本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Analyze AWS CloudTrail 日誌檔案項目
追蹤是一種組態,可讓您將事件作為日誌檔案交付至您指定的 Amazon S3 儲存貯體。 CloudTrail 日誌檔案包含一或多個日誌項目。事件代表來自任何來源的單一請求,其中包含請求動作的相關資訊。這包括動作的日期和時間,以及所使用的請求參數等資訊。 CloudTrail 日誌檔案不是公用 API 呼叫的有序堆疊追蹤,因此它們不會以任何特定順序顯示。
下列範例顯示示範 CloudTrail 動作的 aCreateCluster 日誌項目。
{ "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "AKIAIOSFODNN7EXAMPLE", "arn": "arn:aws: iam::111122223333:user/username", "accountId": "111122223333", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "username" }, "eventTime": "2018-05-28T19:16:43Z", "eventSource": "eks.amazonaws.com", "eventName": "CreateCluster", "awsRegion": "region-code", "sourceIPAddress": "205.251.233.178", "userAgent": "PostmanRuntime/6.4.0", "requestParameters": { "resourcesVpcConfig": { "subnetIds": [ "subnet-a670c2df", "subnet-4f8c5004" ] }, "roleArn": "arn:aws: iam::111122223333:role/AWSServiceRoleForAmazonEKS-CAC1G1VH3ZKZ", "clusterName": "test" }, "responseElements": { "cluster": { "clusterName": "test", "status": "CREATING", "createdAt": 1527535003.208, "certificateAuthority": {}, "arn": "arn:aws: eks:region-code:111122223333:cluster/test", "roleArn": "arn:aws: iam::111122223333:role/AWSServiceRoleForAmazonEKS-CAC1G1VH3ZKZ", "version": "1.10", "resourcesVpcConfig": { "securityGroupIds": [], "vpcId": "vpc-21277358", "subnetIds": [ "subnet-a670c2df", "subnet-4f8c5004" ] } } }, "requestID": "a7a0735d-62ab-11e8-9f79-81ce5b2b7d37", "eventID": "eab22523-174a-499c-9dd6-91e7be3ff8e3", "readOnly": false, "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }
Amazon EKS Service 連結角色的日誌項目
Amazon EKS 服務連結角色會對 AWS 資源進行 API 呼叫。Amazon CloudTrail 服務連結角色呼叫時,username: AWSServiceRoleForAmazonEKSNodegroup會顯示 username: AWSServiceRoleForAmazonEKS和 的 EKS 日誌項目。如需 Amazon EKS 和服務連結角色的詳細資訊,請參閱 針對 Amazon EKS 使用服務連結角色。
下列範例顯示 a CloudTrail 日誌項目,示範由AWSServiceRoleForAmazonEKSNodegroup服務連結角色所執行的 ` DeleteInstanceProfile` 動作,如 所述sessionContext。
{ "eventVersion": "1.05", "userIdentity": { "type": "AssumedRole", "principalId": "AROA3WHGPEZ7SJ2CW55C5:EKS", "arn": "arn:aws: sts::111122223333:assumed-role/AWSServiceRoleForAmazonEKSNodegroup/EKS", "accountId": "111122223333", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AROA3WHGPEZ7SJ2CW55C5", "arn": "arn:aws: iam::111122223333:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup", "accountId": "111122223333", "userName": "AWSServiceRoleForAmazonEKSNodegroup" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2020-02-26T00:56:33Z" } }, "invokedBy": "eks-nodegroup.amazonaws.com" }, "eventTime": "2020-02-26T00:56:34Z", "eventSource": "iam.amazonaws.com", "eventName": "DeleteInstanceProfile", "awsRegion": "region-code", "sourceIPAddress": "eks-nodegroup.amazonaws.com", "userAgent": "eks-nodegroup.amazonaws.com", "requestParameters": { "instanceProfileName": "eks-11111111-2222-3333-4444-abcdef123456" }, "responseElements": null, "requestID": "11111111-2222-3333-4444-abcdef123456", "eventID": "11111111-2222-3333-4444-abcdef123456", "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }
