本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
Amazon 服务事件
CloudTrail 支持记录非 API 服务事件。这些事件由 Amazon 服务创建,但不由访问公有 Amazon API 的请求直接触发。对于这些事件,eventType
字段为 AwsServiceEvent
。
下面是当客户托管密钥在 Amazon Key Management Service (Amazon KMS) 中自动轮换时 Amazon 服务事件的一个示例场景。有关轮换 KMS 密钥的更多信息,请参阅轮换 KMS 密钥。
{ "eventVersion": "1.05", "userIdentity": { "accountId": "123456789012", "invokedBy": "AWS Internal" }, "eventTime": "2019-06-02T00:06:08Z", "eventSource": "kms.amazonaws.com", "eventName": "RotateKey", "awsRegion": "us-east-2", "sourceIPAddress": "AWS Internal", "userAgent": "AWS Internal", "requestParameters": null, "responseElements": null, "eventID": "234f004b-EXAMPLE", "readOnly": false, "resources": [ { "ARN": "arn:aws:kms:us-east-2:123456789012:key/7944f0ec-EXAMPLE", "accountId": "123456789012", "type": "AWS::KMS::Key" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "123456789012", "serviceEventDetails": { "keyId": "7944f0ec-EXAMPLE" } }