**引入全新的主机体验 AWS WAF**
现在,您可以使用更新的体验访问控制台中任意位置的 AWS WAF 功能。有关更多详细信息,请参阅[使用控制台](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-console.html)。
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 使用 记录 AWS CloudTrail API 调用
AWS WAF AWS Shield Advanced、并 AWS Firewall Manager 与 AWS CloudTrail一项服务集成,该服务提供用户、角色或 AWS 服务所采取的操作的记录。 CloudTrail 将这些服务的 API 调用子集捕获为事件,包括来自 Shield Advanced 或 Firewall Manager 控制台的调用 AWS WAF,以及来自对 Shield Advanced 或 Firewall Manager 的代码调用的调用 APIs。 AWS WAF如果您创建跟踪,则可以允许将 CloudTrail 事件持续传输到 Amazon S3 存储桶,包括 Shield Advanced 或 Firewall Manager 的事件。 AWS WAF如果您未配置跟踪,您仍然可以在 CloudTrail 控制台的 “事件**历史记录” 中查看最新的事件**。使用收集到的信息 CloudTrail,您可以确定向这些服务发出的请求、发出请求的 IP 地址、谁发出了请求、何时发出请求以及其他详细信息。
要了解更多信息 CloudTrail,包括如何配置和启用它,请参阅《[AWS CloudTrail 用户指南》](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/)。
CloudTrail 在您创建账户 AWS 账户 时已在您的账户上启用。当支持的事件活动发生在 AWS WAF、Shield Advanced 或 Firewall Manager 中时,该活动将与其他 AWS 服务 CloudTrail事件一起记录在**事件历史**记录中。您可以在中查看、搜索和下载最近发生的事件 AWS 账户。有关更多信息,请参阅[使用事件历史记录查看 CloudTrail 事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html)。
要持续记录您的事件 AWS 账户,包括 Shield Advanced 或 AWS WAF Firewall Manager 的事件,请创建跟踪。跟踪允许 CloudTrail 将日志文件传输到 Amazon S3 存储桶。在控制台创建跟踪时,跟踪默认应用于所有区域。跟踪记录 AWS 分区中所有区域的事件,并将日志文件传送到您指定的 Amazon S3 存储桶。此外,您可以配置其他 AWS 服务,以进一步分析和处理 CloudTrail 日志中收集的事件数据。有关更多信息,请参阅下列内容:
+ [创建跟踪概述](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail 支持的服务和集成](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations)
+ [配置 Amazon SNS 通知 CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_notifications_top_level.html)
+ [接收来自多个区域的 CloudTrail 日志文件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html)和[接收来自多个账户的 CloudTrail日志文件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)
# AWS WAF 信息在 AWS CloudTrail
所有 AWS WAF 操作均由《API 参考》记录 AWS CloudTrail 并记录在《[AWS WAF API 参考](https://docs.aws.amazon.com/waf/latest/APIReference/)》中。例如,对 `ListWebACL`、`UpdateWebACL` 和 `DeleteWebACL` 的调用将在 CloudTrail 日志文件中生成条目。
每个事件或日志条目都包含有关生成请求的人员信息。身份信息有助于您确定以下内容:
+ 请求是否使用根用户凭证发出。
+ 请求是使用角色还是联合用户的临时安全凭证发出的
+ 请求是否由其他 AWS 服务发出
有关更多信息,请参阅 [CloudTrail userIdentity 元素](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。
## 跨账户事件 CloudTrail
对于通过基于资源的策略支持跨账户访问的某些 AWS WAF API 操作, CloudTrail 事件会同时记录到调用者账户和资源所有者账户。这适用于以下 API 操作:
+ `CreateWebACL`
+ `UpdateWebACL`
+ `GetWebACL`
+ `GetRuleGroup`
+ `PutFirewallManagerRuleGroups`
在跨账户执行这些操作时,调用者的账户和资源所有者的账户中成功的 API 调用和访问被拒绝的调用都会生成 CloudTrail 事件。
## 示例: AWS WAF 日志文件条目
跟踪是一种配置,允许将事件作为日志文件传输到您指定的 Amazon S3 存储桶。 AWS CloudTrail 日志文件包含一个或多个日志条目。一个事件表示来自任何源的一个请求,包括有关所请求的操作、操作的日期和时间、请求参数等方面的信息。 CloudTrail 日志文件不是公用 API 调用的有序堆栈跟踪,因此它们不会以任何特定顺序显示。
以下是 AWS WAF 保护包 (Web ACL) 操作的 CloudTrail 日志条目示例。
示例:的 CloudTrail 日志条目 `CreateWebACL`
```
{
"eventVersion": "1.05",
"userIdentity": {
"type": "AssumedRole",
"principalId": "principalId",
"arn": "arn:aws:sts::112233445566:assumed-role/Admin",
"accountId": "112233445566",
"accessKeyId": "accessKeyId",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "principalId",
"arn": "arn:aws:iam::112233445566:role/Admin",
"accountId": "112233445566",
"userName": "Admin"
},
"webIdFederationData": {},
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2019-11-06T03:43:07Z"
}
}
},
"eventTime": "2019-11-06T03:44:21Z",
"eventSource": "wafv2.amazonaws.com",
"eventName": "CreateWebACL",
"awsRegion": "us-east-1",
"sourceIPAddress": "10.0.0.1",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36",
"requestParameters": {
"name": "foo",
"scope": "CLOUDFRONT",
"defaultAction": {
"block": {}
},
"description": "foo",
"rules": [
{
"name": "foo",
"priority": 1,
"statement": {
"geoMatchStatement": {
"countryCodes": [
"AF",
"AF"
]
}
},
"action": {
"block": {}
},
"visibilityConfig": {
"sampledRequestsEnabled": true,
"cloudWatchMetricsEnabled": true,
"metricName": "foo"
}
}
],
"visibilityConfig": {
"sampledRequestsEnabled": true,
"cloudWatchMetricsEnabled": true,
"metricName": "foo"
}
},
"responseElements": {
"summary": {
"name": "foo",
"id": "ebbcb976-8d59-4d20-8ca8-4ab2f6b7c07b",
"description": "foo",
"lockToken": "67551e73-49d8-4363-be48-244deea72ea9",
"aRN": "arn:aws:wafv2:us-east-1:112233445566:global/webacl/foo/ebbcb976-8d59-4d20-8ca8-4ab2f6b7c07b"
}
},
"requestID": "c51521ba-3911-45ca-ba77-43aba50471ca",
"eventID": "afd1a60a-7d84-417f-bc9c-7116cf029065",
"eventType": "AwsApiCall",
"apiVersion": "2019-04-23",
"recipientAccountId": "112233445566"
}
```
示例:的 CloudTrail 日志条目 `GetWebACL`
```
{
"eventVersion": "1.05",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AssumedRole",
"arn": "arn:aws:sts::112233445566:assumed-role/Admin/admin",
"accountId": "112233445566",
"accessKeyId": "accessKeyId",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AssumedRole",
"arn": "arn:aws:iam::112233445566:role/Admin",
"accountId": "112233445566",
"userName": "Admin"
},
"webIdFederationData": {},
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2019-11-06T19:17:20Z"
}
}
},
"eventTime": "2019-11-06T19:18:28Z",
"eventSource": "wafv2.amazonaws.com",
"eventName": "GetWebACL",
"awsRegion": "us-east-1",
"sourceIPAddress": "10.0.0.1",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36",
"requestParameters": {
"name": "foo",
"scope": "CLOUDFRONT",
"id": "webacl"
},
"responseElements": null,
"requestID": "f2db4884-4eeb-490c-afe7-67cbb494ce3b",
"eventID": "7d563cd6-4123-4082-8880-c2d1fda4d90b",
"readOnly": true,
"eventType": "AwsApiCall",
"apiVersion": "2019-04-23",
"recipientAccountId": "112233445566"
}
```
示例:的 CloudTrail 日志条目 `UpdateWebACL`
```
{
"eventVersion": "1.05",
"userIdentity": {
"type": "AssumedRole",
"principalId": "principalId",
"arn": "arn:aws:sts::112233445566:assumed-role/Admin",
"accountId": "112233445566",
"accessKeyId": "accessKeyId",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "principalId",
"arn": "arn:aws:iam::112233445566:role/Admin",
"accountId": "112233445566",
"userName": "Admin"
},
"webIdFederationData": {},
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2019-11-06T19:17:20Z"
}
}
},
"eventTime": "2019-11-06T19:20:56Z",
"eventSource": "wafv2.amazonaws.com",
"eventName": "UpdateWebACL",
"awsRegion": "us-east-1",
"sourceIPAddress": "10.0.0.1",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36",
"requestParameters": {
"name": "foo",
"scope": "CLOUDFRONT",
"id": "ebbcb976-8d59-4d20-8ca8-4ab2f6b7c07b",
"defaultAction": {
"block": {}
},
"description": "foo",
"rules": [
{
"name": "foo",
"priority": 1,
"statement": {
"geoMatchStatement": {
"countryCodes": [
"AF"
]
}
},
"action": {
"block": {}
},
"visibilityConfig": {
"sampledRequestsEnabled": true,
"cloudWatchMetricsEnabled": true,
"metricName": "foo"
}
}
],
"visibilityConfig": {
"sampledRequestsEnabled": true,
"cloudWatchMetricsEnabled": true,
"metricName": "foo"
},
"lockToken": "67551e73-49d8-4363-be48-244deea72ea9"
},
"responseElements": {
"nextLockToken": "a6b54c01-7975-4e6d-b7d0-2653cb6e231d"
},
"requestID": "41c96e12-9790-46ab-b145-a230f358f2c2",
"eventID": "517a10e6-4ca9-4828-af90-a5cff9756594",
"eventType": "AwsApiCall",
"apiVersion": "2019-04-23",
"recipientAccountId": "112233445566"
}
```
示例:的 CloudTrail 日志条目 `DeleteWebACL`
```
{
"eventVersion": "1.05",
"userIdentity": {
"type": "AssumedRole",
"principalId": "principalId",
"arn": "arn:aws:sts::112233445566:assumed-role/Admin/session-name",
"accountId": "112233445566",
"accessKeyId": "accessKeyId",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "principalId",
"arn": "arn:aws:iam::112233445566:role/Admin",
"accountId": "112233445566",
"userName": "Admin"
},
"webIdFederationData": {},
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2019-11-06T19:17:20Z"
}
}
},
"eventTime": "2019-11-06T19:25:17Z",
"eventSource": "wafv2.amazonaws.com",
"eventName": "DeleteWebACL",
"awsRegion": "us-east-1",
"sourceIPAddress": "10.0.0.1",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36",
"requestParameters": {
"name": "foo",
"scope": "CLOUDFRONT",
"id": "ebbcb976-8d59-4d20-8ca8-4ab2f6b7c07b",
"lockToken": "a6b54c01-7975-4e6d-b7d0-2653cb6e231d"
},
"responseElements": null,
"requestID": "71703f89-e139-440c-96d4-9c77f4cd7565",
"eventID": "2f976624-b6a5-4a09-a8d0-aa3e9f4e5187",
"eventType": "AwsApiCall",
"apiVersion": "2019-04-23",
"recipientAccountId": "112233445566"
}
```
## 示例: AWS WAF 经典日志文件条目
AWS WAF 经典版是的先前版本 AWS WAF。有关信息,请参阅[AWS WAF 经典](classic-waf-chapter.md)。
日志条目演示了 `CreateRule`、`GetRule`、`UpdateRule` 和 `DeleteRule` 操作:
```
{
"Records": [
{
"eventVersion": "1.03",
"userIdentity": {
"type": "IAMUser",
"principalId": "AIDAIEP4IT4TPDEXAMPLE",
"arn": "arn:aws:iam::777777777777:user/nate",
"accountId": "777777777777",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "nate"
},
"eventTime": "2016-04-25T21:35:14Z",
"eventSource": "waf.amazonaws.com",
"eventName": "CreateRule",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "console.amazonaws.com",
"requestParameters": {
"name": "0923ab32-7229-49f0-a0e3-66c81example",
"changeToken": "l9434322-8685-4ed2-9c5b-9410bexample",
"metricName": "0923ab32722949f0a0e366c81example"
},
"responseElements": {
"rule": {
"metricName": "0923ab32722949f0a0e366c81example",
"ruleId": "12132e64-6750-4725-b714-e7544example",
"predicates": [
],
"name": "0923ab32-7229-49f0-a0e3-66c81example"
},
"changeToken": "l9434322-8685-4ed2-9c5b-9410bexample"
},
"requestID": "4e6b66f9-d548-11e3-a8a9-73e33example",
"eventID": "923f4321-d378-4619-9b72-4605bexample",
"eventType": "AwsApiCall",
"apiVersion": "2015-08-24",
"recipientAccountId": "777777777777"
},
{
"eventVersion": "1.03",
"userIdentity": {
"type": "IAMUser",
"principalId": "AIDAIEP4IT4TPDEXAMPLE",
"arn": "arn:aws:iam::777777777777:user/nate",
"accountId": "777777777777",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "nate"
},
"eventTime": "2016-04-25T21:35:22Z",
"eventSource": "waf.amazonaws.com",
"eventName": "GetRule",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "console.amazonaws.com",
"requestParameters": {
"ruleId": "723c2943-82dc-4bc1-a29b-c7d73example"
},
"responseElements": null,
"requestID": "8e4f3211-d548-11e3-a8a9-73e33example",
"eventID": "an236542-d1f9-4639-bb3d-8d2bbexample",
"eventType": "AwsApiCall",
"apiVersion": "2015-08-24",
"recipientAccountId": "777777777777"
},
{
"eventVersion": "1.03",
"userIdentity": {
"type": "IAMUser",
"principalId": "AIDAIEP4IT4TPDEXAMPLE",
"arn": "arn:aws:iam::777777777777:user/nate",
"accountId": "777777777777",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "nate"
},
"eventTime": "2016-04-25T21:35:13Z",
"eventSource": "waf.amazonaws.com",
"eventName": "UpdateRule",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "console.amazonaws.com",
"requestParameters": {
"ruleId": "7237b123-7903-4d9e-8176-9d71dexample",
"changeToken": "32343a11-35e2-4dab-81d8-6d408example",
"updates": [
{
"predicate": {
"type": "SizeConstraint",
"dataId": "9239c032-bbbe-4b80-909b-782c0example",
"negated": false
},
"action": "INSERT"
}
]
},
"responseElements": {
"changeToken": "32343a11-35e2-4dab-81d8-6d408example"
},
"requestID": "11918283-0b2d-11e6-9ccc-f9921example",
"eventID": "00032abc-5bce-4237-a8ee-5f1a9example",
"eventType": "AwsApiCall",
"apiVersion": "2015-08-24",
"recipientAccountId": "777777777777"
},
{
"eventVersion": "1.03",
"userIdentity": {
"type": "IAMUser",
"principalId": "AIDAIEP4IT4TPDEXAMPLE",
"arn": "arn:aws:iam::777777777777:user/nate",
"accountId": "777777777777",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "nate"
},
"eventTime": "2016-04-25T21:35:28Z",
"eventSource": "waf.amazonaws.com",
"eventName": "DeleteRule",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "console.amazonaws.com",
"requestParameters": {
"changeToken": "fd232003-62de-4ea3-853d-52932example",
"ruleId": "3e3e2d11-fd8b-4333-8b03-1da95example"
},
"responseElements": {
"changeToken": "fd232003-62de-4ea3-853d-52932example"
},
"requestID": "b23458a1-0b2d-11e6-9ccc-f9928example",
"eventID": "a3236565-1a1a-4475-978e-81c12example",
"eventType": "AwsApiCall",
"apiVersion": "2015-08-24",
"recipientAccountId": "777777777777"
}
]
}
```
# AWS Shield Advanced 信息在 CloudTrail
AWS Shield Advanced 支持将以下操作作为事件记录在 CloudTrail 日志文件中:
+ [ListAttacks](https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_ListAttacks.html)
+ [DescribeAttack](https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_DescribeAttack.html)
+ [CreateProtection](https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_CreateProtection.html)
+ [DescribeProtection](https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_DescribeProtection.html)
+ [DeleteProtection](https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_DeleteProtection.html)
+ [ListProtections](https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_ListProtections.html)
+ [CreateSubscription](https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_CreateSubscription.html)
+ [DescribeSubscription](https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_DescribeSubscription.html)
+ [GetSubscriptionState](https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_GetSubscriptionState.html)
每个事件或日志条目都包含有关生成请求的人员信息。身份信息有助于您确定以下内容:
+ 请求是否使用根用户凭证发出。
+ 请求是使用角色还是联合用户的临时安全凭证发出的。
+ 请求是否由其他 AWS 服务发出。
有关更多信息,请参阅 [CloudTrail userIdentity 元素](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。
## 示例:Shield Advanced 日志文件条目
跟踪是一种配置,允许将事件作为日志文件传输到您指定的 Amazon S3 存储桶。 CloudTrail 日志文件包含一个或多个日志条目。事件代表来自任何来源的单个请求,包括有关请求的操作、操作的日期和时间、请求参数等的信息。 CloudTrail 日志文件不是公共 API 调用的有序堆栈跟踪,因此它们不会按任何特定顺序出现。
以下示例显示了一个演示`DeleteProtection`和`ListProtections`操作的 CloudTrail 日志条目。
```
[
{
"eventVersion": "1.05",
"userIdentity": {
"type": "IAMUser",
"principalId": "1234567890987654321231",
"arn": "arn:aws:iam::123456789012:user/SampleUser",
"accountId": "123456789012",
"accessKeyId": "1AFGDT647FHU83JHFI81H",
"userName": "SampleUser"
},
"eventTime": "2018-01-10T21:31:14Z",
"eventSource": "shield.amazonaws.com",
"eventName": "DeleteProtection",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "aws-cli/1.14.10 Python/3.6.4 Darwin/16.7.0 botocore/1.8.14",
"requestParameters": {
"protectionId": "12345678-5104-46eb-bd03-agh4j8rh3b6n"
},
"responseElements": null,
"requestID": "95bc0042-f64d-11e7-abd1-1babdc7aa857",
"eventID": "85263bf4-17h4-43bb-b405-fh84jhd8urhg",
"eventType": "AwsApiCall",
"apiVersion": "AWSShield_20160616",
"recipientAccountId": "123456789012"
},
{
"eventVersion": "1.05",
"userIdentity": {
"type": "IAMUser",
"principalId": "123456789098765432123",
"arn": "arn:aws:iam::123456789012:user/SampleUser",
"accountId": "123456789012",
"accessKeyId": "1AFGDT647FHU83JHFI81H",
"userName": "SampleUser"
},
"eventTime": "2018-01-10T21:30:03Z",
"eventSource": "shield.amazonaws.com",
"eventName": "ListProtections",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "aws-cli/1.14.10 Python/3.6.4 Darwin/16.7.0 botocore/1.8.14",
"requestParameters": null,
"responseElements": null,
"requestID": "6accca40-f64d-11e7-abd1-1bjfi8urhj47",
"eventID": "ac0570bd-8dbc-41ac-a2c2-987j90j3h78f",
"eventType": "AwsApiCall",
"apiVersion": "AWSShield_20160616",
"recipientAccountId": "123456789012"
}
]
```
# AWS Firewall Manager 信息在 CloudTrail
AWS Firewall Manager 支持将以下操作作为事件记录在 CloudTrail 日志文件中:
+ [AssociateAdminAccount](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_AssociateAdminAccount.html)
+ [DeleteNotificationChannel](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_DeleteNotificationChannel.html)
+ [DeletePolicy](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_DeletePolicy.html)
+ [DisassociateAdminAccount](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_DisassociateAdminAccount.html)
+ [PutNotificationChannel](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PutNotificationChannel.html)
+ [PutPolicy](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PutPolicy.html)
+ [GetAdminAccount](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_GetAdminAccount.html)
+ [GetComplianceDetail](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_GetComplianceDetail.html)
+ [GetNotificationChannel](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_GetNotificationChannel.html)
+ [GetPolicy](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_GetPolicy.html)
+ [ListComplianceStatus](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_ListComplianceStatus.html)
+ [ListPolicies](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_ListPolicies.html)
每个事件或日志条目都包含有关生成请求的人员信息。身份信息有助于您确定以下内容:
+ 请求是否使用根用户凭证发出。
+ 请求是使用角色还是联合用户的临时安全凭证发出的。
+ 请求是否由其他 AWS 服务发出。
有关更多信息,请参阅 [CloudTrail userIdentity 元素](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。
## 示例:Firewall Manager 日志文件条目
跟踪是一种配置,允许将事件作为日志文件传输到您指定的 Amazon S3 存储桶。 CloudTrail 日志文件包含一个或多个日志条目。事件代表来自任何来源的单个请求,包括有关请求的操作、操作的日期和时间、请求参数等的信息。 CloudTrail 日志文件不是公共 API 调用的有序堆栈跟踪,因此它们不会按任何特定顺序出现。
以下示例显示了演示 `GetAdminAccount`--> 操作的 CloudTrail 日志条目。
```
{
"eventVersion": "1.05",
"userIdentity": {
"type": "AssumedRole",
"principalId": "1234567890987654321231",
"arn": "arn:aws:sts::123456789012:assumed-role/Admin/SampleUser",
"accountId": "123456789012",
"accessKeyId": "1AFGDT647FHU83JHFI81H",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2018-04-14T02:51:50Z"
},
"sessionIssuer": {
"type": "Role",
"principalId": "1234567890987654321231",
"arn": "arn:aws:iam::123456789012:role/Admin",
"accountId": "123456789012",
"userName": "Admin"
}
}
},
"eventTime": "2018-04-14T03:12:35Z",
"eventSource": "fms.amazonaws.com",
"eventName": "GetAdminAccount",
"awsRegion": "us-east-1",
"sourceIPAddress": "72.21.198.65",
"userAgent": "console.amazonaws.com",
"requestParameters": null,
"responseElements": null,
"requestID": "ae244f41-3f91-11e8-787b-dfaafef95fc1",
"eventID": "5769af1e-14b1-4bd1-ba75-f023981d0a4a",
"eventType": "AwsApiCall",
"apiVersion": "2018-01-01",
"recipientAccountId": "123456789012"
}
```