了解智能卡用户的 AWS 登录事件 - Amazon WorkSpaces

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

了解智能卡用户的 AWS 登录事件

AWS CloudTrail 记录智能卡用户的成功和失败登录事件。这包括每次提示用户解决特定凭证问题或因素时捕获的登录事件,以及该特定凭证验证请求的状态。用户只有在完成所有必需的凭证质疑后才能登录,这会导致系统记录 UserAuthentication 事件日志。

下表记录了每个登录 CloudTrail 事件的名称及其用途。

事件名称 活动目的

CredentialChallenge

通知 AWS 登录已请求用户解决特定的凭据质疑,并指定所需的凭证(例如 SMARTCARD)。CredentialType

CredentialVerification

通知用户已尝试解决特定 CredentialChallenge 请求,并指定该凭证是成功还是失败。

UserAuthentication

通知用户受到质疑的所有身份验证要求均已成功完成,并且用户已成功登录。当用户未能成功完成所需的凭证质疑时,不会记录 UserAuthentication 事件日志。

下表捕获了特定登录事件中包含的其他有用 CloudTrail 事件数据字段。

事件名称 活动目的 登录事件的适用性 示例值

AuthWorkflowID

关联整个登录序列中发出的所有事件。对于每位用户登录, AWS 登录可发出多个事件。

CredentialChallenge, CredentialVerification, UserAuthentication

“AuthWorkflowID”:“9de74b32-8362-4a01-a524-de21df59fd83”

CredentialType

通知用户已尝试解决特定 CredentialChallenge 请求,并指定该凭证是成功还是失败。

CredentialChallenge, CredentialVerification, UserAuthentication

CredentialType“: “智能卡”(今天可能的值:智能卡)

LoginTo

通知用户受到质疑的所有身份验证要求均已成功完成,并且用户已成功登录。当用户未能成功完成所需的凭证质疑时,不会记录 UserAuthentication 事件日志。

UserAuthentication

LoginTo“:” https://skylight.local”

AWS 登录场景的示例事件

以下示例显示了不同登录场景的预期 CloudTrail 事件顺序。

使用智能卡进行身份验证时成功登录

以下事件序列捕获了成功登录智能卡的示例。

CredentialChallenge
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:29Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialChallenge", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "CredentialType": "SMARTCARD" }, "requestID": "65551a6d-654a-4be8-90b5-bbfef7187d3a", "eventID": "fb603838-f119-4304-9fdc-c0f947a82116", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialChallenge": "Success" } }
成功的 CredentialVerification
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:39Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialVerification", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "CredentialType": "SMARTCARD" }, "requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5", "eventID": "84c0a2ff-413f-4d0f-9108-f72c90a41b6c", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialVerification": "Success" } }
成功的 UserAuthentication
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:39Z", "eventSource": "signin.amazonaws.com", "eventName": "UserAuthentication", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "LoginTo": "https://skylight.local", "CredentialType": "SMARTCARD" }, "requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5", "eventID": "acc0dba8-8e8b-414b-a52d-6b7cd51d38f6", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { UserAuthentication": "Success" } }

仅使用智能卡进行身份验证时登录失败

以下事件序列捕获了登录智能卡失败的示例。

CredentialChallenge
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:06Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialChallenge", "awaRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb", "CredentialType": "SMARTCARD" }, "requestID": "73eb499d-91a8-4c18-9c5d-281fd45ab50a", "eventID": "f30a50ec-71cf-415a-a5ab-e287edc800da", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialChallenge": "Success" } }
失败了 CredentialVerification
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:13Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialVerification", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb", "CredentialType": "SMARTCARD" }, "requestID": "051ca316-0b0d-4d38-940b-5fe5794fda03", "eventID": "4e6fbfc7-0479-48da-b7dc-e875155a8177", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialVerification": "Failure" } }