本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
这些示例显示了轮换操作的 AWS CloudTrail 日志条目 AWS KMS keys。有关轮换 KMS 密钥的信息,请参阅 旋转 AWS KMS keys。
以下示例显示了轮换启用了自动密钥轮换的对称加密 KMS 密钥的操作的 CloudTrail 日志条目。有关启用自动轮换的信息,请参阅旋转 AWS KMS keys。
有关记录EnableKeyRotation操作的 CloudTrail 日志条目的示例,请参见EnableKeyRotation。
{
"eventVersion": "1.08",
"userIdentity": {
"accountId": "111122223333",
"invokedBy": "AWS Internal"
},
"eventTime": "2021-01-14T01:41:59Z",
"eventSource": "kms.amazonaws.com",
"eventName": "RotateKey",
"awsRegion": "us-west-2",
"sourceIPAddress": "AWS Internal",
"userAgent": "AWS Internal",
"requestParameters": null,
"responseElements": null,
"eventID": "a24b3967-ddad-417f-9b22-2332b918db06",
"readOnly": false,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
],
"eventType": "AwsServiceEvent",
"recipientAccountId": "111122223333",
"serviceEventDetails": {
"rotationType": "AUTOMATIC",
"keyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
},
"eventCategory": "Management"
}以下示例显示了RotateKeyOnDemand操作的 CloudTrail 日志条目。有关按需轮换对称加密 KMS 密钥的信息,请参阅执行按需密钥轮换。
有关记录RotateKeyOnDemand操作的 CloudTrail 日志条目的示例,请参见RotateKeyOnDemand。
{
"eventVersion": "1.08",
"userIdentity": {
"accountId": "111122223333",
"invokedBy": "AWS Internal"
},
"eventTime": "2021-01-14T01:41:59Z",
"eventSource": "kms.amazonaws.com",
"eventName": "RotateKey",
"awsRegion": "us-west-2",
"sourceIPAddress": "AWS Internal",
"userAgent": "AWS Internal",
"requestParameters": null,
"responseElements": null,
"eventID": "a24b3967-ddad-417f-9b22-2332b918db06",
"readOnly": false,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
],
"eventType": "AwsServiceEvent",
"recipientAccountId": "111122223333",
"serviceEventDetails": {
"rotationType": "ON_DEMAND",
"keyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
},
"eventCategory": "Management"
}