本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
RotateKey
这些示例显示用于轮换 AWS KMS keys 的操作的 AWS CloudTrail 日志条目。有关轮换 KMS 密钥的信息,请参阅 轮换 AWS KMS keys。
以下示例显示了一个轮换对称加密 KMS 密钥且启用了自动密钥轮换的操作的 CloudTrail 日志条目。有关启用自动轮换的信息,请参阅轮换 AWS KMS keys。
有关记录 EnableKeyRotation 操作的 CloudTrail 日志条目的示例,请参阅 EnableKeyRotation。
{ "eventVersion": "1.08", "userIdentity": { "accountId": "111122223333", "invokedBy": "AWS Internal" }, "eventTime": "2021-01-14T01:41:59Z", "eventSource": "kms.amazonaws.com", "eventName": "RotateKey", "awsRegion": "us-west-2", "sourceIPAddress": "AWS Internal", "userAgent": "AWS Internal", "requestParameters": null, "responseElements": null, "eventID": "a24b3967-ddad-417f-9b22-2332b918db06", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "111122223333", "serviceEventDetails": { "rotationType": "AUTOMATIC", "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "eventCategory": "Management" }
以下示例显示了 RotateKeyOnDemand 操作的 CloudTrail 日志条目。有关按需轮换对称加密 KMS 密钥的信息,请参阅执行按需密钥轮换。
有关记录 RotateKeyOnDemand 操作的 CloudTrail 日志条目的示例,请参阅 RotateKeyOnDemand。
{ "eventVersion": "1.08", "userIdentity": { "accountId": "111122223333", "invokedBy": "AWS Internal" }, "eventTime": "2021-01-14T01:41:59Z", "eventSource": "kms.amazonaws.com", "eventName": "RotateKey", "awsRegion": "us-west-2", "sourceIPAddress": "AWS Internal", "userAgent": "AWS Internal", "requestParameters": null, "responseElements": null, "eventID": "a24b3967-ddad-417f-9b22-2332b918db06", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "111122223333", "serviceEventDetails": { "rotationType": "ON_DEMAND", "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "eventCategory": "Management" }
