本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
了解 IAM Identity Center CloudTrail 的事件
追蹤是一種組態,能讓事件交付到您指定的 Amazon S3 儲存貯體。事件代表來自任何來源的單一請求,並包含所請求動作、動作的日期和時間、請求參數等相關資訊。 CloudTrail 事件不是公開API呼叫的排序堆疊追蹤,因此不會以任何特定順序顯示。了解 CloudTrail 使用者指南中的 CloudTrail 記錄內容。
下列範例顯示 IAM Identity Center 主控台中發生的管理員 (samadams@example.com) 的 CloudTrail 日誌項目:
{ "Records":[ { "eventVersion":"1.05", "userIdentity":{ "type":"IAMUser", "principalId":"AIDAJAIENLMexample", "arn":"arn:aws:iam::08966example:user/samadams", "accountId":"111122223333", "accessKeyId":"AKIAIIJM2K4example", "userName":"samadams" }, "eventTime":"2017-11-29T22:39:43Z", "eventSource":"sso.amazonaws.com", "eventName":"DescribePermissionsPolicies", "awsRegion":"us-east-1", "sourceIPAddress":"203.0.113.0", "userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36", "requestParameters":{ "permissionSetId":"ps-79a0dde74b95ed05" }, "responseElements":null, "requestID":"319ac6a1-d556-11e7-a34f-69a333106015", "eventID":"a93a952b-13dd-4ae5-a156-d3ad6220b071", "readOnly":true, "resources":[ ], "eventType":"AwsApiCall", "recipientAccountId":"111122223333" } ] }
下列範例顯示 AWS 存取入口網站中發生之最終使用者 (bobsmith@example.com) 動作的 CloudTrail 日誌項目:
{ "Records":[ { "eventVersion":"1.05", "userIdentity":{ "type":"Unknown", "principalId":"example.com//S-1-5-21-1122334455-3652759393-4233131409-1126", "accountId":"111122223333", "userName":"bobsmith@example.com", "onBehalfOf": { "userId": "94d00cd8-e9e6-4810-b177-b08e84775435", "identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890" }, "credentialId" : "cdee2490-82ed-43b3-96ee-b75fbf0b97a5" }, "eventTime":"2017-11-29T18:48:28Z", "eventSource":"sso.amazonaws.com", "eventName":"ListApplications", "awsRegion":"us-east-1", "sourceIPAddress":"203.0.113.0", "userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36", "requestParameters":null, "responseElements":null, "requestID":"de6c0435-ce4b-49c7-9bcc-bc5ed631ce04", "eventID":"e6e1f3df-9528-4c6d-a877-6b2b895d1f91", "eventType":"AwsApiCall", "recipientAccountId":"111122223333" } ] }
下列範例顯示 IAM Identity Center 中發生的最終使用者 (bobsmith@example.com) 動作的 CloudTrail 日誌項目OIDC:
{ "eventVersion": "1.05", "userIdentity": { "type": "Unknown", "principalId": "example.com//S-1-5-21-1122334455-3652759393-4233131409-1126", "accountId": "111122223333", "userName": "bobsmith@example.com", "onBehalfOf": { "userId": "94d00cd8-e9e6-4810-b177-b08e84775435", "identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890" }, "credentialId" : "cdee2490-82ed-43b3-96ee-b75fbf0b97a5" }, "eventTime": "2020-06-16T01:31:15Z", "eventSource": "sso.amazonaws.com", "eventName": "CreateToken", "awsRegion": "us-east-1", "sourceIPAddress": "203.0.113.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36", "requestParameters": { "clientId": "clientid1234example", "clientSecret": "HIDDEN_DUE_TO_SECURITY_REASONS", "grantType": "urn:ietf:params:oauth:grant-type:device_code", "deviceCode": "devicecode1234example" }, "responseElements": { "accessToken": "HIDDEN_DUE_TO_SECURITY_REASONS", "tokenType": "Bearer", "expiresIn": 28800, "refreshToken": "HIDDEN_DUE_TO_SECURITY_REASONS", "idToken": "HIDDEN_DUE_TO_SECURITY_REASONS" }, "eventID": "09a6e1a9-50e5-45c0-9f08-e6ef5089b262", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "IdentityStoreId", "ARN": "d-1234567890" } ], "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }
