本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
瞭解IAM身分識別中心的 CloudTrail 記錄檔項目
追蹤是一種組態,可讓事件以日誌檔的形式傳遞到您指定的 Amazon S3 儲存貯體。 CloudTrail 記錄檔包含一或多個記錄項目。事件代表來自任何來源的單一請求,包括有關請求的操作,動作的日期和時間,請求參數等信息。 CloudTrail 日誌文件不是公共API調用的有序堆棧跟踪,因此它們不會以任何特定順序顯示。
下列範例顯示在IAM身分識別中心主控台中發生的系統管理員 (samadams@example.com) 的 CloudTrail 記錄項目:
{ "Records":[ { "eventVersion":"1.05", "userIdentity":{ "type":"IAMUser", "principalId":"AIDAJAIENLMexample", "arn":"arn:aws:iam::08966example:user/samadams", "accountId":"08966example", "accessKeyId":"AKIAIIJM2K4example", "userName":"samadams" }, "eventTime":"2017-11-29T22:39:43Z", "eventSource":"sso.amazonaws.com", "eventName":"DescribePermissionsPolicies", "awsRegion":"us-east-1", "sourceIPAddress":"203.0.113.0", "userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36", "requestParameters":{ "permissionSetId":"ps-79a0dde74b95ed05" }, "responseElements":null, "requestID":"319ac6a1-d556-11e7-a34f-69a333106015", "eventID":"a93a952b-13dd-4ae5-a156-d3ad6220b071", "readOnly":true, "resources":[ ], "eventType":"AwsApiCall", "recipientAccountId":"08966example" } ] }
下列範例顯示在中發生之一般使用者 (bobsmith@example.com) 動作的 CloudTrail 記錄項目 AWS 訪問門戶:
{ "Records":[ { "eventVersion":"1.05", "userIdentity":{ "type":"Unknown", "principalId":"example.com//S-1-5-21-1122334455-3652759393-4233131409-1126", "accountId":"08966example", "userName":"bobsmith@example.com" }, "eventTime":"2017-11-29T18:48:28Z", "eventSource":"sso.amazonaws.com", "eventName":"ListApplications", "awsRegion":"us-east-1", "sourceIPAddress":"203.0.113.0", "userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36", "requestParameters":null, "responseElements":null, "requestID":"de6c0435-ce4b-49c7-9bcc-bc5ed631ce04", "eventID":"e6e1f3df-9528-4c6d-a877-6b2b895d1f91", "eventType":"AwsApiCall", "recipientAccountId":"08966example" } ] }
下列範例顯示在IAM身分識別中心中發生之一般使用者 (bobsmith@example.com) 動作的 CloudTrail 記錄項目OIDC:
{ "eventVersion": "1.05", "userIdentity": { "type": "Unknown", "principalId": "example.com//S-1-5-21-1122334455-3652759393-4233131409-1126", "accountId": "08966example", "userName": "bobsmith@example.com" }, "eventTime": "2020-06-16T01:31:15Z", "eventSource": "sso.amazonaws.com", "eventName": "CreateToken", "awsRegion": "us-east-1", "sourceIPAddress": "203.0.113.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36", "requestParameters": { "clientId": "clientid1234example", "clientSecret": "HIDDEN_DUE_TO_SECURITY_REASONS", "grantType": "urn:ietf:params:oauth:grant-type:device_code", "deviceCode": "devicecode1234example" }, "responseElements": { "accessToken": "HIDDEN_DUE_TO_SECURITY_REASONS", "tokenType": "Bearer", "expiresIn": 28800, "refreshToken": "HIDDEN_DUE_TO_SECURITY_REASONS", "idToken": "HIDDEN_DUE_TO_SECURITY_REASONS" }, "eventID": "09a6e1a9-50e5-45c0-9f08-e6ef5089b262", "readOnly": false, "resources": [ { "accountId": "08966example", "type": "IdentityStoreId", "ARN": "d-1234example" } ], "eventType": "AwsApiCall", "recipientAccountId": "08966example" }
