Amazon S3 和 S3 on Outposts 的 CloudTrail 日志文件条目 - Amazon Simple Storage Service
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

Amazon S3 和 S3 on Outposts 的 CloudTrail 日志文件条目

重要

Amazon S3 现在将具有 Amazon S3 托管密钥的服务器端加密(SSE-S3)作为 Amazon S3 中每个存储桶的基本加密级别。从 2023 年 1 月 5 日起,上传到 Amazon S3 的所有新对象都将自动加密,不会产生额外费用,也不会影响性能。S3 存储桶默认加密配置和上传的新对象的自动加密状态可在 Amazon CloudTrail 日志、S3 清单、S3 Storage Lens 存储统计管理工具、Amazon S3 控制台中获得,并可用作 Amazon Command Line Interface 和 Amazon SDK 中的附加 Amazon S3 API 响应标头。有关更多信息,请参阅默认加密常见问题解答

一个事件表示一个来自任何源的请求,包括有关所请求的 API 操作、操作的日期和时间、请求参数等方面的信息。CloudTrail 日志文件不是公用 API 调用的有序堆栈跟踪,因此事件不会按任何特定顺序显示。

有关更多信息,请参阅以下示例。

示例:Amazon S3 的 CloudTrail 日志文件条目

下面的示例显示了一个 CloudTrail 日志条目,该条目说明了 GET 服务PutBucketAclGetBucketVersioning 操作。

{ "Records": [ { "eventVersion": "1.03", "userIdentity": { "type": "IAMUser", "principalId": "111122223333", "arn": "arn:aws:iam::111122223333:user/myUserName", "accountId": "111122223333", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "myUserName" }, "eventTime": "2019-02-01T03:18:19Z", "eventSource": "s3.amazonaws.com", "eventName": "ListBuckets", "awsRegion": "us-west-2", "sourceIPAddress": "127.0.0.1", "userAgent": "[]", "requestParameters": { "host": [ "s3.us-west-2.amazonaws.com" ] }, "responseElements": null, "additionalEventData": { "SignatureVersion": "SigV2", "AuthenticationMethod": "QueryString", "aclRequired": "Yes" }, "requestID": "47B8E8D397DCE7A6", "eventID": "cdc4b7ed-e171-4cef-975a-ad829d4123e8", "eventType": "AwsApiCall", "recipientAccountId": "444455556666", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "s3.amazonaws.com" } }, { "eventVersion": "1.03", "userIdentity": { "type": "IAMUser", "principalId": "111122223333", "arn": "arn:aws:iam::111122223333:user/myUserName", "accountId": "111122223333", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "myUserName" }, "eventTime": "2019-02-01T03:22:33Z", "eventSource": "s3.amazonaws.com", "eventName": "PutBucketAcl", "awsRegion": "us-west-2", "sourceIPAddress": "", "userAgent": "[]", "requestParameters": { "bucketName": "", "AccessControlPolicy": { "AccessControlList": { "Grant": { "Grantee": { "xsi:type": "CanonicalUser", "xmlns:xsi": "http://www.w3.org/2001/XMLSchema-instance", "ID": "d25639fbe9c19cd30a4c0f43fbf00e2d3f96400a9aa8dabfbbebe1906Example" }, "Permission": "FULL_CONTROL" } }, "xmlns": "http://s3.amazonaws.com/doc/2006-03-01/", "Owner": { "ID": "d25639fbe9c19cd30a4c0f43fbf00e2d3f96400a9aa8dabfbbebe1906Example" } }, "host": [ "s3.us-west-2.amazonaws.com" ], "acl": [ "" ] }, "responseElements": null, "additionalEventData": { "SignatureVersion": "SigV4", "CipherSuite": "ECDHE-RSA-AES128-SHA", "AuthenticationMethod": "AuthHeader" }, "requestID": "BD8798EACDD16751", "eventID": "607b9532-1423-41c7-b048-ec2641693c47", "eventType": "AwsApiCall", "recipientAccountId": "111122223333", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "s3.amazonaws.com" } }, { "eventVersion": "1.03", "userIdentity": { "type": "IAMUser", "principalId": "111122223333", "arn": "arn:aws:iam::111122223333:user/myUserName", "accountId": "111122223333", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "myUserName" }, "eventTime": "2019-02-01T03:26:37Z", "eventSource": "s3.amazonaws.com", "eventName": "GetBucketVersioning", "awsRegion": "us-west-2", "sourceIPAddress": "", "userAgent": "[]", "requestParameters": { "host": [ "s3.us-west-2.amazonaws.com" ], "bucketName": "example-s3-bucket1", "versioning": [ "" ] }, "responseElements": null, "additionalEventData": { "SignatureVersion": "SigV4", "CipherSuite": "ECDHE-RSA-AES128-SHA", "AuthenticationMethod": "AuthHeader" }, "requestID": "07D681279BD94AED", "eventID": "f2b287f3-0df1-4961-a2f4-c4bdfed47657", "eventType": "AwsApiCall", "recipientAccountId": "111122223333", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "s3.amazonaws.com" } } ] }

示例:Amazon S3 on Outposts 日志文件条目

Amazon S3 on Outposts 管理事件可通过 Amazon CloudTrail 提供。有关更多信息,请参阅 使用 Amazon CloudTrail 记录 Amazon S3 API 调用。此外,您还可以选择性地为 Amazon CloudTrail 中的数据事件启用日志记录

跟踪是一种配置,可用于将事件作为日志文件传送到您指定的区域的 S3 存储桶中。Outposts 存储桶的 CloudTrail 日志包括一个新字段 edgeDeviceDetails,该字段用于识别指定存储桶所在的 Outpost。

其他日志字段包括请求的操作、操作的日期和时间以及请求参数。CloudTrail 日志文件不是公用 API 调用的有序堆栈跟踪,因此它们不会按任何特定顺序显示。

下面的示例显示了一个 CloudTrail 日志条目,该条目说明了 s3-outposts 上的 PutObject 操作。

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "111122223333", "arn": "arn:aws:iam::111122223333:user/yourUserName", "accountId": "222222222222", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "yourUserName" }, "eventTime": "2020-11-30T15:44:33Z", "eventSource": "s3-outposts.amazonaws.com", "eventName": "PutObject", "awsRegion": "us-east-1", "sourceIPAddress": "26.29.66.20", "userAgent": "aws-cli/1.18.39 Python/3.4.10 Darwin/18.7.0 botocore/1.15.39", "requestParameters": { "expires": "Wed, 21 Oct 2020 07:28:00 GMT", "Content-Language": "english", "x-amz-server-side-encryption-customer-key-MD5": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "ObjectCannedACL": "BucketOwnerFullControl", "x-amz-server-side-encryption": "Aes256", "Content-Encoding": "gzip", "Content-Length": "10", "Cache-Control": "no-cache", "Content-Type": "text/html; charset=UTF-8", "Content-Disposition": "attachment", "Content-MD5": "je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY", "x-amz-storage-class": "Outposts", "x-amz-server-side-encryption-customer-algorithm": "Aes256", "bucketName": "example-s3-bucket1", "Key": "path/upload.sh" }, "responseElements": { "x-amz-server-side-encryption-customer-key-MD5": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "x-amz-server-side-encryption": "Aes256", "x-amz-version-id": "001", "x-amz-server-side-encryption-customer-algorithm": "Aes256", "ETag": "d41d8cd98f00b204e9800998ecf8427f" }, "additionalEventData": { "CipherSuite": "ECDHE-RSA-AES128-SHA", "bytesTransferredIn": 10, "x-amz-id-2": "29xXQBV2O+xOHKItvzY1suLv1i6A52E0zOX159fpfsItYd58JhXwKxXAXI4IQkp6", "SignatureVersion": "SigV4", "bytesTransferredOut": 20, "AuthenticationMethod": "AuthHeader" }, "requestID": "8E96D972160306FA", "eventID": "ee3b4e0c-ab12-459b-9998-0a5a6f2e4015", "readOnly": false, "resources": [ { "accountId": "222222222222", "type": "AWS::S3Outposts::Object", "ARN": "arn:aws:s3-outposts:us-east-1:YYY:outpost/op-01ac5d28a6a232904/bucket/path/upload.sh" }, { "accountId": "222222222222", "type": "AWS::S3Outposts::Bucket", "ARN": "arn:aws:s3-outposts:us-east-1:YYY:outpost/op-01ac5d28a6a232904/bucket/" } ], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "444455556666", "sharedEventID": "02759a4c-c040-4758-b84b-7cbaaf17747a", "edgeDeviceDetails": { "type": "outposts", "deviceId": "op-01ac5d28a6a232904" }, "eventCategory": "Data" }