本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 在 AWS CloudTrail 中監控 Amazon RDS API 呼叫
AWS CloudTrail 是一項可協助您稽核 AWS 帳戶的 AWS 服務。AWS CloudTrail 會在您建立 AWS 帳戶時開啟。如需有關 CloudTrail 的相關資訊,請參閱 [AWS CloudTrail 使用者指南](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/)。
**Topics**
+ [CloudTrail 與 Amazon RDS 整合](#service-name-info-in-cloudtrail)
+ [Amazon RDS 日誌檔案項目](#understanding-service-name-entries)
## CloudTrail 與 Amazon RDS 整合
CloudTrail 會記錄所有 Amazon RDS 動作。對於使用者、角色或 AWS 服務在 Amazon RDS 中採取的動作,CloudTrail 會提供記錄。
### CloudTrail 事件
CloudTrail 會擷取 Amazon RDS 的 API 呼叫當作事件。一個事件為任何來源提出的單一請求,並包含請求動作、請求的日期和時間、請求參數等資訊。事件包括從 Amazon RDS 主控台的呼叫,以及對 Amazon RDS API 操作的程式碼呼叫。
Amazon RDS 活動會記錄在 **Event history** (事件歷史記錄) 的 CloudTrail 事件中。您可以使用 CloudTrail 主控台檢視 AWS 區域中過去 90 天所記錄的 API 活動和事件。如需詳細資訊,請參閱[使用 CloudTrail 事件歷程記錄檢視事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html)。
### CloudTrail 線索
如需 AWS 帳戶中正在記錄事件 (包括 Amazon RDS 的事件),請建立 trail (追蹤)。權杖是一種組態,能讓事件交付到指定的 Amazon S3 儲存貯體。CloudTrail 通常會在帳戶活動的 15 分鐘內交付日誌檔案。
**注意**
即使您未設定權仗,依然可以透過 CloudTrail 主控台中的 **Event history** (事件歷史記錄) 檢視最新事件。
您可以為 AWS 帳戶建立兩種類型的追蹤:套用至所有區域的追蹤,或套用至一個區域的追蹤。根據預設,當您在主控台建立線索時,線索會套用到所有 區域。
此外,您可以設定其他 AWS 服務,以進一步分析和處理 CloudTrail 日誌中所收集的事件資料。如需詳細資訊,請參閱:
+ [建立追蹤的概觀](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail 支援的服務和整合](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations)
+ [設定 CloudTrail 的 Amazon SNS 通知](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_notifications_top_level.html)
+ [接收多個區域的 CloudTrail 日誌檔案](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html)及[接收多個帳戶的 CloudTrail 日誌檔案](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)
## Amazon RDS 日誌檔案項目
CloudTrail 日誌檔案包含一或多個日誌專案。CloudTrail 日誌檔案並非依公有 API 呼叫追蹤記錄的堆疊排序,因此不會以任何特定順序出現。
以下範例顯示的是展示 `CreateDBInstance` 動作的 CloudTrail 日誌項目。
```
{
"eventVersion": "1.04",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAIOSFODNN7EXAMPLE",
"arn": "arn:aws:iam::123456789012:user/johndoe",
"accountId": "123456789012",
"accessKeyId": "AKIAI44QH8DHBEXAMPLE",
"userName": "johndoe"
},
"eventTime": "2018-07-30T22:14:06Z",
"eventSource": "rds.amazonaws.com",
"eventName": "CreateDBInstance",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "aws-cli/1.15.42 Python/3.6.1 Darwin/17.7.0 botocore/1.10.42",
"requestParameters": {
"enableCloudwatchLogsExports": [
"audit",
"error",
"general",
"slowquery"
],
"dBInstanceIdentifier": "test-instance",
"engine": "mysql",
"masterUsername": "myawsuser",
"allocatedStorage": 20,
"dBInstanceClass": "db.m1.small",
"masterUserPassword": "****"
},
"responseElements": {
"dBInstanceArn": "arn:aws:rds:us-east-1:123456789012:db:test-instance",
"storageEncrypted": false,
"preferredBackupWindow": "10:27-10:57",
"preferredMaintenanceWindow": "sat:05:47-sat:06:17",
"backupRetentionPeriod": 1,
"allocatedStorage": 20,
"storageType": "standard",
"engineVersion": "8.0.28",
"dbInstancePort": 0,
"optionGroupMemberships": [
{
"status": "in-sync",
"optionGroupName": "default:mysql-8-0"
}
],
"dBParameterGroups": [
{
"dBParameterGroupName": "default.mysql8.0",
"parameterApplyStatus": "in-sync"
}
],
"monitoringInterval": 0,
"dBInstanceClass": "db.m1.small",
"readReplicaDBInstanceIdentifiers": [],
"dBSubnetGroup": {
"dBSubnetGroupName": "default",
"dBSubnetGroupDescription": "default",
"subnets": [
{
"subnetAvailabilityZone": {"name": "us-east-1b"},
"subnetIdentifier": "subnet-cbfff283",
"subnetStatus": "Active"
},
{
"subnetAvailabilityZone": {"name": "us-east-1e"},
"subnetIdentifier": "subnet-d7c825e8",
"subnetStatus": "Active"
},
{
"subnetAvailabilityZone": {"name": "us-east-1f"},
"subnetIdentifier": "subnet-6746046b",
"subnetStatus": "Active"
},
{
"subnetAvailabilityZone": {"name": "us-east-1c"},
"subnetIdentifier": "subnet-bac383e0",
"subnetStatus": "Active"
},
{
"subnetAvailabilityZone": {"name": "us-east-1d"},
"subnetIdentifier": "subnet-42599426",
"subnetStatus": "Active"
},
{
"subnetAvailabilityZone": {"name": "us-east-1a"},
"subnetIdentifier": "subnet-da327bf6",
"subnetStatus": "Active"
}
],
"vpcId": "vpc-136a4c6a",
"subnetGroupStatus": "Complete"
},
"masterUsername": "myawsuser",
"multiAZ": false,
"autoMinorVersionUpgrade": true,
"engine": "mysql",
"cACertificateIdentifier": "rds-ca-2015",
"dbiResourceId": "db-ETDZIIXHEWY5N7GXVC4SH7H5IA",
"dBSecurityGroups": [],
"pendingModifiedValues": {
"masterUserPassword": "****",
"pendingCloudwatchLogsExports": {
"logTypesToEnable": [
"audit",
"error",
"general",
"slowquery"
]
}
},
"dBInstanceStatus": "creating",
"publiclyAccessible": true,
"domainMemberships": [],
"copyTagsToSnapshot": false,
"dBInstanceIdentifier": "test-instance",
"licenseModel": "general-public-license",
"iAMDatabaseAuthenticationEnabled": false,
"performanceInsightsEnabled": false,
"vpcSecurityGroups": [
{
"status": "active",
"vpcSecurityGroupId": "sg-f839b688"
}
]
},
"requestID": "daf2e3f5-96a3-4df7-a026-863f96db793e",
"eventID": "797163d3-5726-441d-80a7-6eeb7464acd4",
"eventType": "AwsApiCall",
"recipientAccountId": "123456789012"
}
```
如上述範例中的 `userIdentity` 元素所示,每個事件或記錄項目都包含產生要求者的相關資訊。身分資訊可協助您判斷下列事項:
+ 該請求是否使用根或 IAM 使用者憑證提出。
+ 提出該請求時,是否使用了特定角色或聯合身分使用者的暫時安全憑證。
+ 該請求是否由另一項 AWS 服務提出。
如需 `userIdentity` 的詳細資訊,請參閱 [CloudTrail userIdentity 元素](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。如需有關 `CreateDBInstance` 和其他 Amazon RDS 動作的詳細資訊,請參閱《[Amazon RDS API 參考](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/)》。