本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Amazon EBS 的 Amazon EventBridge 事件
Amazon EBS 會將事件傳送到 Amazon EventBridge,以便在磁碟區和快照上執行的動作。使用 EventBridge,您可建立可觸發程式設計動作的規則,以便回應這些事件。例如,您可以建立規則,從而在啟用快照進行快速快照還原時,將通知傳送至您的電子郵件。
EventBridge 中的事件以 JSON 物件表示。事件的獨特欄位會包含在 JSON 物件的 "detail" 區段中。"event" 欄位則包含事件名稱。"result" 欄位包含觸發事件之動作的完成狀態。如需詳細資訊,請參閱「Amazon EventBridge 使用者指南」中的「Amazon EventBridge 事件模式」。
如需詳細資訊,請參閱《Amazon EventBridge 使用者指南》中的什麼是 Amazon EventBridge?。
EBS 磁碟區事件
當發生以下磁碟區事件時,Amazon EBS 會傳送事件至 EventBridge。
建立磁碟區 (createVolume)
當建立磁碟區的動作完成時,createVolume事件會傳送至 AWS 您的帳戶。不過,它不會儲存、記錄或封存。此事件的結果可以是 available 或 failed。如果 AWS KMS key 提供無效的 ,建立將會失敗,如以下範例所示。
事件資料
下列清單為 EBS 針對成功的 createVolume 事件發出的 JSON 物件範例。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:012345678901:volume/vol-01234567"
],
"detail": {
"result": "available",
"cause": "",
"event": "createVolume",
"request-id": "01234567-0123-0123-0123-0123456789ab"
}
}下列清單為 EBS 針對失敗的 createVolume 事件發出的 JSON 物件範例。失敗原因為 KMS 金鑰 已停用。
{
"version": "0",
"id": "01234567-0123-0123-0123-0123456789ab",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "sa-east-1",
"resources": [
"arn:aws:ec2:sa-east-1:0123456789ab:volume/vol-01234567",
],
"detail": {
"event": "createVolume",
"result": "failed",
"cause": "arn:aws:kms:sa-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab is disabled.",
"request-id": "01234567-0123-0123-0123-0123456789ab",
}
}以下為 EBS 針對失敗的 createVolume 事件發出的 JSON 物件範例。失敗原因為 KMS 金鑰 正在等待匯入。
{
"version": "0",
"id": "01234567-0123-0123-0123-0123456789ab",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "sa-east-1",
"resources": [
"arn:aws:ec2:sa-east-1:0123456789ab:volume/vol-01234567",
],
"detail": {
"event": "createVolume",
"result": "failed",
"cause": "arn:aws:kms:sa-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab is pending import.",
"request-id": "01234567-0123-0123-0123-0123456789ab",
}
}刪除磁碟區 (deleteVolume)
當刪除磁碟區的動作完成 AWS 時,deleteVolume事件會傳送至您的帳戶。不過,它不會儲存、記錄或封存。此事件的結果為 deleted。若刪除未完成,便不會傳送該事件。
事件資料
下列清單為 EBS 針對成功的 deleteVolume 事件發出的 JSON 物件範例。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:012345678901:volume/vol-01234567"
],
"detail": {
"result": "deleted",
"cause": "",
"event": "deleteVolume",
"request-id": "01234567-0123-0123-0123-0123456789ab"
}
}磁碟區連接或重新連接 (attachVolume、reattachVolume)
attachVolume 或 reattachVolume 事件會在磁碟區連接或重新連接到執行個體失敗時傳送到您的 AWS 帳戶。不過,它不會儲存、記錄或封存。若您使用 KMS 金鑰 加密 EBS 磁碟區但 KMS 金鑰 卻失效,EBS 便會在稍後使用該 KMS 金鑰 來連接或重新連接到執行個體時發出此事件,如以下範例所示。
事件資料
下列清單為 EBS 針對失敗的 attachVolume 事件發出的 JSON 物件範例。失敗原因為 KMS 金鑰 正在等待刪除。
注意
AWS 可能會在例行伺服器維護後嘗試重新連接到磁碟區。
{
"version": "0",
"id": "01234567-0123-0123-0123-0123456789ab",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:0123456789ab:volume/vol-01234567",
"arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab"
],
"detail": {
"event": "attachVolume",
"result": "failed",
"cause": "arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab is pending deletion.",
"request-id": ""
}
}下列清單為 EBS 針對失敗的 reattachVolume 事件發出的 JSON 物件範例。失敗原因為 KMS 金鑰 正在等待刪除。
{
"version": "0",
"id": "01234567-0123-0123-0123-0123456789ab",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:0123456789ab:volume/vol-01234567",
"arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab"
],
"detail": {
"event": "reattachVolume",
"result": "failed",
"cause": "arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab is pending deletion.",
"request-id": ""
}
}分離磁碟區 (detachVolume)
當磁碟區從 Amazon EC2 執行個體分離時,detachVolume事件會傳送至 AWS 您的帳戶。
事件資料
以下是成功detachVolume事件的範例。
{
"version":"0",
"id":"2ec37298-1234-e436-70fc-c96b1example",
"detail-type":"AWS API Call via CloudTrail",
"source":"aws.ec2",
"account":"123456789012",
"time":"2024-03-18T16:35:52Z",
"region":"us-east-1",
"resources":[],
"detail":
{
"eventVersion":"1.09",
"userIdentity":
{
"type":"IAMUser",
"principalId":"AIDAJT12345SQ2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/administrator",
"accountId":"123456789012",
"accessKeyId":"AKIAJ67890A6EXAMPLE",
"userName":"administrator"
},
"eventTime":"2024-03-18T16:35:52Z",
"eventSource":"ec2.amazonaws.com",
"eventName":"DetachVolume",
"awsRegion":"us-east-1",
"sourceIPAddress":"12.12.123.12",
"userAgent":"aws-cli/2.7.12 Python/3.9.11 Windows/10 exe/AMD64 prompt/off command/ec2.detach-volume",
"requestParameters":
{
"volumeId":"vol-072577c46bexample",
"force":false
},
"responseElements":
{
"requestId":"1234513a-6292-49ea-83f8-85e95example",
"volumeId":"vol-072577c46bexample",
"instanceId":"i-0217f7eb3dexample",
"device":"/dev/sdb",
"status":"detaching",
"attachTime":1710776815000
},
"requestID":"1234513a-6292-49ea-83f8-85e95example",
"eventID":"1234551d-a15a-43eb-9e69-c983aexample",
"readOnly":false,
"eventType":"AwsApiCall",
"managementEvent":true,
"recipientAccountId":"123456789012",
"eventCategory":"Management",
"tlsDetails":
{
"tlsVersion":"TLSv1.3",
"cipherSuite":"TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"
}
}
}EBS 磁碟區修改事件
當修改磁碟區時,Amazon EBS 會傳送 modifyVolume 事件至 EventBridge。不過,它不會儲存、記錄或封存。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:012345678901:volume/vol-03a55cf56513fa1b6"
],
"detail": {
"result": "optimizing",
"cause": "",
"event": "modifyVolume",
"request-id": "01234567-0123-0123-0123-0123456789ab"
}
}EBS 快照事件
當發生以下磁碟區事件時,Amazon EBS 會傳送事件至 EventBridge。
建立快照 (createSnapshot)
當建立快照的動作完成 AWS 時,createSnapshot事件會傳送至您的帳戶。不過,它不會儲存、記錄或封存。此事件的結果可以是 succeeded 或 failed。
事件資料
下列清單為 EBS 針對成功的 createSnapshot 事件發出的 JSON 物件範例。在 detail 區段中,source 欄位包含來源磁碟區的 ARN。startTime 和 endTime 欄位則表示開始建立快照和完成建立的時間。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-west-2:snapshot/snap-01234567"
],
"detail": {
"event": "createSnapshot",
"result": "succeeded",
"cause": "",
"request-id": "",
"snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567",
"source": "arn:aws:ec2::us-west-2:volume/vol-01234567",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ" }
}建立快照 (createSnapshots)
當建立多磁碟區快照的動作完成 AWS 時,createSnapshots事件會傳送至您的帳戶。此事件的結果可以是 succeeded 或 failed。
事件資料
下列清單為 EBS 針對成功的 createSnapshots 事件發出的 JSON 物件範例。在 detail 區段中,source 欄位包含多磁碟區快照集的來源磁碟區的 ARN。startTime 和 endTime 欄位則表示開始建立快照和完成建立的時間。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Multi-Volume Snapshots Completion Status",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-east-1:snapshot/snap-01234567",
"arn:aws:ec2::us-east-1:snapshot/snap-012345678"
],
"detail": {
"event": "createSnapshots",
"result": "succeeded",
"cause": "",
"request-id": "",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ",
"snapshots": [
{
"snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-01234567",
"source": "arn:aws:ec2::us-east-1:volume/vol-01234567",
"status": "completed"
},
{
"snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-012345678",
"source": "arn:aws:ec2::us-east-1:volume/vol-012345678",
"status": "completed"
}
]
}
}下列清單為 EBS 針對失敗的 createSnapshots 事件發出的 JSON 物件範例。失敗原因是多磁碟區快照集的一或多個快照無法完成。snapshot_id 的值是失敗快照的 ARN。startTime 和 endTime 代表建立快照動作何時開始和結束。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Multi-Volume Snapshots Completion Status",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-east-1:snapshot/snap-01234567",
"arn:aws:ec2::us-east-1:snapshot/snap-012345678"
],
"detail": {
"event": "createSnapshots",
"result": "failed",
"cause": "Snapshot snap-01234567 is in status error",
"request-id": "",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ",
"snapshots": [
{
"snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-01234567",
"source": "arn:aws:ec2::us-east-1:volume/vol-01234567",
"status": "error"
},
{
"snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-012345678",
"source": "arn:aws:ec2::us-east-1:volume/vol-012345678",
"status": "error"
}
]
}
}
複製快照 (copySnapshot)
當複製快照的動作完成時,copySnapshot事件會傳送至 AWS 您的帳戶。不過,它不會儲存、記錄或封存。此事件的結果可以是 succeeded 或 failed。
在 detail區段中, source 是來源快照的 ARN, snapshot_id是快照複本的 ARN。 startTimeendTime指出複製操作開始和結束的時間。 incremental 指出快照複本是增量快照 (true),還是完整快照 (false)。 transferType指出快照複製操作是標準複製操作還是以時間為基礎的複製操作。如需詳細資訊,請參閱Amazon EBS 快照的時間型複本。
如果要跨區域複製快照,則會在目的地區域中發出事件。
案例 1:標準快照複製操作完成
以下是標準快照複製操作成功完成時,傳送至您帳戶的事件範例。請注意,transferType 為 standard。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-west-2:snapshot/snap-01234567"
],
"detail": {
"event": "copySnapshot",
"result": "succeeded",
"cause": "",
"request-id": "",
"snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567",
"source": "arn:aws:ec2::eu-west-1:snapshot/snap-76543210",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ",
"incremental": "true",
"transferType": "standard"
}
}案例 2:以時間為基礎的快照複製操作會在完成期間內完成
以下是在時間型快照複製操作完成期間傳送至您帳戶的事件範例。請注意, transferType time-based表示這是以時間為基礎的快照複製操作。 completionDurationStartTime表示完成持續時間何時開始。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-west-2:snapshot/snap-01234567"
],
"detail": {
"event": "copySnapshot",
"result": "succeeded",
"cause": "",
"request-id": "",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ",
"snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567",
"source": "arn:aws:ec2::eu-west-1:snapshot/snap-76543210",
"incremental": "true",
"completionDurationStartTime":"2024-11-16T06:27:33.816Z",
"transferType": "time-based"
}
}案例 3:以時間為基礎的快照複製操作完成,但錯過請求的完成持續時間
當以時間為基礎的快照複製操作完成,但不符合請求的完成持續時間時,CloudWatch 會將兩個事件傳送到您的帳戶。以下是這些事件的範例。
-
即使複製操作仍在進行中,第一個事件也會在錯過完成持續時間時傳送到您的帳戶。對於此事件,
detail-type是EBS Copy Snapshot Missed Completion Duration,missedCompletionDurationCause並提供原因。{ "version":"0", "id":"fd90eb95-0938-e02c-cf55-b81363b8ac12", "detail-type":"EBS Copy Snapshot Missed Completion Duration", "source":"aws.ec2", "account":"123456789012", "time":"2024-11-19T18:17:08Z", "region":"us-east-1", "resources": ["arn:aws:ec2:us-east-1:123456789012:snapshot/snap-01234567890abcedf"], "detail":{ "event":"copySnapshot", "missedCompletionDurationCause":"Snapshot copy was not able to meet the specified completion duration because your snapshot copy operation throughput quota was exceeded.", "snapshot_id":"arn:aws:ec2:us-east-1:123456789012:snapshot/snap-01234567890abcedf", "source":"arn:aws:ec2:us-east-1:123456789012:snapshot/snap-00987654321fedcba", "startTime": "Sun Nov 24 22:32:55 UTC 2024", "transferType": "time-based" } } -
第二個事件只會在快照完成時傳送到您的帳戶。事件包含
missedCompletionDurationCause,可提供原因。{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Snapshot Notification", "source": "aws.ec2", "account": "123456789012", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2::us-west-2:snapshot/snap-01234567" ], "detail": { "event": "copySnapshot", "result": "succeeded", "cause": "", "request-id": "", "startTime": "yyyy-mm-ddThh:mm:ssZ", "endTime": "yyyy-mm-ddThh:mm:ssZ", "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567", "source": "arn:aws:ec2::eu-west-1:snapshot/snap-76543210", "incremental": "true", "completionDurationStartTime":"2024-11-16T06:27:33.816Z", "missedCompletionDurationCause":"Snapshot copy was not able to meet the specified completion duration because your snapshot copy operation throughput quota was exceeded.", "transferType": "time-based" } }
案例 4:快照複製操作失敗
以下是快照複製操作失敗時傳送至您帳戶的事件範例。請注意, result failed表示 操作失敗。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-west-2:snapshot/snap-01234567"
],
"detail": {
"event": "copySnapshot",
"result": "failed",
"cause": "Source snapshot ID is not valid",
"request-id": "",
"snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567",
"source": "arn:aws:ec2::eu-west-1:snapshot/snap-76543210",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ"
}
}共用快照 (shareSnapshot)
當另一個 AWS 帳戶與其共用快照時,shareSnapshot事件會傳送至您的帳戶。不過,它不會儲存、記錄或封存。結果一律為 succeeded。
事件資料
以下為 EBS 在完成的 shareSnapshot 事件之後發出的 JSON 物件範例。在 detail區段中, 的值source是與您共用快照的使用者 AWS 的帳戶號碼。 startTime 和 endTime代表共用快照動作的開始和結束時間。shareSnapshot 事件只會在與另一個使用者共享私有快照時發出。共享公有快照不會觸發事件。
{
"version": "0",
"id": "01234567-01234-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-west-2:snapshot/snap-01234567"
],
"detail": {
"event": "shareSnapshot",
"result": "succeeded",
"cause": "",
"request-id": "",
"snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567",
"source": 012345678901,
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ"
}
}EBS 快照封存事件
Amazon EBS 會發出與快照封存動作相關的事件。如需詳細資訊,請參閱 使用 CloudWatch Events 監控 Amazon EBS 快照封存。
EBS 快速快照還原事件
當快照的快速快照還原狀態變更時,Amazon EBS 會傳送事件至 EventBridge。盡可能發出事件。
以下是此事件的範例資料。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Fast Snapshot Restore State-change Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1::snapshot/snap-03a55cf56513fa1b6"
],
"detail": {
"snapshot-id": "snap-1234567890abcdef0",
"state": "optimizing",
"zone": "us-east-1a",
"message": "Client.UserInitiated - Lifecycle state transition",
}
}state 的可能值為 enabling、optimizing、enabled、disabling 和 disabled。
message 可能的值如下:
Client.InvalidSnapshot.InvalidState - The requested snapshot transitioned to an invalid state (Error)-
啟用快速快照還原的請求已失敗,並且狀態轉換成
disabling或disabled。無法為此快照啟用快速快照還原。 Client.UserInitiated-
狀態已成功轉換成
enabling或disabling。 Client.UserInitiated - Lifecycle state transition-
狀態已成功轉換成
optimizing、enabled或disabled。 Server.InsufficientCapacity - There was insufficient capacity available to satisfy the request-
由於不足夠的容量,啟用快速快照還原的請求已失敗,並且狀態轉換成
disabling或disabled。等候然後再試一次。 Server.InternalError - An internal error caused the operation to fail-
由於內部錯誤,啟用快速快照還原的請求已失敗,並且狀態轉換成
disabling或disabled。等候然後再試一次。 Client.InvalidSnapshot.InvalidState - The requested snapshot was deleted or access permissions were revoked-
快照的快速快照還原狀態已轉換為
disabling或disabled,因為快照擁有者已將快照刪除或取消共享。您無法針對已刪除或不再與您共享的快照啟用快速快照還原。
