT"
],
"multiRegion": false,
"xksKeyConfiguration": {
"id": "bb8562717f809024"
}
}
},
"requestID": "ba197c82-3ac7-487a-8ff4-7736bbeb1316",
"eventID": "838ad5f4-5fdd-4044-afd7-4dbd88c6af56",
"readOnly": false,
"resources": [
{
"accountId": "227179770375",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-east-1:227179770375:key/39c5eb22-f37c-4956-92ca-89e8f8b57ab2"
}
],
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
} 