适用于 Amazon EBS 的 Amazon EventBridge 事件
Amazon EBS 将事件发送到 Amazon EventBridge,用于在卷和快照上执行操作。使用 EventBridge,您可以创建规则以触发编程操作,从而响应这些事件。例如,您可以创建一个规则,在启用快照以快速恢复快照时向您的电子邮件发送通知。
EventBridge 中的事件表示为 JSON 对象。该事件独有的字段包含在 JSON 对象的“详细信息”部分。“事件”字段包含事件名称。“结果”字段包含触发事件的操作的已完成状态。有关更多信息,请参阅 Amazon EventBridge 用户指南中的 Amazon EventBridge 事件模式。
有关更多信息,请参阅《Amazon EventBridge 用户指南》中的什么是 Amazon EventBridge?。
EBS 卷事件
在发生以下卷事件时,Amazon EBS 会向 EventBridge 发送事件。
创建卷(createVolume)
当创建卷的操作完成后,系统会将 createVolume 事件发送至您的 Amazon 账户。但是,不会保存、记录或存档该信息。此事件的结果可能是 available 或 failed。如果提供的 Amazon KMS key 无效,创建操作将失败,如以下示例所示。
事件数据
下面的列表是 EBS 为成功的 createVolume 事件发送的 JSON 对象示例。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:012345678901:volume/vol-01234567"
],
"detail": {
"result": "available",
"cause": "",
"event": "createVolume",
"request-id": "01234567-0123-0123-0123-0123456789ab"
}
}下面的列表是 EBS 在 createVolume 事件失败后发送的 JSON 对象的示例。失败原因是 KMS 密钥 被禁用。
{
"version": "0",
"id": "01234567-0123-0123-0123-0123456789ab",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "sa-east-1",
"resources": [
"arn:aws:ec2:sa-east-1:0123456789ab:volume/vol-01234567",
],
"detail": {
"event": "createVolume",
"result": "failed",
"cause": "arn:aws:kms:sa-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab is disabled.",
"request-id": "01234567-0123-0123-0123-0123456789ab",
}
}以下是 EBS 在 createVolume 事件失败后发送的 JSON 对象的示例。失败原因是 KMS 密钥 正等待导入。
{
"version": "0",
"id": "01234567-0123-0123-0123-0123456789ab",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "sa-east-1",
"resources": [
"arn:aws:ec2:sa-east-1:0123456789ab:volume/vol-01234567",
],
"detail": {
"event": "createVolume",
"result": "failed",
"cause": "arn:aws:kms:sa-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab is pending import.",
"request-id": "01234567-0123-0123-0123-0123456789ab",
}
}删除卷(deleteVolume)
当删除卷的操作完成后,系统会将 deleteVolume 事件发送至您的 Amazon 账户。但是,不会保存、记录或存档该信息。此事件具有 deleted 结果。如果删除操作未完成,绝不会发送此事件。
事件数据
下面的列表是 EBS 为成功的 deleteVolume 事件发送的 JSON 对象示例。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:012345678901:volume/vol-01234567"
],
"detail": {
"result": "deleted",
"cause": "",
"event": "deleteVolume",
"request-id": "01234567-0123-0123-0123-0123456789ab"
}
}卷附加或重新附加(attachVolume、reattachVolume)
如果卷附加或重新附加到实例,系统会将 attachVolume 或 reattachVolume 事件发送至您的 Amazon 账户。但是,不会保存、记录或存档该信息。如果您使用 KMS 密钥 加密 EBS 卷并且该 KMS 密钥 变为无效,则日后使用该 KMS 密钥 将卷附加或重新附加到实例时,EBS 会发送一个事件,如以下示例所示。
事件数据
下面的列表是 EBS 在 attachVolume 事件失败后发送的 JSON 对象的示例。失败原因是 KMS 密钥 处于待删除状态。
注意
Amazon在对服务器进行日常维护后, 可能会尝试重新附加卷。
{
"version": "0",
"id": "01234567-0123-0123-0123-0123456789ab",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:0123456789ab:volume/vol-01234567",
"arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab"
],
"detail": {
"event": "attachVolume",
"result": "failed",
"cause": "arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab is pending deletion.",
"request-id": ""
}
}下面的列表是 EBS 在 reattachVolume 事件失败后发送的 JSON 对象的示例。失败原因是 KMS 密钥 处于待删除状态。
{
"version": "0",
"id": "01234567-0123-0123-0123-0123456789ab",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:0123456789ab:volume/vol-01234567",
"arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab"
],
"detail": {
"event": "reattachVolume",
"result": "failed",
"cause": "arn:aws:kms:us-east-1:0123456789ab:key/01234567-0123-0123-0123-0123456789ab is pending deletion.",
"request-id": ""
}
}分离卷(detachVolume)
当卷与 Amazon EC2 实例分离时,detachVolume 事件就会发送到您的 Amazon 账户。
事件数据
以下是成功 detachVolume 事件的示例。
{
"version":"0",
"id":"2ec37298-1234-e436-70fc-c96b1example",
"detail-type":"AWS API Call via CloudTrail",
"source":"aws.ec2",
"account":"123456789012",
"time":"2024-03-18T16:35:52Z",
"region":"us-east-1",
"resources":[],
"detail":
{
"eventVersion":"1.09",
"userIdentity":
{
"type":"IAMUser",
"principalId":"AIDAJT12345SQ2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/administrator",
"accountId":"123456789012",
"accessKeyId":"AKIAJ67890A6EXAMPLE",
"userName":"administrator"
},
"eventTime":"2024-03-18T16:35:52Z",
"eventSource":"ec2.amazonaws.com",
"eventName":"DetachVolume",
"awsRegion":"us-east-1",
"sourceIPAddress":"12.12.123.12",
"userAgent":"aws-cli/2.7.12 Python/3.9.11 Windows/10 exe/AMD64 prompt/off command/ec2.detach-volume",
"requestParameters":
{
"volumeId":"vol-072577c46bexample",
"force":false
},
"responseElements":
{
"requestId":"1234513a-6292-49ea-83f8-85e95example",
"volumeId":"vol-072577c46bexample",
"instanceId":"i-0217f7eb3dexample",
"device":"/dev/sdb",
"status":"detaching",
"attachTime":1710776815000
},
"requestID":"1234513a-6292-49ea-83f8-85e95example",
"eventID":"1234551d-a15a-43eb-9e69-c983aexample",
"readOnly":false,
"eventType":"AwsApiCall",
"managementEvent":true,
"recipientAccountId":"123456789012",
"eventCategory":"Management",
"tlsDetails":
{
"tlsVersion":"TLSv1.3",
"cipherSuite":"TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"
}
}
}EBS 卷初始化事件
当您根据快照创建 Amazon EBS 卷并使用默认卷初始化速率或 Amazon EBS 卷初始化预置速率时,initializeVolume 事件会在卷初始化完成后五分钟内发送到您的 Amazon 账户。有关更多信息,请参阅 使用 Amazon EBS 卷初始化预置速率。
对于使用快速快照还原创建的卷,不会发送该事件。
重要
completionTime 反映我们生成事件的时间。由于该事件是在初始化完成后 5 分钟内生成的,因此 completionTime 最多可以是初始化完成后的 5 分钟。
以下是示例事件。
{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Volume Notification", "source": "aws.ec2", "account": "012345678901", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-east-1:012345678901:volume/vol-01234567890abcdef" ], "detail": { "event": " initializeVolume", "result": "succeeded", "completionTime": "yyyy-mm-ddThh:mm:ssZ", "request-id": "01234567-0123-0123-0123-0123456789ab" } }
EBS 卷修改事件
当修改卷时,Amazon EBS 会向 EventBridge 发送 modifyVolume 事件。但是,不会保存、记录或存档该信息。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Volume Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1:012345678901:volume/vol-03a55cf56513fa1b6"
],
"detail": {
"result": "optimizing",
"cause": "",
"event": "modifyVolume",
"request-id": "01234567-0123-0123-0123-0123456789ab"
}
}EBS 快照事件
在发生以下卷事件时,Amazon EBS 会向 EventBridge 发送事件。
创建单个快照(createSnapshot)
当创建快照的操作完成后,系统会将 createSnapshot 事件发送至您的 Amazon 账户。但是,不会保存、记录或存档该信息。此事件的结果可能是 succeeded 或 failed。
事件数据
下面的列表是 EBS 为成功的 createSnapshot 事件发送的 JSON 对象示例。在 detail 部分,source 字段包含源卷的 ARN。startTime 和 endTime 字段表示快照的创建何时开始以及何时完成。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-west-2:snapshot/snap-01234567"
],
"detail": {
"event": "createSnapshot",
"result": "succeeded",
"cause": "",
"request-id": "",
"snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567",
"source": "arn:aws:ec2::us-west-2:volume/vol-01234567",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ" }
}创建多个快照(createSnapshots)
当创建多卷快照的操作完成后,系统会将 createSnapshots 事件发送至您的 Amazon 账户。此事件的结果可能是 succeeded 或 failed。
事件数据
下面的列表是 EBS 为成功的 createSnapshots 事件发送的 JSON 对象示例。在 detail 部分中,source 字段包含多卷快照集的源卷的 ARN。startTime 和 endTime 字段表示快照的创建何时开始以及何时完成。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Multi-Volume Snapshots Completion Status",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-east-1:snapshot/snap-01234567",
"arn:aws:ec2::us-east-1:snapshot/snap-012345678"
],
"detail": {
"event": "createSnapshots",
"result": "succeeded",
"cause": "",
"request-id": "",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ",
"snapshots": [
{
"snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-01234567",
"source": "arn:aws:ec2::us-east-1:volume/vol-01234567",
"status": "completed"
},
{
"snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-012345678",
"source": "arn:aws:ec2::us-east-1:volume/vol-012345678",
"status": "completed"
}
]
}
}下面的列表是 EBS 在 createSnapshots 事件失败后发送的 JSON 对象的示例。失败的原因是多卷快照集的一个或多个快照未能完成。snapshot_id 的值是失败的快照的 ARN。startTime 和 endTime 表示创建快照操作开始和结束的时间。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Multi-Volume Snapshots Completion Status",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-east-1:snapshot/snap-01234567",
"arn:aws:ec2::us-east-1:snapshot/snap-012345678"
],
"detail": {
"event": "createSnapshots",
"result": "failed",
"cause": "Snapshot snap-01234567 is in status error",
"request-id": "",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ",
"snapshots": [
{
"snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-01234567",
"source": "arn:aws:ec2::us-east-1:volume/vol-01234567",
"status": "error"
},
{
"snapshot_id": "arn:aws:ec2::us-east-1:snapshot/snap-012345678",
"source": "arn:aws:ec2::us-east-1:volume/vol-012345678",
"status": "error"
}
]
}
}
复制快照(copySnapshot)
当复制快照的操作完成后,系统会将 copySnapshot 事件发送至您的 Amazon 账户。但是,不会保存、记录或存档该信息。此事件的结果可能是 succeeded 或 failed。
在 detail 部分中,source 是源快照的 ARN,snapshot_id 是快照副本的 ARN。startTime 和 endTime 指明复制操作何时开始和结束。incremental 指明快照副本是增量快照 (true) 还是完整快照 (false)。transferType 指明快照复制操作是标准复制操作还是基于时间的复制操作。有关更多信息,请参阅 Amazon EBS 快照和 EBS 支持的 AMI 的基于时间的副本。
如果您要跨区域复制快照,则事件将在目标区域中发出。
场景 1:标准快照复制操作完成
以下是标准快照复制操作成功完成时发送到您的账户的事件示例。请注意,transferType 为 standard 。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-west-2:snapshot/snap-01234567"
],
"detail": {
"event": "copySnapshot",
"result": "succeeded",
"cause": "",
"request-id": "",
"snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567",
"source": "arn:aws:ec2::eu-west-1:snapshot/snap-76543210",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ",
"incremental": "true",
"transferType": "standard"
}
}场景 2:基于时间的快照复制操作在完成持续时间内完成
以下是基于时间的快照复制操作在其完成持续时间内完成时向您的账户发送的事件示例。请注意,transferType 是 time-based,表明这是一项基于时间的快照复制操作。completionDurationStartTime 指明完成持续时间何时开始。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-west-2:snapshot/snap-01234567"
],
"detail": {
"event": "copySnapshot",
"result": "succeeded",
"cause": "",
"request-id": "",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ",
"snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567",
"source": "arn:aws:ec2::eu-west-1:snapshot/snap-76543210",
"incremental": "true",
"completionDurationStartTime":"2024-11-16T06:27:33.816Z",
"transferType": "time-based"
}
}场景 3:基于时间的快照复制操作已完成,但未达到请求的完成持续时间
当基于时间的快照复制操作完成,但未达到请求的完成持续时间时,CloudWatch 会向您的账户发送两个事件。以下是这些事件的示例。
-
即使复制操作仍在进行中,一旦未达到完成持续时间,第一个事件就会发送到您的账户。对于此事件,
detail-type是EBS Copy Snapshot Missed Completion Duration,missedCompletionDurationCause提供原因。{ "version":"0", "id":"fd90eb95-0938-e02c-cf55-b81363b8ac12", "detail-type":"EBS Copy Snapshot Missed Completion Duration", "source":"aws.ec2", "account":"123456789012", "time":"2024-11-19T18:17:08Z", "region":"us-east-1", "resources": ["arn:aws:ec2:us-east-1:123456789012:snapshot/snap-01234567890abcedf"], "detail":{ "event":"copySnapshot", "missedCompletionDurationCause":"Snapshot copy was not able to meet the specified completion duration because your snapshot copy operation throughput quota was exceeded.", "snapshot_id":"arn:aws:ec2:us-east-1:123456789012:snapshot/snap-01234567890abcedf", "source":"arn:aws:ec2:us-east-1:123456789012:snapshot/snap-00987654321fedcba", "startTime": "Sun Nov 24 22:32:55 UTC 2024", "transferType": "time-based" } } -
只有在快照完成后,第二个事件才会发送到您的账户。该事件包括
missedCompletionDurationCause,这提供了原因。{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "EBS Snapshot Notification", "source": "aws.ec2", "account": "123456789012", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-1", "resources": [ "arn:aws:ec2::us-west-2:snapshot/snap-01234567" ], "detail": { "event": "copySnapshot", "result": "succeeded", "cause": "", "request-id": "", "startTime": "yyyy-mm-ddThh:mm:ssZ", "endTime": "yyyy-mm-ddThh:mm:ssZ", "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567", "source": "arn:aws:ec2::eu-west-1:snapshot/snap-76543210", "incremental": "true", "completionDurationStartTime":"2024-11-16T06:27:33.816Z", "missedCompletionDurationCause":"Snapshot copy was not able to meet the specified completion duration because your snapshot copy operation throughput quota was exceeded.", "transferType": "time-based" } }
场景 4:快照复制操作失败
以下是快照复制操作失败时发送到您的账户的事件示例。请注意,result 是 failed,指明操作失败。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-west-2:snapshot/snap-01234567"
],
"detail": {
"event": "copySnapshot",
"result": "failed",
"cause": "Source snapshot ID is not valid",
"request-id": "",
"snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567",
"source": "arn:aws:ec2::eu-west-1:snapshot/snap-76543210",
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ"
}
}共享快照(shareSnapshot)
在其他账户与您的 shareSnapshot 账户共享快照时,系统会将 Amazon 事件发送至您的该账户。但是,不会保存、记录或存档该信息。结果始终是 succeeded。
事件数据
下面是 EBS 在 shareSnapshot 事件完成后发送的 JSON 对象的示例。在 detail 部分中,source 的值是与您共享快照的用户的 Amazon 账号。startTime 和 endTime 表示 share-snapshot 操作何时开始以及何时结束。仅在与其他用户共享私有快照时,系统才会发送 shareSnapshot 事件。共享公有快照不会触发该事件。
{
"version": "0",
"id": "01234567-01234-0123-0123-012345678901",
"detail-type": "EBS Snapshot Notification",
"source": "aws.ec2",
"account": "012345678901",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2::us-west-2:snapshot/snap-01234567"
],
"detail": {
"event": "shareSnapshot",
"result": "succeeded",
"cause": "",
"request-id": "",
"snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567",
"source": 012345678901,
"startTime": "yyyy-mm-ddThh:mm:ssZ",
"endTime": "yyyy-mm-ddThh:mm:ssZ"
}
}EBS 快照归档事件
Amazon EBS 发出与快照归档操作相关的事件。
EBS 快速快照还原事件
在快照的快速快照还原状态发生变化时,Amazon EBS 向 EventBridge 发送事件。尽最大努力发出事件。
以下是此事件的示例数据。
{
"version": "0",
"id": "01234567-0123-0123-0123-012345678901",
"detail-type": "EBS Fast Snapshot Restore State-change Notification",
"source": "aws.ec2",
"account": "123456789012",
"time": "yyyy-mm-ddThh:mm:ssZ",
"region": "us-east-1",
"resources": [
"arn:aws:ec2:us-east-1::snapshot/snap-03a55cf56513fa1b6"
],
"detail": {
"snapshot-id": "snap-1234567890abcdef0",
"state": "optimizing",
"zone": "us-east-1a",
"message": "Client.UserInitiated - Lifecycle state transition",
}
}可能的 state 值为 enabling、optimizing、enabled、disabling 和 disabled。
message 的可能值如下所示:
Client.InvalidSnapshot.InvalidState - The requested snapshot transitioned to an invalid state (Error)-
启用快速快照还原的请求失败,并且状态转换为
disabling或disabled。无法为该快照启用快速快照还原。 Client.UserInitiated-
状态成功转换为
enabling或disabling。 Client.UserInitiated - Lifecycle state transition-
状态成功转换为
optimizing、enabled或disabled。 Server.InsufficientCapacity - There was insufficient capacity available to satisfy the request-
由于容量不足而导致启用快速快照还原的请求失败,并且状态转换为
disabling或disabled。等待,然后重试。 Server.InternalError - An internal error caused the operation to fail-
由于内部错误而导致启用快速快照还原的请求失败,并且状态转换为
disabling或disabled。等待,然后重试。 Client.InvalidSnapshot.InvalidState - The requested snapshot was deleted or access permissions were revoked-
快照的快速快照还原状态已转换为
disabling或disabled,因为快照已被快照所有者删除或取消共享。无法为已删除或不再与您共享的快照启用快速快照还原。