Amazon CloudWatch Events
用户指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 Amazon AWS 入门

每个支持服务的 CloudWatch Events 事件示例

以下 AWS 服务会发出 CloudWatch Events 可检测到的事件:

未列出的服务的事件

您也可以对并不发出事件且不在前面列表中的服务使用 CloudWatch Events。AWS CloudTrail 是一个服务,可用于自动记录事件,例如 AWS 服务 API 调用。您可以创建对 CloudTrail 所捕获的信息触发的 CloudWatch Events 规则。有关 CloudTrail 的更多信息,请参阅什么是 AWS CloudTrail?。有关如何创建使用 CloudTrail 的 CloudWatch Events规则的更多信息,请参阅 使用 AWS CloudTrail 创建对 AWS API 调用触发的 CloudWatch Events 规则

Amazon EC2 Auto Scaling 事件

以下是 Amazon EC2 Auto Scaling 事件的示例。有关更多信息,请参阅 Amazon EC2 Auto Scaling 用户指南 中的在 Auto Scaling 组扩展时获取 CloudWatch 通知

EC2 实例启动生命周期操作

由于生命周期挂钩,Amazon EC2 Auto Scaling 已将实例移至 Pending:Wait 状态。

{ "version": "0", "id": "6a7e8feb-b491-4cf7-a9f1-bf3703467718", "detail-type": "EC2 Instance-launch Lifecycle Action", "source": "aws.autoscaling", "account": "123456789012", "time": "2015-12-22T18:43:48Z", "region": "us-east-1", "resources": [ "arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:59fcbb81-bd02-485d-80ce-563ef5b237bf:autoScalingGroupName/sampleASG" ], "detail": { "LifecycleActionToken": "c613620e-07e2-4ed2-a9e2-ef8258911ade", "AutoScalingGroupName": "my-asg", "LifecycleHookName": "my-lifecycle-hook", "EC2InstanceId": "i-1234567890abcdef0", "LifecycleTransition": "autoscaling:EC2_INSTANCE_LAUNCHING", "NotificationMetadata": "additional-info" } }

EC2 实例启动成功

Amazon EC2 Auto Scaling 已成功启动一个实例。

{ "id": "3e3c153a-8339-4e30-8c35-687ebef853fe", "detail-type": "EC2 Instance Launch Successful", "source": "aws.autoscaling", "account": "123456789012", "time": "2015-11-11T21:31:47Z", "region": "us-east-1", "resources": [ "arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:eb56d16b-bbf0-401d-b893-d5978ed4a025:autoScalingGroupName/ASGLaunchSuccess", "arn:aws:ec2:us-east-1:123456789012:instance/i-b188560f" ], "detail": { "StatusCode": "InProgress", "AutoScalingGroupName": "ASGLaunchSuccess", "ActivityId": "9cabb81f-42de-417d-8aa7-ce16bf026590", "Details": { "Availability Zone": "us-east-1b", "Subnet ID": "subnet-95bfcebe" }, "RequestId": "9cabb81f-42de-417d-8aa7-ce16bf026590", "EndTime": "2015-11-11T21:31:47.208Z", "EC2InstanceId": "i-b188560f", "StartTime": "2015-11-11T21:31:13.671Z", "Cause": "At 2015-11-11T21:31:10Z a user request created an Auto Scaling group changing the desired capacity from 0 to 1. At 2015-11-11T21:31:11Z an instance was started in response to a difference between desired and actual capacity, increasing the capacity from 0 to 1." } }

EC2 实例启动失败

Auto Scaling 未能启动实例。

{ "id": "1681ab87-4a09-459f-95a2-7fa09403c4b7", "detail-type": "EC2 Instance Launch Unsuccessful", "source": "aws.autoscaling", "account": "123456789012", "time": "2015-11-11T21:42:36Z", "region": "us-east-1", "resources": [ "arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:528ffce5-ef9f-4c1d-8d18-5d005b4a438c:autoScalingGroupName/brokenASG", "arn:aws:ec2:us-east-1:123456789012:instance/" ], "detail": { "StatusCode": "Failed", "AutoScalingGroupName": "brokenASG", "ActivityId": "06076c51-4874-487d-b15b-7895a713ab55", "Details": { "Availability Zone": "us-east-1e", "Subnet ID": "subnet-16c5df2c" }, "RequestId": "06076c51-4874-487d-b15b-7895a713ab55", "EndTime": "2015-11-11T21:42:36.000Z", "EC2InstanceId": "", "StartTime": "2015-11-11T21:42:36.698Z", "Cause": "At 2015-11-11T21:42:09Z a user request update of Auto Scaling group constraints to min: 0, max: 10, desired: 2 changing the desired capacity from 0 to 2. At 2015-11-11T21:42:35Z an instance was started in response to a difference between desired and actual capacity, increasing the capacity from 0 to 2." } }

EC2 实例终止生命周期操作

由于生命周期挂钩,Auto Scaling 已将实例移至 Terminating:Wait 状态。

{ "version": "0", "id": "468fe059-f4b7-445f-bb22-2a271b94974d", "detail-type": "EC2 Instance-terminate Lifecycle Action", "source": "aws.autoscaling", "account": "123456789012", "time": "2015-12-22T18:43:48Z", "region": "us-east-1", "resources": [ "arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:59fcbb81-bd02-485d-80ce-563ef5b237bf:autoScalingGroupName/sampleASG" ], "detail": { "LifecycleActionToken": "630aa23f-48eb-45e7-aba6-799ea6093a0f", "AutoScalingGroupName": "sampleASG", "LifecycleHookName": "SampleLifecycleHook-6789", "EC2InstanceId": "i-12345678", "LifecycleTransition": "autoscaling:EC2_INSTANCE_TERMINATING", "NotificationMetadata": "additional-info } }

EC2 实例终止成功

Auto Scaling 已成功终止实例。

{ "id": "156d01c9-a6c3-4d7e-b883-5758266b95af", "detail-type": "EC2 Instance Terminate Successful", "source": "aws.autoscaling", "account": "123456789012", "time": "2015-11-11T21:36:57Z", "region": "us-east-1", "resources": [ "arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:eb56d16b-bbf0-401d-b893-d5978ed4a025:autoScalingGroupName/ASGTerminate", "arn:aws:ec2:us-east-1:123456789012:instance/i-b188560f" ], "detail": { "StatusCode": "InProgress", "AutoScalingGroupName": "ASGTerminate", "ActivityId": "56472e79-538a-4ba7-b3cc-768d889194b0", "Details": { "Availability Zone": "us-east-1b", "Subnet ID": "subnet-95bfcebe" }, "RequestId": "56472e79-538a-4ba7-b3cc-768d889194b0", "EndTime": "2015-11-11T21:36:57.498Z", "EC2InstanceId": "i-b188560f", "StartTime": "2015-11-11T21:36:12.649Z", "Cause": "At 2015-11-11T21:36:03Z a user request update of Auto Scaling group constraints to min: 0, max: 1, desired: 0 changing the desired capacity from 1 to 0. At 2015-11-11T21:36:12Z an instance was taken out of service in response to a difference between desired and actual capacity, shrinking the capacity from 1 to 0. At 2015-11-11T21:36:12Z instance i-b188560f was selected for termination." } }

EC2 实例终止失败

Auto Scaling 未能终止实例。

{ "id": "5e3df53a-0239-4e31-7d15-087ebef903ce", "detail-type": "EC2 Instance Terminate Unsuccessful", "source": "aws.autoscaling", "account": "123456789012", "time": "2015-12-01T23:34:57Z", "region": "us-east-1", "resources": [ "arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:cf5ebd9c-8e2a-4197-abe2-2fb94e8d1f87:autoScalingGroupName/ASGTermFail", "arn:aws:ec2:us-east-1:123456789012:instance/i-b188560f" ], "detail": { "StatusCode": "InProgress", "Description": "Terminating EC2 instance: i-b188560f", "AutoScalingGroupName": "ASGTermFail", "ActivityId": "c1a8f6ce-82e8-4517-96ba-67d1999ceee4", "Details": { "Availability Zone": "us-east-1e", "Subnet ID": "subnet-915643ba" }, "RequestId": "c1a8f6ce-82e8-4517-96ba-67d1999ceee4", "StatusMessage": "", "EndTime": "2015-12-01T23:34:57.721Z", "EC2InstanceId": "i-b188560f", "StartTime": "2015-12-01T23:33:48.489Z", "Cause": "At 2015-12-01T23:33:41Z a user request explicitly set group desired capacity changing the desired capacity from 2 to 0. At 2015-12-01T23:33:47Z an instance was taken out of service in response to a difference between desired and actual capacity, shrinking the capacity from 2 to 0. At 2015-12-01T23:33:47Z instance i-0867b4292c0cff474 was selected for termination. At 2015-12-01T23:33:48Z instance i-b188560f was selected for termination." } }

AWS API 调用事件

以下是 Amazon S3 的 AWS API 调用事件示例,用以创建存储桶:

{ "version": "0", "id": "36eb8523-97d0-4518-b33d-ee3579ff19f0", "detail-type": "AWS API Call via CloudTrail", "source": "aws.s3", "account": "123456789012", "time": "2016-02-20T01:09:13Z", "region": "us-east-1", "resources": [], "detail": { "eventVersion": "1.03", "userIdentity": { "type": "Root", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "sessionContext": { "attributes": { "mfaAuthenticated": "false", "creationDate": "2016-02-20T01:05:59Z" } } }, "eventTime": "2016-02-20T01:09:13Z", "eventSource": "s3.amazonaws.com", "eventName": "CreateBucket", "awsRegion": "us-east-1", "sourceIPAddress": "100.100.100.100", "userAgent": "[S3Console/0.4]", "requestParameters": { "bucketName": "bucket-test-iad" }, "responseElements": null, "requestID": "9D767BCC3B4E7487", "eventID": "24ba271e-d595-4e66-a7fd-9c16cbf8abae", "eventType": "AwsApiCall" } }

仅支持以下服务的读/写事件。只读操作—(例如以 ListGetDescribe 开头)—不受支持。此外,大于 256KB 的 AWS API 调用事件不受支持。

  • Amazon EC2 Auto Scaling

  • AWS Certificate Manager

  • AWS CloudFormation

  • Amazon CloudFront

  • AWS CloudHSM

  • Amazon CloudSearch

  • AWS CloudTrail

  • Amazon CloudWatch

  • Amazon CloudWatch Events

  • Amazon CloudWatch Logs

  • AWS CodeDeploy

  • AWS CodePipeline

  • Amazon Cognito 身份

  • Amazon Cognito Sync

  • AWS Config

  • AWS Data Pipeline

  • AWS Device Farm

  • AWS Direct Connect

  • AWS Directory Service

  • AWS Database Migration Service

  • Amazon DynamoDB

  • Amazon Elastic Container Registry

  • Amazon Elastic Container Service

  • Amazon EC2 Systems Manager

  • Amazon ElastiCache

  • AWS Elastic Beanstalk

  • Amazon Elastic Compute Cloud

  • Amazon Elastic File System

  • Elastic Load Balancing

  • Amazon EMR

  • Amazon Elastic Transcoder

  • Amazon Elasticsearch Service

  • Amazon GameLift

  • Amazon Glacier

  • AWS Identity and Access Management [仅 美国东部(弗吉尼亚北部)]

  • Amazon Inspector

  • AWS IoT

  • AWS Key Management Service

  • Amazon Kinesis

  • Amazon Kinesis Data Firehose

  • AWS Lambda

  • Amazon Machine Learning

  • AWS OpsWorks

  • Amazon Polly

  • Amazon Redshift

  • Amazon Relational Database Service

  • Amazon Route 53

  • AWS Security Token Service

  • Amazon Simple Email Service

  • Amazon Simple Notification Service

  • Amazon Simple Queue Service

  • Amazon Simple Storage Service

  • Amazon Simple Workflow Service

  • AWS Step Functions

  • AWS Storage Gateway

  • AWS Support

  • AWS WAF

  • Amazon WorkDocs

  • Amazon WorkSpaces

AWS Batch 事件

有关 AWS Batch 生成的事件示例,请参阅 AWS Batch 事件

AWS CodeBuild 事件

有关 AWS CodeBuild 示例事件的信息,请参阅 AWS CodeBuild 用户指南 中的构建通知输入格式参考

AWS CodeCommit 事件

以下是 AWS CodeCommit 事件的示例。

referenceCreated 事件

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "CodeCommit Repository State Change", "source": "aws.codecommit", "account": "123456789012", "time": "2017-06-12T10:23:43Z", "region": "us-east-1", "resources": [ "arn:aws:codecommit:us-east-1:123456789012:myRepo" ], "detail": { "event": "referenceCreated", "repositoryName": "myRepo", "repositoryId": "12345678-1234-5678-abcd-12345678abcd", "referenceType": "tag", "referenceName": "myTag", "referenceFullName": "refs/tags/myTag", "commitId": "3e5983EXAMPLE" } }

referenceUpdated 事件

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "CodeCommit Repository State Change", "source": "aws.codecommit", "account": "123456789012", "time": "2017-06-12T10:23:43Z", "region": "us-east-1", "resources": [ "arn:aws:codecommit:us-east-1:123456789012:myRepo" ], "detail": { "event": "referenceUpdated", "repositoryName": "myRepo", "repositoryId": "12345678-1234-5678-abcd-12345678abcd", "referenceType": "branch", "referenceName": "myBranch", "referenceFullName": "refs/heads/myBranch", "commitId": "26a8f2EXAMPLE", "oldCommitId": "3e5983EXAMPLE" } }

referenceDeleted 事件

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "CodeCommit Repository State Change", "source": "aws.codecommit", "account": "123456789012", "time": "2017-06-12T10:23:43Z", "region": "us-east-1", "resources": [ "arn:aws:codecommit:us-east-1:123456789012:myRepo" ], "detail": { "event": "referenceDeleted", "repositoryName": "myRepo", "repositoryId": "12345678-1234-5678-abcd-12345678abcd", "referenceType": "branch", "referenceName": "myBranch", "referenceFullName": "refs/heads/myBranch", "oldCommitId": "26a8f2EXAMPLE" } }

AWS CodeDeploy 事件

以下是 AWS CodeDeploy 事件的示例。有关更多信息,请参阅 AWS CodeDeploy User Guide 中的使用 CloudWatch Events 监视部署

CodeDeploy 部署状态更改通知

部署状态发生更改。

{ "account": "123456789012", "region": "us-east-1", "detail-type": "CodeDeploy Deployment State-change Notification", "source": "aws.codedeploy", "version": "0", "time": "2016-06-30T22:06:31Z", "id": "c071bfbf-83c4-49ca-a6ff-3df053957145", "resources": [ "arn:aws:codedeploy:us-east-1:123456789012:application:myApplication", "arn:aws:codedeploy:us-east-1:123456789012:deploymentgroup:myApplication/myDeploymentGroup" ], "detail": { "instanceGroupId": "9fd2fbef-2157-40d8-91e7-6845af69e2d2", "region": "us-east-1", "application": "myApplication", "deploymentId": "d-123456789", "state": "SUCCESS", "deploymentGroup": "myDeploymentGroup" } }

CodeDeploy 实例状态更改通知

属于部署组的实例状态发生更改。

{ "account": "123456789012", "region": "us-east-1", "detail-type": "CodeDeploy Instance State-change Notification", "source": "aws.codedeploy", "version": "0", "time": "2016-06-30T23:18:50Z", "id": "fb1d3015-c091-4bf9-95e2-d98521ab2ecb", "resources": [ "arn:aws:ec2:us-east-1:123456789012:instance/i-0000000aaaaaaaaaa", "arn:aws:codedeploy:us-east-1:123456789012:deploymentgroup:myApplication/myDeploymentGroup", "arn:aws:codedeploy:us-east-1:123456789012:application:myApplication" ], "detail": { "instanceId": "i-0000000aaaaaaaaaa", "region": "us-east-1", "state": "SUCCESS", "application": "myApplication", "deploymentId": "d-123456789", "instanceGroupId": "8cd3bfa8-9e72-4cbe-a1e5-da4efc7efd49", "deploymentGroup": "myDeploymentGroup" } }

AWS CodePipeline 事件

以下是 AWS CodePipeline 事件的示例。

管道执行状态更改

{ "version": "0", "id": "CWE-event-id", "detail-type": "CodePipeline Pipeline Execution State Change", "source": "aws.codepipeline", "account": "123456789012", "time": "2017-04-22T03:31:47Z", "region": "us-east-1", "resources": [ "arn:aws:codepipeline:us-east-1:123456789012:pipeline:myPipeline" ], "detail": { "pipeline": "myPipeline", "version": "1", "state": "STARTED", "execution-id": "01234567-0123-0123-0123-012345678901" } }

阶段执行状态更改

{ "version": "0", "id": "CWE-event-id", "detail-type": "CodePipeline Stage Execution State Change", "source": "aws.codepipeline", "account": "123456789012", "time": "2017-04-22T03:31:47Z", "region": "us-east-1", "resources": [ "arn:aws:codepipeline:us-east-1:123456789012:pipeline:myPipeline" ], "detail": { "pipeline": "myPipeline", "version": "1", "execution-id": "01234567-0123-0123-0123-012345678901", "stage": "Prod", "state": "STARTED" } }

操作执行状态更改

{ "version": "0", "id": "CWE-event-id", "detail-type": "CodePipeline Action Execution State Change", "source": "aws.codepipeline", "account": "123456789012", "time": "2017-04-22T03:31:47Z", "region": "us-east-1", "resources": [ "arn:aws:codepipeline:us-east-1:123456789012:pipeline:myPipeline" ], "detail": { "pipeline": "myPipeline", "version": 1, "execution-id": "01234567-0123-0123-0123-012345678901", "stage": "Prod", "action": "myAction", "state": "STARTED", "type": { "owner": "AWS", "category": "Deploy", "provider": "CodeDeploy", "version": 1 } } }

AWS 管理控制台登录事件

以下是控制台登录事件的示例:

{ "id": "6f87d04b-9f74-4f04-a780-7acf4b0a9b38", "detail-type": "AWS Console Sign In via CloudTrail", "source": "aws.signin", "account": "123456789012", "time": "2016-01-05T18:21:27Z", "region": "us-east-1", "resources": [], "detail": { "eventVersion": "1.02", "userIdentity": { "type": "Root", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012" }, "eventTime": "2016-01-05T18:21:27Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion": "us-east-1", "sourceIPAddress": "0.0.0.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36", "requestParameters": null, "responseElements": { "ConsoleLogin": "Success" }, "additionalEventData": { "LoginTo": "https://console.aws.amazon.com/console/home?state=hashArgs%23&isauthcode=true", "MobileVersion": "No", "MFAUsed": "No" }, "eventID": "324731c0-64b3-4421-b552-dfc3c27df4f6", "eventType": "AwsConsoleSignIn" } }

Amazon EBS 事件

以下是 Amazon Elastic Block Store (Amazon EBS) 事件的示例。有关更多信息,请参阅 Amazon EC2 用户指南(适用于 Linux 实例) 中的访问 Amazon EBS 的 Amazon CloudWatch Events

EBS 快照通知

Amazon EBS 创建了快照 (createSnapshot),复制了快照 (copySnapshot),或共享了快照 (shareSnapshot)。detail 字段中的 source 字段不会将账户 ID 作为卷 ARN 的一部分包含在内。

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Snapshot Notification", "source": "aws.ec2", "account": "123456789012", "time": "2016-11-14T01:30:00Z", "region": "us-east-1", "resources": [ "arn:aws:ec2::us-west-2:snapshot/snap-01234567" ], "detail": { "event": "createSnapshot", "result": "succeeded", "cause": "", "request-id": "", "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567", "source": "arn:aws:ec2::us-west-2:volume/vol-01234567", "StartTime": "2016-11-14T00:00:00Z", "EndTime": "2016-11-ddT01:30:00Z" } }

EBS 卷通知

在 Amazon EBS 创建或删除卷、未能创建卷、未能挂载卷或未能重新挂载卷时,将会生成事件。

Amazon EBS卷创建

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"EBS Volume Notification", "source":"aws.ec2", "account":"0123456789ab", "time":"2017-12-29T17:29:54Z", "region":"us-east-1", "resources":[ "arn:aws:ec2:us-east-1:0123456789ab:volume/vol-01234567" ], "detail":{ "result":"available", "cause":"", "event":"createVolume", "request-id":"01234567-0123-0123-0123-0123456789ab" } }

Amazon EBS卷删除

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"EBS Volume Notification", "source":"aws.ec2", "account":"0123456789ab", "time":"2017-12-29T17:28:57Z", "region":"us-east-1", "resources":[ "arn:aws:ec2:us-east-1: 0123456789ab:volume/vol-01234567" ], "detail":{ "result":"deleted", "cause":"", "event":"deleteVolume", "request-id":"01234567-0123-0123-0123-0123456789ab" } }

Amazon EBS卷创建失败

以下实例展示了一个创建卷的失败尝试。连接失败或重新连接的事件类似,只不过 "event" 字段的值分别是 attachVolumereattachVolume

{ "version": "0", "id": "01234567-0123-0123-0123-0123456789ab", "detail-type": "EBS Volume Notification", "source": "aws.ec2", "account": "012345678901", "time": "2016-11-14T00:30:07Z", "region": "sa-east-1", "resources": [ "arn:aws:ec2:sa-east-1:0123456789ab:volume/vol-01234567", ], "detail": { "event": "createVolume", "result": "failed", "cause": "arn:aws:kms:sa-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab is disabled.", "request-id": "01234567-0123-0123-0123-0123456789ab", }

Amazon EC2 事件

以下是 Amazon EC2 事件的示例。

EC2 实例状态更改通知

此 EC2 实例状态更改通知事件示例说明处于 pending 状态的实例。state 其他可能的值包括 runningshutting-downstoppedstoppingterminated

{ "id":"7bf73129-1428-4cd3-a780-95db273d1602", "detail-type":"EC2 Instance State-change Notification", "source":"aws.ec2", "account":"123456789012", "time":"2015-11-11T21:29:54Z", "region":"us-east-1", "resources":[ "arn:aws:ec2:us-east-1:123456789012:instance/i-abcd1111" ], "detail":{ "instance-id":"i-abcd1111", "state":"pending" } }

EC2 Spot 实例中断

以下是在 Amazon EC2 中断 Spot 实例时发出的事件的示例。

{ "version": "0", "id": "12345678-1234-1234-1234-123456789012", "detail-type": "EC2 Spot Instance Interruption Warning", "source": "aws.ec2", "account": "123456789012", "time": "yyyy-mm-ddThh:mm:ssZ" "region": "us-east-2", "resources": ["arn:aws:ec2:us-east-2:123456789012:instance/i-1234567890abcdef0"], "detail": { "instance-id": "i-1234567890abcdef0", "instance-action": "action" } }

AWS OpsWorks Stacks 事件

以下是 AWS OpsWorks Stacks 事件的示例。

AWS OpsWorks Stacks 实例状态更改

指示 AWS OpsWorks Stacks 实例的状态更改。以下是实例状态。

  • booting

  • connection_lost

  • online

  • pending

  • rebooting

  • requested

  • running_setup

  • setup_failed

  • shutting_down

  • start_failed

  • stopping

  • stop_failed

  • stopped

  • terminating

  • terminated

{ "version": "0", "id": "dc5fa8df-48f1-2108-b1b9-1fe5ebcf2296", "detail-type": "OpsWorks Instance State Change", "source": "aws.opsworks", "account": "123456789012", "time": "2018-01-25T11:12:23Z", "region": "us-east-1", "resources": [ "arn:aws:opsworks:us-east-1:123456789012:instance/a648d98f-fdd8-4323-952a-a50z3e4z500z" ], "detail": { "initiated_by": "user", "hostname": "testing1", "stack-id": "acd3df16-e859-4598-8414-377b12a902da", "layer-ids": [ "d1a0cb7f-c7e9-4a63-811c-976f0267b2c8" ], "instance-id": "a648d98f-fdd8-4323-952a-a50z3e4z500z", "ec2-instance-id": "i-08b1c2b67aa292276", "status": "requested" } }

只有当实例处于 requestedterminatingstopping 状态时,才会填充 initiated_by 字段。initiated_by 字段可以包含以下值之一。

  • user - 用户使用 API 或 AWS 管理控制台 请求的实例状态更改。

  • auto-scaling - AWS OpsWorks Stacks 自动扩展功能启动的实例状态更改。

  • auto-healing - AWS OpsWorks Stacks 自动修复功能启动的实例状态更改。

AWS OpsWorks Stacks 命令状态更改

AWS OpsWorks Stacks 命令的状态中出现的更改。命令状态如下。

  • expired - 命令超时。

  • failed - 出现一般命令故障。

  • skipped - 由于实例在 AWS OpsWorks Stacks 中与在 Amazon EC2 中具有不同的状态,跳过了命令。

  • successful - 命令成功。

  • superseded - 由于命令将应用已经应用过的配置更改,跳过了命令。

{ "version": "0", "id": "96c778b6-a40e-c8c1-aafc-c9852a3a7b52", "detail-type": "OpsWorks Command State Change", "source": "aws.opsworks", "account": "123456789012", "time": "2018-01-26T08:54:40Z", "region": "us-east-1", "resources": [ "arn:aws:opsworks:us-east-1:123456789012:instance/a648d98f-fdd8-4323-952a-a50a3e4e500f" ], "detail": { "command-id": "acc9f4f3-a3ec-4fab-b70f-c7d04e71e3ec", "instance-id": "a648d98f-fdd8-4323-952a-a50a3e4e500f", "type": "setup", "status": "successful" } }

AWS OpsWorks Stacks 部署状态更改

AWS OpsWorks Stacks 部署的状态中出现的更改。部署状态如下。

  • running

  • successful

  • failed

{ "version": "0", "id": "b8230afa-60c7-f43f-b632-841c1cfb22ff", "detail-type": "OpsWorks Deployment State Change", "source": "aws.opsworks", "account": "123456789012", "time": "2018-01-25T11:15:48Z", "region": "us-east-1", "resources": [ "arn:aws:opsworks:us-east-1:123456789012:instance/a648d98f-fdd8-4323-952a-a50a3e4e500f" ], "detail": { "duration": 16, "stack-id": "acd3df16-e859-4598-8414-377b12a902da", "instance-ids": [ "a648d98f-fdd8-4323-952a-a50a3e4e500f" ], "deployment-id": "606419dc-418e-489c-8531-bff9770fc346", "command": "configure", "status": "successful" } }

只有在部署完成后才填充 duration 字段,以秒为单位显示时间。

AWS OpsWorks Stacks 提醒

引发了 AWS OpsWorks Stacks 服务错误。

{ "version": "0", "id": "f99faa6f-0e27-e398-95bb-8f190806d275", "detail-type": "OpsWorks Alert", "source": "aws.opsworks", "account": "123456789012", "time": "2018-01-20T16:51:29Z", "region": "us-east-1", "resources": [], "detail": { "stack-id": "2f48f2be-ac7d-4dd5-80bb-88375f94db7b", "instance-id": "986efb74-69e8-4c6d-878e-5b77c054cbb0", "type": "InstanceStop", "message": "The shutdown of the instance timed out. Please try stopping it again." } }

AWS Systems Manager 事件

以下是 AWS Systems Manager 事件的示例。有关更多信息,请参阅 Amazon EC2 用户指南(适用于 Linux 实例) 中的记录 Run Command 的命令执行状态更改

运行命令状态更改通知

{ "version": "0", "id": "51c0891d-0e34-45b1-83d6-95db273d1602", "detail-type": "EC2 Command Status-change Notification", "source": "aws.ssm", "account": "123456789012", "time": "2016-07-10T21:51:32Z", "region": "us-east-1", "resources": ["arn:aws:ec2:us-east-1:123456789012:instance/i-abcd1111"], "detail": { "command-id": "e8d3c0e4-71f7-4491-898f-c9b35bee5f3b", "document-name": "AWS-RunPowerShellScript", "expire-after": "2016-07-14T22:01:30.049Z", "parameters": { "executionTimeout": ["3600"], "commands": ["date"] }, "requested-date-time": "2016-07-10T21:51:30.049Z", "status": "Success" } }

运行命令调用状态更改通知

{ "version": "0", "id": "4780e1b8-f56b-4de5-95f2-95db273d1602", "detail-type": "EC2 Command Invocation Status-change Notification", "source": "aws.ssm", "account": "123456789012", "time": "2016-07-10T21:51:32Z", "region": "us-east-1", "resources": ["arn:aws:ec2:us-east-1:123456789012:instance/i-abcd1111"], "detail": { "command-id": "e8d3c0e4-71f7-4491-898f-c9b35bee5f3b", "document-name": "AWS-RunPowerShellScript", "instance-id": "i-9bb89e2b", "requested-date-time": "2016-07-10T21:51:30.049Z", "status": "Success" } }

自动化步骤状态更改通知

{ "version": "0", "id": "eeca120b-a321-433e-9635-dab369006a6b", "detail-type": "EC2 Automation Step Status-change Notification", "source": "aws.ssm", "account": "123456789012", "time": "2016-11-29T19:43:35Z", "region": "us-east-1", "resources": ["arn:aws:ssm:us-east-1:123456789012:automation-execution/333ba70b-2333-48db-b17e-a5e69c6f4d1c", "arn:aws:ssm:us-east-1:123456789012:automation-definition/runcommand1:1"], "detail": { "ExecutionId": "333ba70b-2333-48db-b17e-a5e69c6f4d1c", "Definition": "runcommand1", "DefinitionVersion": 1.0, "Status": "Success", "EndTime": "Nov 29, 2016 7:43:25 PM", "StartTime": "Nov 29, 2016 7:43:23 PM", "Time": 2630.0, "StepName": "runFixedCmds", "Action": "aws:runCommand" } }

自动化执行状态更改通知

{ "version": "0", "id": "d290ece9-1088-4383-9df6-cd5b4ac42b99", "detail-type": "EC2 Automation Execution Status-change Notification", "source": "aws.ssm", "account": "123456789012", "time": "2016-11-29T19:43:35Z", "region": "us-east-1", "resources": ["arn:aws:ssm:us-east-1:123456789012:automation-execution/333ba70b-2333-48db-b17e-a5e69c6f4d1c", "arn:aws:ssm:us-east-1:123456789012:automation-definition/runcommand1:1"], "detail": { "ExecutionId": "333ba70b-2333-48db-b17e-a5e69c6f4d1c", "Definition": "runcommand1", "DefinitionVersion": 1.0, "Status": "Success", "StartTime": "Nov 29, 2016 7:43:20 PM", "EndTime": "Nov 29, 2016 7:43:26 PM", "Time": 5753.0, "ExecutedBy": "arn:aws:iam::123456789012:user/userName" } }

状态管理器关联状态更改

{ "version":"0", "id":"db839caf-6f6c-40af-9a48-25b2ae2b7774", "detail-type":"EC2 State Manager Association State Change", "source":"aws.ssm", "account":"123456789012", "time":"2017-05-16T23:01:10Z", "region":"us-west-1", "resources":[ "arn:aws:ssm:us-west-1::document/AWS-RunPowerShellScript" ], "detail":{ "association-id":"6e37940a-23ba-4ab0-9b96-5d0a1a05464f", "document-name":"AWS-RunPowerShellScript", "association-version":"1", "document-version":"Optional.empty", "targets":"[{\"key\":\"InstanceIds\",\"values\":[\"i-12345678\"]}]", "creation-date":"2017-02-13T17:22:54.458Z", "last-successful-execution-date":"2017-05-16T23:00:01Z", "last-execution-date":"2017-05-16T23:00:01Z", "last-updated-date":"2017-02-13T17:22:54.458Z", "status":"Success", "association-status-aggregated-count":"{\"Success\":1}", "schedule-expression":"cron(0 */30 * * * ? *)", "association-cwe-version":"1.0" } }

State Manager 实例关联状态更改

{ "version":"0", "id":"6a7e8feb-b491-4cf7-a9f1-bf3703467718", "detail-type":"EC2 State Manager Instance Association State Change", "source":"aws.ssm", "account":"123456789012", "time":"2017-02-23T15:23:48Z", "region":"us-east-1", "resources":[ "arn:aws:ec2:us-east-1:123456789012:instance/i-12345678", "arn:aws:ssm:us-east-1:123456789012:document/my-custom-document" ], "detail":{ "association-id":"34fcb7e0-9a14-4984-9989-0e04e3f60bd8", "instance-id":"i-12345678", "document-name":"my-custom-document", "document-version":"1", "targets":"[{\"key\":\"instanceids\",\"values\":[\"i-12345678\"]}]", "creation-date":"2017-02-23T15:23:48Z", "last-successful-execution-date":"2017-02-23T16:23:48Z", "last-execution-date":"2017-02-23T16:23:48Z", "status":"Success", "detailed-status":"", "error-code":"testErrorCode", "execution-summary":"testExecutionSummary", "output-url":"sampleurl", "instance-association-cwe-version":"1" } }

AWS Systems Manager Parameter Store 事件

以下是 Amazon EC2 Systems Manager (SSM) Parameter Store 事件的示例。

创建参数

{ "version": "0", "id": "6a7e4feb-b491-4cf7-a9f1-bf3703497718", "detail-type": "Parameter Store Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-05-22T16:43:48Z", "region": "us-east-1", "resources": [ "arn:aws:ssm:us-east-1:123456789012:parameter/foo" ], "detail": { "operation": "Create", "name": "foo", "type": "String", "description": "Sample Parameter" } }

更新参数

{ "version": "0", "id": "9547ef2d-3b7e-4057-b6cb-5fdf09ee7c8f", "detail-type": "Parameter Store Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-05-22T16:44:48Z", "region": "us-east-1", "resources": [ "arn:aws:ssm:us-east-1:123456789012:parameter/foo" ], "detail": { "operation": "Update", "name": "foo", "type": "String", "description": "Sample Parameter" } }

删除参数

{ "version": "0", "id": "80e9b391-6a9b-413c-839a-453b528053af", "detail-type": "Parameter Store Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-05-22T16:45:48Z", "region": "us-east-1", "resources": [ "arn:aws:ssm:us-east-1:123456789012:parameter/foo" ], "detail": { "operation": "Delete", "name": "foo", "type": "String", "description": "Sample Parameter" } }

AWS Systems Manager 配置合规性事件

以下是 Amazon EC2 Systems Manager (SSM) 配置合规性事件的示例。

关联合规

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "Configuration Compliance State Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-07-17T19:03:26Z", "region": "us-west-1", "resources": [ "arn:aws:ssm:us-west-1:461348341421:managed-instance/i-01234567890abcdef" ], "detail": { "last-runtime": "2017-01-01T10:10:10Z", "compliance-status": "compliant", "resource-type": "managed-instance", "resource-id": "i-01234567890abcdef", "compliance-type": "Association" } }

关联不合规

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "Configuration Compliance State Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-07-17T19:02:31Z", "region": "us-west-1", "resources": [ "arn:aws:ssm:us-west-1:461348341421:managed-instance/i-01234567890abcdef" ], "detail": { "last-runtime": "2017-01-01T10:10:10Z", "compliance-status": "non_compliant", "resource-type": "managed-instance", "resource-id": "i-01234567890abcdef", "compliance-type": "Association" } }

补丁合规

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "Configuration Compliance State Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-07-17T19:03:26Z", "region": "us-west-1", "resources": [ "arn:aws:ssm:us-west-1:461348341421:managed-instance/i-01234567890abcdef" ], "detail": { "resource-type": "managed-instance", "resource-id": "i-01234567890abcdef", "compliance-status": "compliant", "compliance-type": "Patch", "patch-baseline-id": "PB789", "severity": "critical" } }

补丁不合规

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "Configuration Compliance State Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-07-17T19:02:31Z", "region": "us-west-1", "resources": [ "arn:aws:ssm:us-west-1:461348341421:managed-instance/i-01234567890abcdef" ], "detail": { "resource-type": "managed-instance", "resource-id": "i-01234567890abcdef", "compliance-status": "non_compliant", "compliance-type": "Patch", "patch-baseline-id": "PB789", "severity": "critical" } }

Amazon EC2 维护时段事件

以下是 Amazon EC2 维护时段事件的示例。

注册目标

状态也可能是 DEREGISTERED

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"Maintenance Window Target Registration Notification", "source":"aws.ssm", "account":"012345678901", "time":"2016-11-16T00:58:37Z", "region":"us-east-1", "resources":[ "arn:aws:ssm:us-west-2:001312665065:maintenancewindow/mw-0ed7251d3fcf6e0c2", "arn:aws:ssm:us-west-2:001312665065:windowtarget/e7265f13-3cc5-4f2f-97a9-7d3ca86c32a6" ], "detail":{ "window-target-id":"e7265f13-3cc5-4f2f-97a9-7d3ca86c32a6", "window-id":"mw-0ed7251d3fcf6e0c2", "status":"REGISTERED" } }

时段执行类型

其他可能的状态为 PENDINGIN_PROGRESSSUCCESSFAILEDTIMED_OUTSKIPPED_OVERLAPPING

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"Maintenance Window Execution State-change Notification", "source":"aws.ssm", "account":"012345678901", "time":"2016-11-16T01:00:57Z", "region":"us-east-1", "resources":[ "arn:aws:ssm:us-west-2:0123456789ab:maintenancewindow/mw-123456789012345678" ], "detail":{ "start-time":"2016-11-16T01:00:56.427Z", "end-time":"2016-11-16T01:00:57.070Z", "window-id":"mw-0ed7251d3fcf6e0c2", "window-execution-id":"b60fb56e-776c-4e5c-84ee-123456789012", "status":"TIMED_OUT" } }

任务执行类型

其他可能的状态为 IN_PROGRESSSUCCESSFAILEDTIMED_OUT

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"Maintenance Window Task Execution State-change Notification", "source":"aws.ssm", "account":"012345678901", "time":"2016-11-16T01:00:56Z", "region":"us-east-1", "resources":[ "arn:aws:ssm:us-west-2:0123456789ab:maintenancewindow/mw-123456789012345678" ], "detail":{ "start-time":"2016-11-16T01:00:56.759Z", "task-execution-id":"6417e808-7f35-4d1a-843f-123456789012", "end-time":"2016-11-16T01:00:56.847Z", "window-id":"mw-0ed7251d3fcf6e0c2", "window-execution-id":"b60fb56e-776c-4e5c-84ee-123456789012", "status":"TIMED_OUT" } }

已处理的任务目标

其他可能的状态为 IN_PROGRESSSUCCESSFAILEDTIMED_OUT

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"Maintenance Window Task Target Invocation State-change Notification", "source":"aws.ssm", "account":"012345678901", "time":"2016-11-16T01:00:57Z", "region":"us-east-1", "resources":[ "arn:aws:ssm:us-west-2:0123456789ab:maintenancewindow/mw-123456789012345678" ], "detail":{ "start-time":"2016-11-16T01:00:56.427Z", "end-time":"2016-11-16T01:00:57.070Z", "window-id":"mw-0ed7251d3fcf6e0c2", "window-execution-id":"b60fb56e-776c-4e5c-84ee-123456789012", "task-execution-id":"6417e808-7f35-4d1a-843f-123456789012", "window-target-id":"e7265f13-3cc5-4f2f-97a9-123456789012", "status":"TIMED_OUT", "owner-information":"Owner" } }

时段状态更改

可能的状态为 ENABLEDDISABLED

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"Maintenance Window State-change Notification", "source":"aws.ssm", "account":"012345678901", "time":"2016-11-16T00:58:37Z", "region":"us-east-1", "resources":[ "arn:aws:ssm:us-west-2:0123456789ab:maintenancewindow/mw-123456789012345678" ], "detail":{ "window-id":"mw-123456789012", "status":"DISABLED" } }

Amazon ECS 事件

有关 Amazon ECS 示例事件,请参阅 Amazon Elastic Container Service Developer Guide 中的Amazon ECS事件

Amazon EMR 事件

Amazon EMR 报告的事件以 aws.emr 作为 Source 的值,而通过 CloudTrail 报告的 Amazon EMR API 事件以 aws.elasticmapreduce 作为 Source 的值。

以下是 Amazon EMR报告的事件的示例。

Amazon EMR Auto Scaling 策略状态更改

{ "version":"0", "id":"2f8147ab-8c48-47c6-b0b6-3ee23ec8d300", "detail-type":"EMR Auto Scaling Policy State Change", "source":"aws.emr", "account":"123456789012", "time":"2016-12-16T20:42:44Z", "region":"us-east-1", "resources":[], "detail":{ "resourceId":"ig-X2LBMHTGPCBU", "clusterId":"j-1YONHTCP3YZKC", "state":"PENDING", "message":"AutoScaling policy modified by user request", "scalingResourceType":"INSTANCE_GROUP" } }

Amazon EMR 集群状态更改 – 正在启动

{ "version": "0", "id": "999cccaa-eaaa-0000-1111-123456789012", "detail-type": "EMR Cluster State Change", "source": "aws.emr", "account": "123456789012", "time": "2016-12-16T20:43:05Z", "region": "us-east-1", "resources": [], "detail": { "severity": "INFO", "stateChangeReason": "{\"code\":\"\"}", "name": "Development Cluster", "clusterId": "j-123456789ABCD", "state": "STARTING", "message": "Amazon EMR cluster j-123456789ABCD (Development Cluster) was requested at 2016-12-16 20:42 UTC and is being created." } }

Amazon EMR 集群状态更改 – 已终止

{ "version": "0", "id": "1234abb0-f87e-1234-b7b6-000000123456", "detail-type": "EMR Cluster State Change", "source": "aws.emr", "account": "123456789012", "time": "2016-12-16T21:00:23Z", "region": "us-east-1", "resources": [], "detail": { "severity": "INFO", "stateChangeReason": "{\"code\":\"USER_REQUEST\",\"message\":\"Terminated by user request\"}", "name": "Development Cluster", "clusterId": "j-123456789ABCD", "state": "TERMINATED", "message": "Amazon EMR Cluster jj-123456789ABCD (Development Cluster) has terminated at 2016-12-16 21:00 UTC with a reason of USER_REQUEST." } }

Amazon EMR 实例组状态更改

{ "version": "0", "id": "999cccaa-eaaa-0000-1111-123456789012", "detail-type": "EMR Instance Group State Change", "source": "aws.emr", "account": "123456789012", "time": "2016-12-16T20:57:47Z", "region": "us-east-1", "resources": [], "detail": { "market": "ON_DEMAND", "severity": "INFO", "requestedInstanceCount": "2", "instanceType": "m3.xlarge", "instanceGroupType": "CORE", "instanceGroupId": "ig-ABCDEFGHIJKL", "clusterId": "j-123456789ABCD", "runningInstanceCount": "2", "state": "RUNNING", "message": "The resizing operation for instance group ig-ABCDEFGHIJKL in Amazon EMR cluster j-123456789ABCD (Development Cluster) is complete. It now has an instance count of 2. The resize started at 2016-12-16 20:57 UTC and took 0 minutes to complete." } }

Amazon EMR 步骤状态更改

{ "version": "0", "id": "999cccaa-eaaa-0000-1111-123456789012", "detail-type": "EMR Step Status Change", "source": "aws.emr", "account": "123456789012", "time": "2016-12-16T20:53:09Z", "region": "us-east-1", "resources": [], "detail": { "severity": "ERROR", "actionOnFailure": "CONTINUE", "stepId": "s-ZYXWVUTSRQPON", "name": "CustomJAR", "clusterId": "j-123456789ABCD", "state": "FAILED", "message": "Step s-ZYXWVUTSRQPON (CustomJAR) in Amazon EMR cluster j-123456789ABCD (Development Cluster) failed at 2016-12-16 20:53 UTC." } }

Amazon GameLift 事件

以下是 Amazon GameLift 事件的示例。有关更多信息,请参阅 Amazon GameLift 开发人员指南 中的 FlexMatch 事件引用

对战搜索

{ "version": "0", "id": "cc3d3ebe-1d90-48f8-b268-c96655b8f013", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-08T21:15:36.421Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-08T21:15:35.676Z", "players": [ { "playerId": "player-1" } ] } ], "estimatedWaitMillis": "NOT_AVAILABLE", "type": "MatchmakingSearching", "gameSessionInfo": { "players": [ { "playerId": "player-1" } ] } } }

潜在的对战游戏已创建

{ "version": "0", "id": "fce8633f-aea3-45bc-aeba-99d639cad2d4", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-08T21:17:41.178Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-08T21:15:35.676Z", "players": [ { "playerId": "player-1", "team": "red" } ] }, { "ticketId": "ticket-2", "startTime": "2017-08-08T21:17:40.657Z", "players": [ { "playerId": "player-2", "team": "blue" } ] } ], "acceptanceTimeout": 600, "ruleEvaluationMetrics": [ { "ruleName": "EvenSkill", "passedCount": 3, "failedCount": 0 }, { "ruleName": "EvenTeams", "passedCount": 3, "failedCount": 0 }, { "ruleName": "FastConnection", "passedCount": 3, "failedCount": 0 }, { "ruleName": "NoobSegregation", "passedCount": 3, "failedCount": 0 } ], "acceptanceRequired": true, "type": "PotentialMatchCreated", "gameSessionInfo": { "players": [ { "playerId": "player-1", "team": "red" }, { "playerId": "player-2", "team": "blue" } ] }, "matchId": "3faf26ac-f06e-43e5-8d86-08feff26f692" } }

接受对战游戏

{ "version": "0", "id": "b3f76d66-c8e5-416a-aa4c-aa1278153edc", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-09T20:04:42.660Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-09T20:01:35.305Z", "players": [ { "playerId": "player-1", "team": "red" } ] }, { "ticketId": "ticket-2", "startTime": "2017-08-09T20:04:16.637Z", "players": [ { "playerId": "player-2", "team": "blue", "accepted": false } ] } ], "type": "AcceptMatch", "gameSessionInfo": { "players": [ { "playerId": "player-1", "team": "red" }, { "playerId": "player-2", "team": "blue", "accepted": false } ] }, "matchId": "848b5f1f-0460-488e-8631-2960934d13e5" } }

接受对战游戏已完成

{ "version": "0", "id": "b1990d3d-f737-4d6c-b150-af5ace8c35d3", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-08T20:43:14.621Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-08T20:30:40.972Z", "players": [ { "playerId": "player-1", "team": "red" } ] }, { "ticketId": "ticket-2", "startTime": "2017-08-08T20:33:14.111Z", "players": [ { "playerId": "player-2", "team": "blue" } ] } ], "acceptance": "TimedOut", "type": "AcceptMatchCompleted", "gameSessionInfo": { "players": [ { "playerId": "player-1", "team": "red" }, { "playerId": "player-2", "team": "blue" } ] }, "matchId": "a0d9bd24-4695-4f12-876f-ea6386dd6dce" } }

对战已成功

{ "version": "0", "id": "5ccb6523-0566-412d-b63c-1569e00d023d", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-09T19:59:09.159Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-09T19:58:59.277Z", "players": [ { "playerId": "player-1", "playerSessionId": "psess-6e7c13cf-10d6-4756-a53f-db7de782ed67", "team": "red" } ] }, { "ticketId": "ticket-2", "startTime": "2017-08-09T19:59:08.663Z", "players": [ { "playerId": "player-2", "playerSessionId": "psess-786b342f-9c94-44eb-bb9e-c1de46c472ce", "team": "blue" } ] } ], "type": "MatchmakingSucceeded", "gameSessionInfo": { "gameSessionArn": "arn:aws:gamelift:us-west-2:123456789012:gamesession/836cf48d-bcb0-4a2c-bec1-9c456541352a", "ipAddress": "192.168.1.1", "port": 10777, "players": [ { "playerId": "player-1", "playerSessionId": "psess-6e7c13cf-10d6-4756-a53f-db7de782ed67", "team": "red" }, { "playerId": "player-2", "playerSessionId": "psess-786b342f-9c94-44eb-bb9e-c1de46c472ce", "team": "blue" } ] }, "matchId": "c0ec1a54-7fec-4b55-8583-76d67adb7754" } }

对战超时

{ "version": "0", "id": "fe528a7d-46ad-4bdc-96cb-b094b5f6bf56", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-09T20:11:35.598Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "reason": "TimedOut", "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-09T20:01:35.305Z", "players": [ { "playerId": "player-1", "team": "red" } ] } ], "ruleEvaluationMetrics": [ { "ruleName": "EvenSkill", "passedCount": 3, "failedCount": 0 }, { "ruleName": "EvenTeams", "passedCount": 3, "failedCount": 0 }, { "ruleName": "FastConnection", "passedCount": 3, "failedCount": 0 }, { "ruleName": "NoobSegregation", "passedCount": 3, "failedCount": 0 } ], "type": "MatchmakingTimedOut", "message": "Removed from matchmaking due to timing out.", "gameSessionInfo": { "players": [ { "playerId": "player-1", "team": "red" } ] } } }

对战已取消

{ "version": "0", "id": "8d6f84da-5e15-4741-8d5c-5ac99091c27f", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-09T20:00:07.843Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "reason": "Cancelled", "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-09T19:59:26.118Z", "players": [ { "playerId": "player-1" } ] } ], "ruleEvaluationMetrics": [ { "ruleName": "EvenSkill", "passedCount": 0, "failedCount": 0 }, { "ruleName": "EvenTeams", "passedCount": 0, "failedCount": 0 }, { "ruleName": "FastConnection", "passedCount": 0, "failedCount": 0 }, { "ruleName": "NoobSegregation", "passedCount": 0, "failedCount": 0 } ], "type": "MatchmakingCancelled", "message": "Cancelled by request.", "gameSessionInfo": { "players": [ { "playerId": "player-1" } ] } } }

对战已失败

{ "version": "0", "id": "025b55a4-41ac-4cf4-89d1-f2b3c6fd8f9d", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-16T18:41:09.970Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-16T18:41:02.631Z", "players": [ { "playerId": "player-1", "team": "red" } ] } ], "customEventData": "foo", "type": "MatchmakingFailed", "reason": "UNEXPECTED_ERROR", "message": "An unexpected error was encountered during match placing.", "gameSessionInfo": { "players": [ { "playerId": "player-1", "team": "red" } ] }, "matchId": "3ea83c13-218b-43a3-936e-135cc570cba7" } }

AWS Glue 事件

以下是 AWS Glue 事件的格式。

成功的作业运行

{ "version":"0", "id":"abcdef00-1234-5678-9abc-def012345678", "detail-type":"Glue Job State Change", "source":"aws.glue", "account":"123456789012", "time":"2017-09-07T18:57:21Z", "region":"us-west-2", "resources":[], "detail":{ "jobName":"MyJob", "severity":"INFO", "state":"SUCCEEDED", "jobRunId":"jr_abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789", "message":"Job run succeeded" } }

失败的作业运行

{ "version":"0", "id":"abcdef01-1234-5678-9abc-def012345678", "detail-type":"Glue Job State Change", "source":"aws.glue", "account":"123456789012", "time":"2017-09-07T06:02:03Z", "region":"us-west-2", "resources":[], "detail":{ "jobName":"MyJob", "severity":"ERROR", "state":"FAILED", "jobRunId":"jr_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", "message":"JobName:MyJob and JobRunId:jr_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef failed to execute with exception Role arn:aws:iam::123456789012:role/Glue_Role should be given assume role permissions for Glue Service." } }

停止的作业运行

{ "version":"0", "id":"abcdef00-1234-5678-9abc-def012345678", "detail-type":"Glue Job State Change", "source":"aws.glue", "account":"123456789012", "time":"2017-11-20T20:22:06Z", "region":"us-east-1", "resources":[], "detail":{ "jobName":"MyJob", "severity":"INFO", "state":"STOPPED", "jobRunId":"jr_abc0123456789abcdef0123456789abcdef0123456789abcdef0123456789def", "message":"Job run stopped" } }

爬网程序已启动

{ "version":"0", "id":"05efe8a2-c309-6884-a41b-3508bcdc9695", "detail-type":"Glue Crawler State Change", "source":"aws.glue", "account":"561226563745", "time":"2017-11-11T01:09:46Z", "region":"us-east-1", "resources":[ ], "detail":{ "accountId":"561226563745", "crawlerName":"S3toS3AcceptanceTestCrawlera470bd94-9e00-4518-8942-e80c8431c322", "startTime":"2017-11-11T01:09:46Z", "state":"Started", "message":"Crawler Started" } }

爬网程序成功

{ "version":"0", "id":"3d675db5-59b9-6388-b8e8-e0a9b6d567a9", "detail-type":"Glue Crawler State Change", "source":"aws.glue", "account":"561226563745", "time":"2017-11-11T01:25:00Z", "region":"us-east-1", "resources":[ ], "detail":{ "tablesCreated":"0", "warningMessage":"N/A", "partitionsUpdated":"0", "tablesUpdated":"0", "message":"Crawler Succeeded", "partitionsDeleted":"0", "accountId":"561226563745", "runningTime (sec)":"7", "tablesDeleted":"0", "crawlerName":"SchedulerTestCrawler51fb3a8b-1015-49f0-a969-ca126680b94b", "completionDate":"2017-11-11T01:25:00Z", "state":"Succeeded", "partitionsCreated":"0", "cloudWatchLogLink":"https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEventViewer:group=/aws-glue/crawlers;stream=SchedulerTestCrawler51fb3a8b-1015-49f0-a969-ca126680b94b" } }

爬网程序失败

{ "version":"0", "id":"f7965b59-470f-2e06-bb89-a8cebaabefac", "detail-type":"Glue Crawler State Change", "source":"aws.glue", "account":"782104008917", "time":"2017-10-20T05:10:08Z", "region":"us-east-1", "resources":[ ], "detail":{ "crawlerName":"test-crawler-notification", "errorMessage":"Internal Service Exception", "accountId":"1234", "cloudWatchLogLink":"https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEventViewer:group=/aws-glue/crawlers;stream=test-crawler-notification", "state":"Failed", "message":"Crawler Failed" } }

作业运行处于正在启动状态

{ "version":"0", "id":"66fbc5e1-aac3-5e85-63d0-856ec669a050", "detail-type":"Glue Job Run Status", "source":"aws.glue", "account":"123456789012", "time":"2018-04-24T20:57:34Z", "region":"us-east-1", "resources":[], "detail":{ "jobName":"MyJob", "severity":"INFO", "notificationCondition":{ "NotifyDelayAfter":1.0 }, "state":"STARTING", "jobRunId":"jr_6aa58e7a3aa44e2e4c7db2c50e2f7396cb57901729e4b702dcb2cfbbeb3f7a86", "message":"Job is in STARTING state", "startedOn":"2018-04-24T20:55:47.941Z" } }

作业运行处于正在运行状态

{ "version":"0", "id":"66fbc5e1-aac3-5e85-63d0-856ec669a050", "detail-type":"Glue Job Run Status", "source":"aws.glue", "account":"123456789012", "time":"2018-04-24T20:57:34Z", "region":"us-east-1", "resources":[], "detail":{ "jobName":"MyJob", "severity":"INFO", "notificationCondition":{ "NotifyDelayAfter":1.0 }, "state":"RUNNING", "jobRunId":"jr_6aa58e7a3aa44e2e4c7db2c50e2f7396cb57901729e4b702dcb2cfbbeb3f7a86", "message":"Job is in RUNNING state", "startedOn":"2018-04-24T20:55:47.941Z" } }

作业运行处于正在停止状态

{ "version":"0", "id":"66fbc5e1-aac3-5e85-63d0-856ec669a050", "detail-type":"Glue Job Run Status", "source":"aws.glue", "account":"123456789012", "time":"2018-04-24T20:57:34Z", "region":"us-east-1", "resources":[], "detail":{ "jobName":"MyJob", "severity":"INFO", "notificationCondition":{ "NotifyDelayAfter":1.0 }, "state":"STOPPING", "jobRunId":"jr_6aa58e7a3aa44e2e4c7db2c50e2f7396cb57901729e4b702dcb2cfbbeb3f7a86", "message":"Job is in STOPPING state", "startedOn":"2018-04-24T20:55:47.941Z" } }

Amazon GuardDuty 事件

有关示例 Amazon GuardDuty 事件的信息,请参阅 Amazon GuardDuty 用户指南 中的使用 Amazon CloudWatch Events 监控 Amazon GuardDuty

AWS Health 事件

以下是 AWS Personal Health Dashboard (AWS Health) 事件的格式。有关更多信息,请参阅 AWS Health 用户指南 中的使用 Amazon CloudWatch Events 管理 AWS Health 事件

AWS Health 事件格式

{ "version": "0", "id": "7bf73129-1428-4cd3-a780-95db273d1602", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2016-06-05T06:27:57Z", "region": "region", "resources": [], "detail": { "eventArn": "arn:aws:health:region::event/id", "service": "service", "eventTypeCode": "AWS_service_code", "eventTypeCategory": "category", "startTime": "Sun, 05 Jun 2016 05:01:10 GMT", "endTime": "Sun, 05 Jun 2016 05:30:57 GMT", "eventDescription": [{ "language": "lang-code", "latestDescription": "description" }] ... } }
eventTypeCategory

事件的类别代码。可能的值为issueaccountNotificationscheduledChange

eventTypeCode

事件类型的唯一标识符。示例包括 AWS_EC2_INSTANCE_NETWORK_MAINTENANCE_SCHEDULEDAWS_EC2_INSTANCE_REBOOT_MAINTENANCE_SCHEDULED。通常在 startTime 之前两周左右推送出包含 MAINTENANCE_SCHEDULED 的事件。

id

事件的唯一标识符。

service

受事件影响的 AWS 服务。例如,EC2S3REDSHIFTRDS

Elastic Load BalancingAPI 问题

{ "version": "0", "id": "121345678-1234-1234-1234-123456789012", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2016-06-05T06:27:57Z", "region": "ap-southeast-2", "resources": [], "detail": { "eventArn": "arn:aws:health:ap-southeast-2::event/AWS_ELASTICLOADBALANCING_API_ISSUE_90353408594353980", "service": "ELASTICLOADBALANCING", "eventTypeCode": "AWS_ELASTICLOADBALANCING_API_ISSUE", "eventTypeCategory": "issue", "startTime": "Sat, 11 Jun 2016 05:01:10 GMT", "endTime": "Sat, 11 Jun 2016 05:30:57 GMT", "eventDescription": [{ "language": "en_US", "latestDescription": "A description of the event will be provided here" } }

Amazon EC2 实例存储驱动器性能下降

{ "version": "0", "id": "121345678-1234-1234-1234-123456789012", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2016-06-05T06:27:57Z", "region": "us-west-2", "resources": [ "i-abcd1111" ], "detail": { "eventArn": "arn:aws:health:us-west-2::event/AWS_EC2_INSTANCE_STORE_DRIVE_PERFORMANCE_DEGRADED_90353408594353980", "service": "EC2", "eventTypeCode": "AWS_EC2_INSTANCE_STORE_DRIVE_PERFORMANCE_DEGRADED", "eventTypeCategory": "issue", "startTime": "Sat, 05 Jun 2016 15:10:09 GMT", "eventDescription": [{ "language": "en_US", "latestDescription": "A description of the event will be provided here" }], "affectedEntities": [{ "entityValue": "i-abcd1111", "tags": { "stage": "prod", "app": "my-app" } }

AWS KMS 事件

以下是 AWS Key Management Service (AWS KMS) 事件的示例。有关更多信息,请参阅 AWS Key Management Service Developer Guide 中的 AWS KMS 事件

KMS CMK 轮换

AWS KMS 自动轮换了 CMK 的密钥材料。

{ "version": "0", "id": "6a7e8feb-b491-4cf7-a9f1-bf3703467718", "detail-type": "KMS CMK Rotation", "source": "aws.kms", "account": "111122223333", "time": "2016-08-25T21:05:33Z", "region": "us-west-2", "resources": [ "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" ], "detail": { "key-id": "1234abcd-12ab-34cd-56ef-1234567890ab" } }

KMS 导入的密钥材料过期

AWS KMS 删除了 CMK 的过期密钥材料。

{ "version": "0", "id": "9da9af57-9253-4406-87cb-7cc400e43465", "detail-type": "KMS Imported Key Material Expiration", "source": "aws.kms", "account": "111122223333", "time": "2016-08-22T20:12:19Z", "region": "us-west-2", "resources": [ "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" ], "detail": { "key-id": "1234abcd-12ab-34cd-56ef-1234567890ab" } }

KMS CMK 删除

AWS KMS 完成了计划的 CMK 删除。

{ "version": "0", "id": "e9ce3425-7d22-412a-a699-e7a5fc3fbc9a", "detail-type": "KMS CMK Deletion", "source": "aws.kms", "account": "111122223333", "time": "2016-08-19T03:23:45Z", "region": "us-west-2", "resources": [ "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" ], "detail": { "key-id": "1234abcd-12ab-34cd-56ef-1234567890ab" } }

Amazon Macie 事件

以下是 Amazon Macie 事件的示例。

警报已创建

{ "version": "0", "id": "CWE-event-id", "detail-type": "Macie Alert", "source": "aws.macie", "account": "123456789012", "time": "2017-04-24T22:28:49Z", "region": "us-east-1", "resources": [ "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id" ], "detail": { "notification-type": "ALERT_CREATED", "name": "Scanning bucket policies", "tags": [ "Custom_Alert", "Insider" ], "url": "https://lb00.us-east-1.macie.aws.amazon.com/111122223333/posts/alert_id", "alert-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "risk-score": 80, "trigger": { "rule-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id", "alert-type": "basic", "created-at": "2017-01-02 19:54:00.644000", "description": "Alerting on failed enumeration of large number of bucket policies", "risk": 8 }, "created-at": "2017-04-18T00:21:12.059000", "actor": "555566667777:assumed-role:superawesome:aroaidpldc7nsesfnheji", "summary": { "Description": "Alerting on failed enumeration of large number of bucket policies", "IP": { "34.199.185.34": 121, "34.205.153.2": 2, "72.21.196.70": 2 }, "Time Range": [ { "count": 125, "start": "2017-04-24T20:23:49Z", "end": "2017-04-24T20:25:54Z" } ], "Source ARN": "arn:aws:sts::123456789012:assumed-role/RoleName", "Record Count": 1, "Location": { "us-east-1": 125 }, "Event Count": 125, "Events": { "GetBucketLocation": { "count": 48, "ISP": { "Amazon": 48 } }, "ListRoles": { "count": 2, "ISP": { "Amazon": 2 } }, "GetBucketPolicy": { "count": 37, "ISP": { "Amazon": 37 }, "Error Code": { "NoSuchBucketPolicy": 22 } }, "GetBucketAcl": { "count": 37, "ISP": { "Amazon": 37 } }, "ListBuckets": { "count": 1, "ISP": { "Amazon": 1 } } }, "recipientAccountId": { "123456789012": 125 } } } }
{ "version": "0", "id": "CWE-event-id", "detail-type": "Macie Alert", "source": "aws.macie", "account": "123456789012", "time": "2017-04-18T18:15:41Z", "region": "us-east-1", "resources": [ "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id" ], "detail": { "notification-type": "ALERT_CREATED", "name": "Bucket is writable by all authenticated users", "tags": [ "Custom_Alert", "Audit" ], "url": "https://lb00.us-east-1.macie.aws.amazon.com/111122223333/posts/alert_id", "alert-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "risk-score": 70, "trigger": { "rule-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id", "alert-type": "basic", "created-at": "2017-04-08 00:21:30.749000", "description": "Bucket is writable by all authenticated users", "risk": 7 }, "created-at": "2017-04-18T18:16:17.046454", "actor": "444455556666", "summary": { "Description": "Bucket is writable by all authenticated users", "Bucket": { "secret-bucket-name": 1 }, "Record Count": 1, "ACL": { "secret-bucket-name": [ { "Owner": { "DisplayName": "bucket_owner", "ID": "089d2842f4b392f5c5c61f073bd2e4a37b3bb2e62659318c6960e8981648a17e" }, "Grants": [ { "Grantee": { "Type": "Group", "URI": "http://acs.amazonaws.com/groups/global/AuthenticatedUsers" }, "Permission": "WRITE" } ] } ] }, "Event Count": 1, "Timestamps": { "2017-01-10T22:48:06.784937": 1 } } } }

警报已更新

{ "version": "0", "id": "CWE-event-id", "detail-type": "Macie Alert", "source": "aws.macie", "account": "123456789012", "time": "2017-04-18T17:47:48Z", "region": "us-east-1", "resources": [ "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id" ], "detail": { "notification-type": "ALERT_UPDATED", "name": "Public bucket contains high risk object", "tags": [ "Custom_Alert", "Audit" ], "url": "https://lb00.us-east-1.macie.aws.amazon.com/111122223333/posts/alert_id", "alert-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "risk-score": 100, "trigger": { "rule-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id", "alert-type": "basic", "created-at": "2017-04-08 00:23:39.138000", "description": "Public bucket contains high risk object", "risk": 10 }, "created-at": "2017-04-08T00:36:26.270000", "actor": "public_bucket", "summary": { "Description": "Public bucket contains high risk object", "Object": { "public_bucket/secret_key.txt": 1, "public_bucket/financial_summary.txt": 1 }, "Record Count": 2, "Themes": { "Secret Markings": 1, "Corporate Proposals": 1, "Confidential Markings": 1 }, "Event Count": 2, "DLP risk": { "7": 2 }, "Owner": { "bucket_owner": 2 }, "Timestamps": { "2017-04-03T16:12:53+00:00": 2 } } } }
{ "version": "0", "id": "CWE-event-id", "detail-type": "Macie Alert", "source": "aws.macie", "account": "123456789012", "time": "2017-04-22T03:31:47Z", "region": "us-east-1", "resources": [ "arn:aws:macie:us-east-1:123456789012:trigger/macie/alert/alert_id", "arn:aws:macie:us-east-1:123456789012:trigger/macie" ], "detail": { "notification-type": "ALERT_UPDATED", "name": "Lists the instance profiles that have the specified associated IAM role, Lists the names of the inline policies that are embedded in the specified IAM role", "tags": [ "Predictive", "Behavioral_Anomaly" ], "url": "https://lb00.us-east-1.macie.aws.amazon.com/111122223333/posts/alert_id", "alert-arn": "arn:aws:macie:us-east-1:123456789012:trigger/macie/alert/alert_id", "risk-score": 20, "created-at": "2017-04-22T03:08:35.256000", "actor": "123456789012:assumed-role:rolename", "trigger": { "alert-type": "predictive", "features": { "distinctEventName": { "name": "distinctEventName", "description": "Event Names executed during a user session", "narrative": "A sudden increase in event names utilized by a user can be an indicator of a change in user behavior or account risk", "risk": 3 }, "ListInstanceProfilesForRole": { "name": "ListInstanceProfilesForRole", "description": "Lists the instance profiles that have the specified associated IAM role", "narrative": "Information collection activity suggesting the start of a reconnaissance or exfiltration campaign", "anomalous": true, "multiplier": 8.420560747663552, "excession_times": [ "2017-04-21T18:00:00Z" ], "risk": 1 }, "ListRolePolicies": { "name": "ListRolePolicies", "description": "Lists the names of the inline policies that are embedded in the specified IAM role", "narrative": "Information collection activity suggesting the start of a reconnaisance or exfiltration campaign", "anomalous": true, "multiplier": 12.017441860465116, "excession_times": [ "2017-04-21T18:00:00Z" ], "risk": 2 } } } } }

计划的事件

下面是一个计划事件示例:

{ "id": "53dc4d37-cffa-4f76-80c9-8b7d4a4d2eaa", "detail-type": "Scheduled Event", "source": "aws.events", "account": "123456789012", "time": "2015-10-08T16:53:06Z", "region": "us-east-1", "resources": [ "arn:aws:events:us-east-1:123456789012:rule/MyScheduledRule" ], "detail": {} }

AWS Server Migration Service 事件

以下是 AWS Server Migration Service 事件的示例。

已删除复制作业通知

{ "version": "0", "id": "5630992d-92cd-439f-f2a8-92c8212aee24", "detail-type": "Server Migration Job State Change", "source": "aws.sms", "account": "123456789012", "time": "2018-02-07T22:30:11Z", "region": "us-west-1", "resources": [ "arn:aws:sms:us-west-1:123456789012:sms-job-21a64348" ], "detail": { "state": "Deleted", "replication-run-id": "N/A", "replication-job-id": "sms-job-21a64348", "version": "1.0" } }

已完成复制作业通知

{ "version": "0", "id": "3f9c59cc-f941-522a-be6d-f08e44ff1715", "detail-type": "Server Migration Job State Change", "source": "aws.sms", "account": "123456789012", "time": "2018-02-07T22:54:00Z", "region": "us-west-1", "resources": [ "arn:aws:sms:us-west-1:123456789012:sms-job-2ea64347", "arn:aws:sms:us-west-1:123456789012:sms-job-2ea64347/sms-run-e1a64388" ], "detail": { "state": "Completed", "replication-run-id": "sms-run-e1a64388", "replication-job-id": "sms-job-2ea64347", "ami-id": "ami-746d6314", "version": "1.0" } }

AWS Trusted Advisor 事件

以下是 AWS Trusted Advisor 事件的示例。有关更多信息,请参阅 AWS Support User Guide 中的使用 Amazon CloudWatch Events监控 Trusted Advisor 检查结果

低使用率 Amazon EC2 实例

{ "version": "0", "id": "1234abcd-ab12-123a-123a-1234567890ab", "detail-type": "Trusted Advisor Check Item Refresh Notification", "source": "aws.trustedadvisor", "account": "123456789012", "time": "2018-01-12T20:07:49Z", "region": "us-east-2", "resources": [], "detail": { "check-name": "Low Utilization Amazon EC2 Instances", "check-item-detail": { "Day 1": "0.1% 0.00MB", "Day 2": "0.1% 0.00MB", "Day 3": "0.1% 0.00MB", "Region/AZ": "ca-central-1a", "Estimated Monthly Savings": "$9.22", "14-Day Average CPU Utilization": "0.1%", "Day 14": "0.1% 0.00MB", "Day 13": "0.1% 0.00MB", "Day 12": "0.1% 0.00MB", "Day 11": "0.1% 0.00MB", "Day 10": "0.1% 0.00MB", "14-Day Average Network I/O": "0.00MB", "Number of Days Low Utilization": "14 days", "Instance Type": "t2.micro", "Instance ID": "i-01234567890abcdef", "Day 8": "0.1% 0.00MB", "Instance Name": null, "Day 9": "0.1% 0.00MB", "Day 4": "0.1% 0.00MB", "Day 5": "0.1% 0.00MB", "Day 6": "0.1% 0.00MB", "Day 7": "0.1% 0.00MB" }, "status": "WARN", "resource_id": "arn:aws:ec2:ca-central-1:123456789012:instance/i-01234567890abcdef", "uuid": "aa12345f-55c7-498e-b7ac-123456789012" } }

负载均衡器优化

{ "version": "0", "id": "1234abcd-ab12-123a-123a-1234567890ab", "detail-type": "Trusted Advisor Check Item Refresh Notification", "source": "aws.trustedadvisor", "account": "123456789012", "time": "2018-01-12T20:07:03Z", "region": "us-east-2", "resources": [], "detail": { "check-name": "Load Balancer Optimization ", "check-item-detail": { "Instances in Zone a": "1", "Status": "Yellow", "Instances in Zone b": "0", "# of Zones": "2", "Region": "eu-central-1", "Load Balancer Name": "my-load-balance", "Instances in Zone e": null, "Instances in Zone c": null, "Reason": "Single AZ", "Instances in Zone d": null }, "status": "WARN", "resource_id": "arn:aws:elasticloadbalancing:eu-central-1:123456789012:loadbalancer/my-load-balancer", "uuid": "aa12345f-55c7-498e-b7ac-123456789012" } }

已泄露的访问密钥

{ "version": "0", "id": "1234abcd-ab12-123a-123a-1234567890ab", "detail-type": "Trusted Advisor Check Item Refresh Notification", "source": "aws.trustedadvisor", "account": "123456789012", "time": "2018-01-12T19:38:24Z", "region": "us-east-1", "resources": [], "detail": { "check-name": "Exposed Access Keys", "check-item-detail": { "Case ID": "12345678-1234-1234-abcd-1234567890ab", "Usage (USD per Day)": "0", "User Name (IAM or Root)": "my-username", "Deadline": "1440453299248", "Access Key ID": "AKIAIOSFODNN7EXAMPLE", "Time Updated": "1440021299248", "Fraud Type": "Exposed", "Location": "www.example.com" }, "status": "ERROR", "resource_id": "", "uuid": "aa12345f-55c7-498e-b7ac-123456789012" } }