本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# 使用 記錄 Amazon ECR 動作 AWS CloudTrail
<a name="logging-using-cloudtrail"></a>

Amazon ECR 已與 服務整合 AWS CloudTrail，此服務提供使用者、角色或 AWS 服務在 Amazon ECR 中所採取動作的記錄。CloudTrail 會將下列 Amazon ECR 動作擷取為事件：
+ 所有 API 呼叫，包括來自 Amazon ECR 主控台的呼叫
+ 由於儲存庫上的加密設定而採取的所有動作
+ 根據生命週期政策規則採取的所有動作，包括成功和失敗的動作
**重要**  
由於個別 CloudTrail 事件的大小限制，對於有 10 個或更多映像過期的生命週期政策動作，Amazon ECR 會向 CloudTrail 發送多個事件。此外，Amazon ECR 每個映像最多包含 100 個標籤。

建立追蹤後，便可將 CloudTrail 事件持續交付至 Amazon S3 儲存貯體，包括 Amazon ECR 的事件。即使您未設定追蹤，依然可以透過 CloudTrail 主控台中的**事件歷史記錄**檢視最新事件。使用此資訊，您就可以判斷傳送至 Amazon ECR 的請求、提出請求的 IP 地址、提出請求的對象、提出請求的時間，以及其他詳細資訊。

如需詳細資訊，請參閱《AWS CloudTrail 使用者指南》[https://docs.aws.amazon.com/awscloudtrail/latest/userguide/](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/)。

## CloudTrail 中的 Amazon ECR 資訊
<a name="service-name-info-in-cloudtrail"></a>

當您建立 AWS 帳戶時，會在您的帳戶上啟用 CloudTrail。在 Amazon ECR 中發生活動時，該活動將與 **Event history** (事件歷史紀錄) 中的其他 AWS 服務事件一起記錄在 CloudTrail 事件中。您可以在 AWS 帳戶中檢視、搜尋和下載最近的事件。如需詳細資訊，請參閱《使用 CloudTrail 事件歷史記錄檢視事件》[https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html)。

若要持續記錄您 AWS 帳戶中的事件，包括 Amazon ECR 的事件，請建立追蹤。線索能讓 CloudTrail 將日誌檔案交付至 Amazon S3 儲存貯體。當您在主控台建立追蹤記錄時，可以將追蹤記錄套用至單一區域或所有區域。線索會記錄 AWS 分割區中的事件，並將日誌檔案交付至您指定的 Amazon S3 儲存貯體。此外，您可以設定其他 AWS 服務，以分析和處理 CloudTrail 日誌中所收集的事件資料。如需詳細資訊，請參閱：
+ [為 AWS 您的帳戶建立追蹤](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [AWS 服務與 CloudTrail 日誌的整合](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations)
+ [設定 CloudTrail 的 Amazon SNS 通知](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_notifications_top_level.html)
+ [接收多個區域的 CloudTrail 日誌檔案](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html)及[接收多個帳戶的 CloudTrail 日誌檔案](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)

CloudTrail 會記錄所有 Amazon ECR API 動作，並記錄在 [Amazon Elastic Container Registry API 參考](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/)中。執行常見任務時，CloudTrail 日誌檔案中會為屬於該任務的每個 API 動作產生不同區段。例如，建立儲存庫時，會在 CloudTrail 日誌檔案中產生 `GetAuthorizationToken`、`CreateRepository` 及 `SetRepositoryPolicy` 區段。當您將映像推送到儲存庫 、`InitiateLayerUpload`、`PutImage`、 和 `UploadLayerPart` `CompleteLayerUpload`時，如果啟用 Blob 掛載，就會產生`MountLayer`區段。提取映像時，會產生 `GetDownloadUrlForLayer` 和 `BatchGetImage` 區段。當您封存或還原時，會產生映像`UpdateImageStorageClass`區段。當支援 OCI 1.1規格的OCI用戶端使用 Referrers API 擷取映像的參考者清單或參考成品時，會發出 `ListImageReferrers` CloudTrail 事件。如需這些常見任務的範例，請參閱[CloudTrail 日誌項目範例](#cloudtrail-examples)。

每一筆事件或日誌專案都會包含產生請求者的資訊。身分資訊可協助您判斷下列事項：
+ 該請求是否使用根或 使用者登入資料提出
+ 提出該請求時，是否使用了特定角色或聯合身分使用者的臨時安全憑證
+ 請求是否由其他 AWS 服務提出

如需詳細資訊，請參閱 [CloudTrail `userIdentity` 元素](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。

## 了解 Amazon ECR 日誌檔案項目
<a name="understanding-service-name-entries"></a>

追蹤是一種組態，能讓事件以日誌檔案的形式交付到您指定的 Amazon S3 儲存貯體。CloudTrail 日誌檔案包含一或多個日誌專案。一個事件為任何來源提出的單一請求，並包含請求動作、請求的日期和時間、請求參數等其他資訊。CloudTrail 日誌檔案並非依公有 API 呼叫追蹤記錄的堆疊排序，因此不會以任何特定順序出現。

### CloudTrail 日誌項目範例
<a name="cloudtrail-examples"></a>

以下是一些常見 Amazon ECR 任務的 CloudTrail 日誌項目範例。

這些範例已格式化，以提升可讀性。在 CloudTrail 日誌檔案中，所有項目和事件會合併為單一列。此外，這個範例中受限於單一 Amazon ECR 項目。在真正的 CloudTrail 日誌檔案中，您會看到來自多個 AWS 服務的項目和事件。

**重要**  
**sourceIPAddress** 是提出請求的 IP 地址。對於源自 服務主控台的動作，報告的地址適用於您的基礎資源，而不是主控台 Web 伺服器。對於 中的服務 AWS，只會顯示 DNS 名稱。即使已修訂為 AWS 服務 DNS 名稱，我們仍會使用用戶端來源 IP 來評估身分驗證。

**Topics**
+ [範例：建立儲存庫動作](#cloudtrail-examples-create-repository)
+ [範例： AWS KMS `CreateGrant`建立 Amazon ECR 儲存庫時的 API 動作](#cloudtrail-examples-create-repository-kms)
+ [範例：映像推送動作](#cloudtrail-examples-push-image)
+ [範例：映像提取動作](#cloudtrail-examples-image-pull)
+ [範例：映像生命週期政策動作](#cloudtrail-examples-lcp)
+ [範例：映像封存動作](#cloudtrail-examples-image-archive)
+ [範例：映像還原動作](#cloudtrail-examples-image-restore)
+ [範例：映像參考程式動作](#cloudtrail-examples-image-referrers-action)

#### 範例：建立儲存庫動作
<a name="cloudtrail-examples-create-repository"></a>

以下範例顯示的是展示 `CreateRepository` 動作的 CloudTrail 日誌項目。

```
{
    "eventVersion": "1.04",
    "userIdentity": {
        "type": "AssumedRole",
        "principalId": "AIDACKCEVSQ6C2EXAMPLE:account_name",
        "arn": "arn:aws:sts::123456789012:user/Mary_Major",
        "accountId": "123456789012",
        "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
        "sessionContext": {
            "attributes": {
                "mfaAuthenticated": "false",
                "creationDate": "2018-07-11T21:54:07Z"
            },
            "sessionIssuer": {
                "type": "Role",
                "principalId": "AIDACKCEVSQ6C2EXAMPLE",
                "arn": "arn:aws:iam::123456789012:role/Admin",
                "accountId": "123456789012",
                "userName": "Admin"
            }
        }
    },
    "eventTime": "2018-07-11T22:17:43Z",
    "eventSource": "ecr.amazonaws.com",
    "eventName": "CreateRepository",
    "awsRegion": "us-east-2",
    "sourceIPAddress": "203.0.113.12",
    "userAgent": "console.amazonaws.com",
    "requestParameters": {
        "repositoryName": "testrepo"
    },
    "responseElements": {
        "repository": {
            "repositoryArn": "arn:aws:ecr:us-east-2:123456789012:repository/testrepo",
            "repositoryName": "testrepo",
            "repositoryUri": "123456789012.dkr.ecr.us-east-2.amazonaws.com/testrepo",
            "createdAt": "Jul 11, 2018 10:17:44 PM",
            "registryId": "123456789012"
        }
    },
    "requestID": "cb8c167e-EXAMPLE",
    "eventID": "e3c6f4ce-EXAMPLE",
    "resources": [
        {
            "ARN": "arn:aws:ecr:us-east-2:123456789012:repository/testrepo",
            "accountId": "123456789012"
        }
    ],
    "eventType": "AwsApiCall",
    "recipientAccountId": "123456789012"
}
```

#### 範例： AWS KMS `CreateGrant`建立 Amazon ECR 儲存庫時的 API 動作
<a name="cloudtrail-examples-create-repository-kms"></a>

下列範例顯示 CloudTrail 日誌項目，在建立已啟用 KMS 加密的 Amazon ECR 儲存庫時示範 AWS KMS `CreateGrant`動作。對於使用 KMS 加密建立的每個儲存庫都已啟用，您應該會在 CloudTrail 中看到兩個`CreateGrant`日誌項目。

```
{
    "eventVersion": "1.05",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "AIDAIEP6W46J43IG7LXAQ",
        "arn": "arn:aws:iam::123456789012:user/Mary_Major",
        "accountId": "123456789012",
        "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
        "userName": "Mary_Major",
        "sessionContext": {
            "sessionIssuer": {
                
            },
            "webIdFederationData": {
                
            },
            "attributes": {
                "mfaAuthenticated": "false",
                "creationDate": "2020-06-10T19:22:10Z"
            }
        },
        "invokedBy": "AWS Internal"
    },
    "eventTime": "2020-06-10T19:22:10Z",
    "eventSource": "kms.amazonaws.com",
    "eventName": "CreateGrant",
    "awsRegion": "us-west-2",
    "sourceIPAddress": "203.0.113.12",
    "userAgent": "console.amazonaws.com",
    "requestParameters": {
        "keyId": "4b55e5bf-39c8-41ad-b589-18464af7758a",
        "granteePrincipal": "ecr.us-west-2.amazonaws.com",
        "operations": [
            "GenerateDataKey",
            "Decrypt"
        ],
        "retiringPrincipal": "ecr.us-west-2.amazonaws.com",
        "constraints": {
            "encryptionContextSubset": {
                "aws:ecr:arn": "arn:aws:ecr:us-west-2:123456789012:repository/testrepo"
            }
        }
    },
    "responseElements": {
        "grantId": "3636af9adfee1accb67b83941087dcd45e7fadc4e74ff0103bb338422b5055f3"
    },
    "requestID": "047b7dea-b56b-4013-87e9-a089f0f6602b",
    "eventID": "af4c9573-c56a-4886-baca-a77526544469",
    "readOnly": false,
    "resources": [
        {
            "accountId": "123456789012",
            "type": "AWS::KMS::Key",
            "ARN": "arn:aws:kms:us-west-2:123456789012:key/4b55e5bf-39c8-41ad-b589-18464af7758a"
        }
    ],
    "eventType": "AwsApiCall",
    "recipientAccountId": "123456789012"
}
```

#### 範例：映像推送動作
<a name="cloudtrail-examples-push-image"></a>

下列範例顯示 CloudTrail 日誌項目，此項目示範了使用 `PutImage` 動作的映像推送。

**注意**  
推送映像時，您也會在 CloudTrail 日誌中看到 `InitiateLayerUpload`、`UploadLayerPart` 和 `CompleteLayerUpload` 參考。

```
{
    "eventVersion": "1.04",
    "userIdentity": {
    "type": "IAMUser",
    "principalId": "AIDACKCEVSQ6C2EXAMPLE:account_name",
    "arn": "arn:aws:sts::123456789012:user/Mary_Major",
    "accountId": "123456789012",
    "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
		"userName": "Mary_Major",
		"sessionContext": {
			"attributes": {
				"mfaAuthenticated": "false",
				"creationDate": "2019-04-15T16:42:14Z"
			}
		}
	},
	"eventTime": "2019-04-15T16:45:00Z",
	"eventSource": "ecr.amazonaws.com",
	"eventName": "PutImage",
	"awsRegion": "us-east-2",
	"sourceIPAddress": "AWS Internal",
	"userAgent": "AWS Internal",
	"requestParameters": {
		"repositoryName": "testrepo",
		"imageTag": "latest",
		"registryId": "123456789012",
		"imageManifest": "{\n   \"schemaVersion\": 2,\n   \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n   \"config\": {\n      \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n      \"size\": 5543,\n      \"digest\": \"sha256:000b9b805af1cdb60628898c9f411996301a1c13afd3dbef1d8a16ac6dbf503a\"\n   },\n   \"layers\": [\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 43252507,\n         \"digest\": \"sha256:3b37166ec61459e76e33282dda08f2a9cd698ca7e3d6bc44e6a6e7580cdeff8e\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 846,\n         \"digest\": \"sha256:504facff238fde83f1ca8f9f54520b4219c5b8f80be9616ddc52d31448a044bd\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 615,\n         \"digest\": \"sha256:ebbcacd28e101968415b0c812b2d2dc60f969e36b0b08c073bf796e12b1bb449\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 850,\n         \"digest\": \"sha256:c7fb3351ecad291a88b92b600037e2435c84a347683d540042086fe72c902b8a\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 168,\n         \"digest\": \"sha256:2e3debadcbf7e542e2aefbce1b64a358b1931fb403b3e4aeca27cb4d809d56c2\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 37720774,\n         \"digest\": \"sha256:f8c9f51ad524d8ae9bf4db69cd3e720ba92373ec265f5c390ffb21bb0c277941\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 30432107,\n         \"digest\": \"sha256:813a50b13f61cf1f8d25f19fa96ad3aa5b552896c83e86ce413b48b091d7f01b\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 197,\n         \"digest\": \"sha256:7ab043301a6187ea3293d80b30ba06c7bf1a0c3cd4c43d10353b31bc0cecfe7d\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 154,\n         \"digest\": \"sha256:67012cca8f31dc3b8ee2305e7762fee20c250513effdedb38a1c37784a5a2e71\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 176,\n         \"digest\": \"sha256:3bc892145603fffc9b1c97c94e2985b4cb19ca508750b15845a5d97becbd1a0e\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 183,\n         \"digest\": \"sha256:6f1c79518f18251d35977e7e46bfa6c6b9cf50df2a79d4194941d95c54258d18\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 212,\n         \"digest\": \"sha256:b7bcfbc2e2888afebede4dd1cd5eebf029bb6315feeaf0b56e425e11a50afe42\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 212,\n         \"digest\": \"sha256:2b220f8b0f32b7c2ed8eaafe1c802633bbd94849b9ab73926f0ba46cdae91629\"\n      }\n   ]\n}"
	},
	"responseElements": {
		"image": {
			"repositoryName": "testrepo",
			"imageManifest": "{\n   \"schemaVersion\": 2,\n   \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n   \"config\": {\n      \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n      \"size\": 5543,\n      \"digest\": \"sha256:000b9b805af1cdb60628898c9f411996301a1c13afd3dbef1d8a16ac6dbf503a\"\n   },\n   \"layers\": [\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 43252507,\n         \"digest\": \"sha256:3b37166ec61459e76e33282dda08f2a9cd698ca7e3d6bc44e6a6e7580cdeff8e\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 846,\n         \"digest\": \"sha256:504facff238fde83f1ca8f9f54520b4219c5b8f80be9616ddc52d31448a044bd\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 615,\n         \"digest\": \"sha256:ebbcacd28e101968415b0c812b2d2dc60f969e36b0b08c073bf796e12b1bb449\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 850,\n         \"digest\": \"sha256:c7fb3351ecad291a88b92b600037e2435c84a347683d540042086fe72c902b8a\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 168,\n         \"digest\": \"sha256:2e3debadcbf7e542e2aefbce1b64a358b1931fb403b3e4aeca27cb4d809d56c2\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 37720774,\n         \"digest\": \"sha256:f8c9f51ad524d8ae9bf4db69cd3e720ba92373ec265f5c390ffb21bb0c277941\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 30432107,\n         \"digest\": \"sha256:813a50b13f61cf1f8d25f19fa96ad3aa5b552896c83e86ce413b48b091d7f01b\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 197,\n         \"digest\": \"sha256:7ab043301a6187ea3293d80b30ba06c7bf1a0c3cd4c43d10353b31bc0cecfe7d\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 154,\n         \"digest\": \"sha256:67012cca8f31dc3b8ee2305e7762fee20c250513effdedb38a1c37784a5a2e71\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 176,\n         \"digest\": \"sha256:3bc892145603fffc9b1c97c94e2985b4cb19ca508750b15845a5d97becbd1a0e\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 183,\n         \"digest\": \"sha256:6f1c79518f18251d35977e7e46bfa6c6b9cf50df2a79d4194941d95c54258d18\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 212,\n         \"digest\": \"sha256:b7bcfbc2e2888afebede4dd1cd5eebf029bb6315feeaf0b56e425e11a50afe42\"\n      },\n      {\n         \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n         \"size\": 212,\n         \"digest\": \"sha256:2b220f8b0f32b7c2ed8eaafe1c802633bbd94849b9ab73926f0ba46cdae91629\"\n      }\n   ]\n}",
			"registryId": "123456789012",
			"imageId": {
				"imageDigest": "sha256:98c8b060c21d9adbb6b8c41b916e95e6307102786973ab93a41e8b86d1fc6d3e",
				"imageTag": "latest"
			}
		}
	},
	"requestID": "cf044b7d-5f9d-11e9-9b2a-95983139cc57",
	"eventID": "2bfd4ee2-2178-4a82-a27d-b12939923f0f",
	"resources": [{
		"ARN": "arn:aws:ecr:us-east-2:123456789012:repository/testrepo",
		"accountId": "123456789012"
	}],
	"eventType": "AwsApiCall",
	"recipientAccountId": "123456789012"
}
```

#### 範例：映像提取動作
<a name="cloudtrail-examples-image-pull"></a>

下列範例顯示 CloudTrail 日誌項目，此項目示範了使用 `BatchGetImage` 動作的映像提取。

**注意**  
提取映像時，如果您在本機尚未有映像，則也會在 CloudTrail 日誌中看到 `GetDownloadUrlForLayer` 參考。

```
{
    "eventVersion": "1.04",
    "userIdentity": {
    "type": "IAMUser",
    "principalId": "AIDACKCEVSQ6C2EXAMPLE:account_name",
    "arn": "arn:aws:sts::123456789012:user/Mary_Major",
    "accountId": "123456789012",
    "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
		"userName": "Mary_Major",
		"sessionContext": {
			"attributes": {
				"mfaAuthenticated": "false",
				"creationDate": "2019-04-15T16:42:14Z"
			}
		}
	},
	"eventTime": "2019-04-15T17:23:20Z",
	"eventSource": "ecr.amazonaws.com",
	"eventName": "BatchGetImage",
	"awsRegion": "us-east-2",
	"sourceIPAddress": "ecr.amazonaws.com",
	"userAgent": "ecr.amazonaws.com",
	"requestParameters": {
		"imageIds": [{
			"imageTag": "latest"
		}],
		"acceptedMediaTypes": [
			"application/json",
			"application/vnd.oci.image.manifest.v1+json",
			"application/vnd.oci.image.index.v1+json",
			"application/vnd.docker.distribution.manifest.v2+json",
			"application/vnd.docker.distribution.manifest.list.v2+json",
			"application/vnd.docker.distribution.manifest.v1+prettyjws"
		],
		"repositoryName": "testrepo",
		"registryId": "123456789012"
	},
	"responseElements": null,
	"requestID": "2a1b97ee-5fa3-11e9-a8cd-cd2391aeda93",
	"eventID": "c84f5880-c2f9-4585-9757-28fa5c1065df",
	"resources": [{
		"ARN": "arn:aws:ecr:us-east-2:123456789012:repository/testrepo",
		"accountId": "123456789012"
	}],
	"eventType": "AwsApiCall",
	"recipientAccountId": "123456789012"
}
```

#### 範例：映像生命週期政策動作
<a name="cloudtrail-examples-lcp"></a>

以下範例顯示 CloudTrail 日誌項目，其示範映像何時會因為生命週期政策規則而導致過期。您可以藉由為事件名稱欄位篩選 `PolicyExecutionEvent`，找出事件類型。

當您測試生命週期政策預覽時，Amazon ECR 會產生事件名稱欄位為 的 CloudTrail 日誌項目`DryRunEvent`，其結構與 完全相同`PolicyExecutionEvent`。透過將事件名稱變更為 `DryRunEvent`，您可以改為篩選乾執行事件。

**重要**  
由於個別 CloudTrail 事件的大小限制，對於有 10 個或更多映像過期的生命週期政策動作，Amazon ECR 會向 CloudTrail 發送多個事件。此外，Amazon ECR 每個映像最多包含 100 個標籤。

```
{
    "eventVersion": "1.05",
    "userIdentity": {
        "accountId": "123456789012",
        "invokedBy": "AWS Internal"
    },
    "eventTime": "2020-03-12T20:22:12Z",
    "eventSource": "ecr.amazonaws.com",
    "eventName": "PolicyExecutionEvent",
    "awsRegion": "us-west-2",
    "sourceIPAddress": "AWS Internal",
    "userAgent": "AWS Internal",
    "requestParameters": null,
    "responseElements": null,
    "eventID": "9354dd7f-9aac-4e9d-956d-12561a4923aa",
    "readOnly": true,
    "resources": [
        {
            "ARN": "arn:aws:ecr:us-west-2:123456789012:repository/testrepo",
            "accountId": "123456789012",
            "type": "AWS::ECR::Repository"
        }
    ],
    "eventType": "AwsServiceEvent",
    "recipientAccountId": "123456789012",
    "serviceEventDetails": {
        "repositoryName": "testrepo",
        "lifecycleEventPolicy": {
            "lifecycleEventRules": [
                {
                    "rulePriority": 1,
                    "description": "remove all images > 2",
                    "lifecycleEventSelection": {
                        "tagStatus": "Any",
                        "tagPrefixList": [],
                        "countType": "Image count more than",
                        "countNumber": 2
                    },
                    "action": "expire"
                }
            ],
            "lastEvaluatedAt": 0,
            "policyVersion": 1,
            "policyId": "ceb86829-58e7-9498-920c-aa042e33037b"
        },
        "lifecycleEventImageActions": [
            {
                "lifecycleEventImage": {
                    "digest": "sha256:ddba4d27a7ffc3f86dd6c2f92041af252a1f23a8e742c90e6e1297bfa1bc0c45",
                    "tagStatus": "Tagged",
                    "tagList": [
                        "alpine"
                    ],
                    "pushedAt": 1584042813000
                },
                "rulePriority": 1
            },
            {
                "lifecycleEventImage": {
                    "digest": "sha256:6ab380c5a5acf71c1b6660d645d2cd79cc8ce91b38e0352cbf9561e050427baf",
                    "tagStatus": "Tagged",
                    "tagList": [
                        "centos"
                    ],
                    "pushedAt": 1584042842000
                },
                "rulePriority": 1
            }
        ],
        "lifecycleEventFailureDetails": [
            {
                "lifecycleEventImage": {
                    "digest": "sha256:9117e1bc28cd20751e584b4ccd19b1178d14cf02d134b04ce6be0cc51bff762a",
                    "tagStatus": "Untagged",
                    "tagList": [],
                    "pushedAt": 1584042844000
                },
                "rulePriority": 1,
                "failureCode": "ImageReferencedByManifestList",
                "failureReason": "Requested image referenced by manifest list: [sha256:4b27c83d44a18c31543039d9e8b2786043ec6c8d00804d5800c5148d6b6f65bc]"
            }
        ]
    }
}
```

#### 範例：映像封存動作
<a name="cloudtrail-examples-image-archive"></a>

下列範例顯示 CloudTrail 日誌項目，示範使用 `UpdateImageStorageClass`動作將 `targetStorageClass`設定為 來封存映像`ARCHIVE`。

```
{
    "eventVersion": "1.11",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "AIDACKCEVSQ6C2EXAMPLE:account_name",
        "arn": "arn:aws:sts::123456789012:user/Mary_Major",
        "accountId": "123456789012",
        "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
		"userName": "Mary_Major",
		"sessionContext": {
			"attributes": {
				"mfaAuthenticated": "false",
				"creationDate": "2019-04-15T16:42:14Z"
			}
		}
	},
	"eventTime": "2019-04-15T16:45:00Z",
	"eventSource": "ecr.amazonaws.com",
	"eventName": "UpdateImageStorageClass",
	"awsRegion": "us-east-2",
	"sourceIPAddress": "AWS Internal",
	"userAgent": "AWS Internal",
	"requestParameters": {
		"repositoryName": "testrepo",
		"imageId": {
			"imageDigest": "sha256:98c8b060c21d9adbb6b8c41b916e95e6307102786973ab93a41e8b86d1fc6d3e"
		},
		"targetStorageClass": "ARCHIVE",
		"registryId": "123456789012"
	},
	"responseElements": {
		"image": {
			"registryId": "123456789012",
			"repositoryName": "testrepo",
			"imageId": {
				"imageDigest": "sha256:98c8b060c21d9adbb6b8c41b916e95e6307102786973ab93a41e8b86d1fc6d3e"
			},
			"imageStatus": "ARCHIVED"
		}
	},
	"requestID": "cf044b7d-EXAMPLE",
	"eventID": "2bfd4ee2-EXAMPLE",
	"readOnly": false,
	"resources": [{
		"ARN": "arn:aws:ecr:us-east-2:123456789012:repository/testrepo",
		"accountId": "123456789012"
	}],
	"eventType": "AwsApiCall",
	"managementEvent": true,
	"recipientAccountId": "123456789012",
	"eventCategory": "Management"
}
```

#### 範例：映像還原動作
<a name="cloudtrail-examples-image-restore"></a>

下列範例顯示示範正在還原映像的 CloudTrail 日誌項目。當您還原封存的映像時，會產生兩個事件：

1. 啟動還原時的 API 呼叫事件

1. 非同步還原操作完成時的服務事件

**API 呼叫事件 （還原啟動）**

下列範例顯示初始 API 呼叫，以使用 `UpdateImageStorageClass`動作將 `targetStorageClass` 設定為 來還原映像`STANDARD`。回應會將影像狀態顯示為 `ACTIVATING`。

```
{
    "eventVersion": "1.11",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "AIDACKCEVSQ6C2EXAMPLE:account_name",
        "arn": "arn:aws:sts::123456789012:user/Mary_Major",
        "accountId": "123456789012",
        "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
		"userName": "Mary_Major",
		"sessionContext": {
			"attributes": {
				"mfaAuthenticated": "false",
				"creationDate": "2019-04-15T16:42:14Z"
			}
		}
	},
	"eventTime": "2019-04-15T16:45:00Z",
	"eventSource": "ecr.amazonaws.com",
	"eventName": "UpdateImageStorageClass",
	"awsRegion": "us-east-2",
	"sourceIPAddress": "AWS Internal",
	"userAgent": "AWS Internal",
	"requestParameters": {
		"repositoryName": "testrepo",
		"imageId": {
			"imageDigest": "sha256:98c8b060c21d9adbb6b8c41b916e95e6307102786973ab93a41e8b86d1fc6d3e"
		},
		"targetStorageClass": "STANDARD",
		"registryId": "123456789012"
	},
	"responseElements": {
		"image": {
			"registryId": "123456789012",
			"repositoryName": "testrepo",
			"imageId": {
				"imageDigest": "sha256:98c8b060c21d9adbb6b8c41b916e95e6307102786973ab93a41e8b86d1fc6d3e"
			},
			"imageStatus": "ACTIVATING"
		}
	},
	"requestID": "cf044b7d-EXAMPLE",
	"eventID": "2bfd4ee2-EXAMPLE",
	"readOnly": false,
	"resources": [{
		"ARN": "arn:aws:ecr:us-east-2:123456789012:repository/testrepo",
		"accountId": "123456789012"
	}],
	"eventType": "AwsApiCall",
	"managementEvent": true,
	"recipientAccountId": "123456789012",
	"eventCategory": "Management"
}
```

**服務事件 （還原完成）**

下列範例顯示非同步還原操作完成時產生的服務事件。您可以藉由為事件名稱欄位篩選 `ImageActivationEvent`，找出事件類型。`serviceEventDetails` 區段包含還原結果和最終影像狀態。

```
{
    "eventVersion": "1.11",
    "userIdentity": {
        "accountId": "123456789012",
        "invokedBy": "AWS Internal"
    },
    "eventTime": "2020-03-12T20:22:12Z",
    "eventSource": "ecr.amazonaws.com",
    "eventName": "ImageActivationEvent",
    "awsRegion": "us-west-2",
    "sourceIPAddress": "AWS Internal",
    "userAgent": "AWS Internal",
    "requestParameters": null,
    "responseElements": null,
    "eventID": "9354dd7f-EXAMPLE",
    "readOnly": true,
    "resources": [
        {
            "ARN": "arn:aws:ecr:us-west-2:123456789012:repository/testrepo",
            "accountId": "123456789012",
            "type": "AWS::ECR::Repository"
        }
    ],
    "eventType": "AwsServiceEvent",
    "managementEvent": true,
    "recipientAccountId": "123456789012",
    "serviceEventDetails": {
        "repositoryName": "testrepo",
        "imageDigest": "sha256:98c8b060c21d9adbb6b8c41b916e95e6307102786973ab93a41e8b86d1fc6d3e",
        "targetStorageClass": "STANDARD",
        "result": "SUCCESS",
        "imageStatus": "ACTIVE"
    },
    "eventCategory": "Management"
}
```

#### 範例：映像參考程式動作
<a name="cloudtrail-examples-image-referrers-action"></a>

下列範例顯示 AWS CloudTrail 日誌項目，示範OCI 1.1合規用戶端何時使用 `Referrers` API 擷取映像的參考者或參考成品清單。

```
{
    "eventVersion": "1.08",
    "userIdentity": {
        "type": "AssumedRole",
        "principalId": "AIDACKCEVSQ6C2EXAMPLE:account_name",
        "arn": "arn:aws:sts::123456789012:user/Mary_Major",
        "accountId": "123456789012",
        "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
        "sessionContext": {
            "sessionIssuer": {
                "type": "Role",
                "principalId": "AIDACKCEVSQ6C2EXAMPLE",
                "arn": "arn:aws:iam::123456789012:role/Admin",
                "accountId": "123456789012",
                "userName": "Admin"
            },
            "webIdFederationData": {},
            "attributes": {
                "creationDate": "2024-10-08T16:38:39Z",
                "mfaAuthenticated": "false"
            },
            "ec2RoleDelivery": "2.0"
        },
        "invokedBy": "ecr.amazonaws.com"
    },
    "eventTime": "2024-10-08T17:22:51Z",
    "eventSource": "ecr.amazonaws.com",
    "eventName": "ListImageReferrers",
    "awsRegion": "us-east-2",
    "sourceIPAddress": "ecr.amazonaws.com",
    "userAgent": "ecr.amazonaws.com",
    "requestParameters": {
        "registryId": "123456789012",
        "repositoryName": "testrepo",
        "subjectId": {
            "imageDigest": "sha256:000b9b805af1cdb60628898c9f411996301a1c13afd3dbef1d8a16ac6dbf503a"
        },
        "nextToken": "urD72mdD/mC8b5-EXAMPLE"
    },
    "responseElements": null,
    "requestID": "cb8c167e-EXAMPLE",
    "eventID": "e3c6f4ce-EXAMPLE",
    "readOnly": true,
    "resources": [
        {
            "accountId": "123456789012",
            "ARN": "arn:aws:ecr:us-east-2:123456789012:repository/testrepo"
        }
    ],
    "eventType": "AwsApiCall",
    "managementEvent": true,
    "recipientAccountId": "123456789012",
    "eventCategory": "Management"
}
```