本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
这些示例显示了ScheduleKeyDeletion操作的 AWS CloudTrail 日志条目。
有关删除密钥时写入的 CloudTrail 日志条目的示例,请参见DeleteKey。关于删除 AWS KMS keys的信息,请查阅 删除一个 AWS KMS key。
以下示例记录对单区域 KMS 密钥的 ScheduleKeyDeletion 请求。
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:user/Alice",
"accountId": "111122223333",
"accessKeyId": "EXAMPLE_KEY_ID",
"userName": "Alice"
},
"eventTime": "2021-03-23T18:58:30Z",
"eventSource": "kms.amazonaws.com",
"eventName": "ScheduleKeyDeletion",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "AWS Internal",
"requestParameters": {
"pendingWindowInDays": 20,
"keyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
},
"responseElements": {
"keyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
"keyState": "PendingDeletion",
"deletionDate": "Apr 12, 2021 18:58:30 PM"
},
"requestID": "ee408f36-ea01-422b-ac14-b0f147c68334",
"eventID": "3c4226b0-1e81-48a8-a333-7fa5f3cbd118",
"readOnly": false,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
],
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
}以下示例记录对拥有副本密钥的多区域 KMS 密钥的 ScheduleKeyDeletion 请求。
因为在删除多区域密钥的所有副本密钥之前 AWS KMS 不会将其删除,因此在responseElements字段中,省略了 keyState is PendingReplicaDeletion 和 the deletionDate 字段。
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:user/Alice",
"accountId": "111122223333",
"accessKeyId": "EXAMPLE_KEY_ID",
"userName": "Alice"
},
"eventTime": "2021-10-28T17:59:05Z",
"eventSource": "kms.amazonaws.com",
"eventName": "ScheduleKeyDeletion",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.0",
"userAgent": "AWS Internal",
"requestParameters": {
"pendingWindowInDays": 30,
"keyId": "mrk-1234abcd12ab34cd56ef1234567890ab"
},
"responseElements": {
"keyId": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
"keyState": "PendingReplicaDeletion",
"pendingWindowInDays": 30
},
"requestID": "12341411-d846-42a6-a476-b1cbe3011f89",
"eventID": "abcda5f-396d-494c-9380-0c47860df5f1",
"readOnly": false,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab"
}
],
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}以下示例在 AWS CloudHSM 自定义密钥存储中记录了对 KMS 密钥的ScheduleKeyDeletion请求。
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:user/Alice",
"accountId": "111122223333",
"accessKeyId": "EXAMPLE_KEY_ID",
"userName": "Alice"
},
"eventTime": "2021-10-26T23:25:25Z",
"eventSource": "kms.amazonaws.com",
"eventName": "ScheduleKeyDeletion",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.0",
"userAgent": "AWS Internal",
"requestParameters": {
"keyId": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
"pendingWindowInDays": 30
},
"responseElements": {
"keyId": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
"deletionDate": "Nov 2, 2021, 11:25:25 PM",
"keyState": "PendingDeletion",
"pendingWindowInDays": 30
},
"additionalEventData": {
"customKeyStoreId": "cks-1234567890abcdef0",
"clusterId": "cluster-1a23b4cdefg",
"backingKeys": "[{\"backingKeyId\":\"backing-key-id\"}]"
},
"requestID": "abcd9f60-2c9c-4a0b-a456-d5d998f7f321",
"eventID": "ca01996a-01b0-4edd-bbbb-25d7b6d1a6fa",
"readOnly": false,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321"
}
],
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}