CloudTrail 日志记录中支持的ACM API 操作 - AWS Certificate Manager
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

CloudTrail 日志记录中支持的ACM API 操作

ACM 支持在 CloudTrail 日志文件中将以下操作记录为事件:

每个事件或日志条目都包含有关生成请求的人员的信息。身份信息帮助您确定以下内容:

  • 请求是使用根用户凭证还是 AWS Identity and Access Management (IAM) 用户凭证发出的

  • 请求是使用角色还是联合身份用户的临时安全凭证发出的

  • 请求是否由其他 AWS 服务发出

有关更多信息,请参阅 CloudTrail userIdentity 元素

以下部分提供了支持的 API 操作的示例日志。

向证书添加标签 (AddTagsToCertificate)

以下 CloudTrail 示例显示调用 AddTagsToCertificate API 的结果。

{ "Records":[ { "eventVersion":"1.04", "userIdentity":{ "type":"IAMUser", "principalId":"AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::123456789012:user/Alice", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2016-04-06T13:53:53Z", "eventSource":"acm.amazonaws.com", "eventName":"AddTagsToCertificate", "awsRegion":"us-east-1", "sourceIPAddress":"192.0.2.0", "userAgent":"aws-cli/1.10.16", "requestParameters":{ "tags":[ { "value":"Alice", "key":"Admin" } ], "certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/fedcba98-7654-3210-fedc-ba9876543210" }, "responseElements":null, "requestID":"fedcba98-7654-3210-fedc-ba9876543210", "eventID":"fedcba98-7654-3210-fedc-ba9876543210", "eventType":"AwsApiCall", "recipientAccountId":"123456789012" } ] }

删除证书 (DeleteCertificate)

以下 CloudTrail 示例显示调用 DeleteCertificate API 的结果。

{ "Records":[ { "eventVersion":"1.04", "userIdentity":{ "type":"IAMUser", "principalId":"AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::123456789012:user/Alice", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2016-03-18T00:00:26Z", "eventSource":"acm.amazonaws.com", "eventName":"DeleteCertificate", "awsRegion":"us-east-1", "sourceIPAddress":"192.0.2.0", "userAgent":"aws-cli/1.9.15", "requestParameters":{ "certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/fedcba98-7654-3210-fedc-ba9876543210" }, "responseElements":null, "requestID":"01234567-89ab-cdef-0123-456789abcdef", "eventID":"01234567-89ab-cdef-0123-456789abcdef", "eventType":"AwsApiCall", "recipientAccountId":"123456789012" } ] }

描述证书 (DescribeCertificate)

以下 CloudTrail 示例显示调用 DescribeCertificate API 的结果。

注意

DescribeCertificate 操作的 CloudTrail 日志不会显示有关您指定的 ACM 证书的信息。您可以使用控制台、AWS Command Line Interface 或 DescribeCertificate API 查看有关证书的信息。

{ "Records":[ { "eventVersion":"1.04", "userIdentity":{ "type":"IAMUser", "principalId":"AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::123456789012:user/Alice", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2016-03-18T00:00:42Z", "eventSource":"acm.amazonaws.com", "eventName":"DescribeCertificate", "awsRegion":"us-east-1", "sourceIPAddress":"192.0.2.0", "userAgent":"aws-cli/1.9.15", "requestParameters":{ "certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/fedcba98-7654-3210-fedc-ba9876543210" }, "responseElements":null, "requestID":"fedcba98-7654-3210-fedc-ba9876543210", "eventID":"fedcba98-7654-3210-fedc-ba9876543210", "eventType":"AwsApiCall", "recipientAccountId":"123456789012" } ] }

导出证书 (ExportCertificate)

以下 CloudTrail 示例显示调用 ExportCertificate API 的结果。

{ "Records":[ { "version":"0", "id":"01234567-89ab-cdef-0123-456789abcdef", "detail-type":"AWS API Call via CloudTrail", "source":"aws.acm", "account":"123456789012", "time":"2018-05-24T15:28:11Z", "region":"us-east-1", "resources":[ ], "detail":{ "eventVersion":"1.04", "userIdentity":{ "type":"Root", "principalId":"123456789012", "arn":"arn:aws:iam::123456789012:user/Alice", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2018-05-24T15:28:11Z", "eventSource":"acm.amazonaws.com", "eventName":"ExportCertificate", "awsRegion":"us-east-1", "sourceIPAddress":"192.0.2.0", "userAgent":"aws-cli/1.15.4 Python/2.7.9 Windows/8 botocore/1.10.4", "requestParameters":{ "passphrase":{ "hb":[ 42, 42, 42, 42, 42, 42, 42, 42, 42, 42 ], "offset":0, "isReadOnly":false, "bigEndian":true, "nativeByteOrder":false, "mark":-1, "position":0, "limit":10, "capacity":10, "address":0 }, "certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/fedcba98-7654-3210-fedc-ba9876543210" }, "responseElements":{ "certificateChain": "-----BEGIN CERTIFICATE----- base64 certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- base64 certificate -----END CERTIFICATE-----", "privateKey":"**********", "certificate": "-----BEGIN CERTIFICATE----- base64 certificate -----END CERTIFICATE-----" }, "requestID":"01234567-89ab-cdef-0123-456789abcdef", "eventID":"fedcba98-7654-3210-fedc-ba9876543210", "eventType":"AwsApiCall" } } ] }

导入证书 (ImportCertificate)

以下示例显示了记录调用 CloudTrail ACM API 操作的 ImportCertificate 日志条目。

{ "eventVersion":"1.04", "userIdentity":{ "type":"IAMUser", "principalId":"AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::111122223333:user/Alice", "accountId":"111122223333", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2016-10-04T16:01:30Z", "eventSource":"acm.amazonaws.com", "eventName":"ImportCertificate", "awsRegion":"ap-southeast-2", "sourceIPAddress":"54.240.193.129", "userAgent":"Coral/Netty", "requestParameters":{ "privateKey":{ "hb":[ "byte", "byte", "byte", "..." ], "offset":0, "isReadOnly":false, "bigEndian":true, "nativeByteOrder":false, "mark":-1, "position":0, "limit":1674, "capacity":1674, "address":0 }, "certificateChain":{ "hb":[ "byte", "byte", "byte", "..." ], "offset":0, "isReadOnly":false, "bigEndian":true, "nativeByteOrder":false, "mark":-1, "position":0, "limit":2105, "capacity":2105, "address":0 }, "certificate":{ "hb":[ "byte", "byte", "byte", "..." ], "offset":0, "isReadOnly":false, "bigEndian":true, "nativeByteOrder":false, "mark":-1, "position":0, "limit":2503, "capacity":2503, "address":0 } }, "responseElements":{ "certificateArn":"arn:aws:acm:ap-southeast-2:111122223333:certificate/01234567-89ab-cdef-0123-456789abcdef" }, "requestID":"01234567-89ab-cdef-0123-456789abcdef", "eventID":"01234567-89ab-cdef-0123-456789abcdef", "eventType":"AwsApiCall", "recipientAccountId":"111122223333" }

列出证书 (ListCertificates)

以下 CloudTrail 示例显示调用 ListCertificates API 的结果。

注意

ListCertificates 操作的 CloudTrail 日志不会显示您的 ACM 证书。您可以使用控制台、AWS Command Line Interface 或 ListCertificates API 查看证书列表。

{ "Records":[ { "eventVersion":"1.04", "userIdentity":{ "type":"IAMUser", "principalId":"AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::123456789012:user/Alice", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2016-03-18T00:00:43Z", "eventSource":"acm.amazonaws.com", "eventName":"ListCertificates", "awsRegion":"us-east-1", "sourceIPAddress":"192.0.2.0", "userAgent":"aws-cli/1.9.15", "requestParameters":{ "maxItems":1000, "certificateStatuses":[ "ISSUED" ] }, "responseElements":null, "requestID":"74c99844-ec9c-11e5-ac34-d1e4dfe1a11b", "eventID":"cdfe1051-88aa-4aa3-8c33-a325270bff21", "eventType":"AwsApiCall", "recipientAccountId":"123456789012" } ] }

列出证书的标签 (ListTagsForCertificate)

以下 CloudTrail 示例显示调用 ListTagsForCertificate API 的结果。

注意

CloudTrail 操作的 ListTagsForCertificate 日志不会显示您的标签。您可以使用控制台、AWS Command Line Interface 或 ListTagsForCertificate API 查看标签列表。

{ "Records":[ { "eventVersion":"1.04", "userIdentity":{ "type":"IAMUser", "principalId":"AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::123456789012:user/Alice", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2016-04-06T13:30:11Z", "eventSource":"acm.amazonaws.com", "eventName":"ListTagsForCertificate", "awsRegion":"us-east-1", "sourceIPAddress":"192.0.2.0", "userAgent":"aws-cli/1.10.16", "requestParameters":{ "certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012" }, "responseElements":null, "requestID":"b010767f-fbfb-11e5-b596-79e9a97a2544", "eventID":"32181be6-a4a0-48d3-8014-c0d972b5163b", "eventType":"AwsApiCall", "recipientAccountId":"123456789012" } ] }

从证书中删除标签 (RemoveTagsFromCertificate)

以下 CloudTrail 示例显示调用 RemoveTagsFromCertificate API 的结果。

{ "Records":[ { "eventVersion":"1.04", "userIdentity":{ "type":"IAMUser", "principalId":"AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::123456789012:user/Alice", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2016-04-06T14:10:01Z", "eventSource":"acm.amazonaws.com", "eventName":"RemoveTagsFromCertificate", "awsRegion":"us-east-1", "sourceIPAddress":"192.0.2.0", "userAgent":"aws-cli/1.10.16", "requestParameters":{ "certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012", "tags":[ { "value":"Bob", "key":"Admin" } ] }, "responseElements":null, "requestID":"40ded461-fc01-11e5-a747-85804766d6c9", "eventID":"0cfa142e-ef74-4b21-9515-47197780c424", "eventType":"AwsApiCall", "recipientAccountId":"123456789012" } ] }

请求证书 (RequestCertificate)

以下 CloudTrail 示例显示调用 RequestCertificate API 的结果。

{ "Records":[ { "eventVersion":"1.04", "userIdentity":{ "type":"IAMUser", "principalId":"AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::123456789012:user/Alice", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2016-03-18T00:00:49Z", "eventSource":"acm.amazonaws.com", "eventName":"RequestCertificate", "awsRegion":"us-east-1", "sourceIPAddress":"192.0.2.0", "userAgent":"aws-cli/1.9.15", "requestParameters":{ "subjectAlternativeNames":[ "example.net" ], "domainName":"example.com", "domainValidationOptions":[ { "domainName":"example.com", "validationDomain":"example.com" }, { "domainName":"example.net", "validationDomain":"example.net" } ], "idempotencyToken":"8186023d89681c3ad5" }, "responseElements":{ "certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012" }, "requestID":"77dacef3-ec9c-11e5-ac34-d1e4dfe1a11b", "eventID":"a4954cdb-8f38-44c7-8927-a38ad4be3ac8", "eventType":"AwsApiCall", "recipientAccountId":"123456789012" } ] }

重新发送验证电子邮件 (ResendValidationEmail)

以下 CloudTrail 示例显示调用 ResendValidationEmail API 的结果。

{ "Records":[ { "eventVersion":"1.04", "userIdentity":{ "type":"IAMUser", "principalId":"AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::123456789012:user/Alice", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2016-03-17T23:58:25Z", "eventSource":"acm.amazonaws.com", "eventName":"ResendValidationEmail", "awsRegion":"us-east-1", "sourceIPAddress":"192.0.2.0", "userAgent":"aws-cli/1.9.15", "requestParameters":{ "domain":"example.com", "certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012", "validationDomain":"example.com" }, "responseElements":null, "requestID":"23760b88-ec9c-11e5-b6f4-cb861a6f0a28", "eventID":"41c11b06-ca91-4c1c-8c61-af349ea8bab8", "eventType":"AwsApiCall", "recipientAccountId":"123456789012" } ] }

检索证书 (GetCertificate)

以下 CloudTrail 示例显示调用 GetCertificate API 的结果。

{ "Records":[ { "eventVersion":"1.04", "userIdentity":{ "type":"IAMUser", "principalId":"AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::123456789012:user/Alice", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "userName":"Alice" }, "eventTime":"2016-03-18T00:00:41Z", "eventSource":"acm.amazonaws.com", "eventName":"GetCertificate", "awsRegion":"us-east-1", "sourceIPAddress":"192.0.2.0", "userAgent":"aws-cli/1.9.15", "requestParameters":{ "certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012" }, "responseElements":{ "certificateChain": "-----BEGIN CERTIFICATE----- Base64-encoded certificate chain -----END CERTIFICATE-----", "certificate": "-----BEGIN CERTIFICATE----- Base64-encoded certificate -----END CERTIFICATE-----" }, "requestID":"744dd891-ec9c-11e5-ac34-d1e4dfe1a11b", "eventID":"7aa4f909-00dd-478a-9a00-b2709bcad2bb", "eventType":"AwsApiCall", "recipientAccountId":"123456789012" } ] }