本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 使用记录 Amazon Trusted Advisor 控制台操作 Amazon CloudTrail
Trusted Advisor 与 Amazon CloudTrail一项服务集成,该服务提供用户、角色或 Amazon 服务在中执行的操作的记录 Trusted Advisor。 CloudTrail 将操作捕获 Trusted Advisor 为事件。捕获的呼叫包括来自 Trusted Advisor 控制台的呼叫。如果您创建跟踪,则可以允许持续向亚马逊简单存储服务 (Amazon S3) Storage Service 存储桶传送 CloudTrail 事件,包括的事件。 Trusted Advisor如果您未配置跟踪,您仍然可以在 CloudTrail 控制台的事件**历史记录中查看最新的事件**。使用收集的信息 CloudTrail,您可以确定向哪个请求发出 Trusted Advisor、发出请求的 IP 地址、谁发出了请求、何时发出请求以及其他详细信息。
要了解更多信息 CloudTrail,包括如何配置和启用它,请参阅[Amazon CloudTrail 用户指南](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/)。
## Trusted Advisor 信息在 CloudTrail
CloudTrail 在您创建 Amazon 账户时已在您的账户上启用。当 Trusted Advisor 控制台中出现支持的事件活动时,该活动会与其他 Amazon 服务 CloudTrail 事件一起记录在**事件历史**记录中。您可以在自己的 Amazon 账户中查看、搜索和下载最近发生的事件。有关更多信息,请参阅[使用事件历史记录查看 CloudTrail 事件](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/view-cloudtrail-events.html)。
要持续记录您 Amazon 账户中的事件,包括的事件 Trusted Advisor,请创建跟踪。*跟踪*允许 CloudTrail 将日志文件传输到 Amazon S3 存储桶。预设情况下,在控制台中创建跟踪时,此跟踪应用于所有 Amazon 区域。跟踪记录 Amazon 分区中所有区域的事件,并将日志文件传送到您指定的 Amazon S3 存储桶。此外,您可以配置其他 Amazon 服务,以进一步分析和处理 CloudTrail 日志中收集的事件数据。有关更多信息,请参阅下列内容:
+ [创建跟踪概述](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail 支持的服务和集成](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations)
+ [配置 Amazon SNS 通知 CloudTrail](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/getting_notifications_top_level.html)
+ [从多个区域接收 CloudTrail 日志文件](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html)和[从多个账户接收 CloudTrail日志文件](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)
Trusted Advisor 支持将 Trusted Advisor 控制台操作的子集作为事件 CloudTrail 记录在日志文件中。 CloudTrail 记录以下操作:
+ ` [ BatchUpdateRecommendationResourceExclusion ](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_BatchUpdateRecommendationResourceExclusion.html) `
+ `CreateEngagement`
+ `CreateEngagementAttachment`
+ `CreateEngagementCommunication`
+ `CreateExcelReport`
+ `DescribeAccount`
+ `DescribeAccountAccess`
+ `DescribeCheckItems`
+ `DescribeCheckRefreshStatuses`
+ `DescribeCheckSummaries`
+ `DescribeChecks`
+ `DescribeNotificationPreferences`
+ `DescribeOrganization`
+ `DescribeOrganizationAccounts`
+ `DescribeReports`
+ `DescribeServiceMetadata`
+ `ExcludeCheckItems`
+ `GenerateReport`
+ `GetEngagement`
+ `GetEngagementAttachment`
+ `GetEngagementType`
+ `GetExcelReport`
+ ` [ GetOrganizationRecommendation ](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_GetOrganizationRecommendation.html) `
+ ` [ GetRecommendation ](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_GetRecommendation.html) `
+ `IncludeCheckItems`
+ `ListAccountsForParent`
+ ` [ListChecks](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_ListChecks.html) `
+ `ListEngagementCommunications`
+ `ListEngagementTypes`
+ `ListEngagements`
+ ` [ ListOrganizationRecommendationAccounts ](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_ListOrganizationRecommendationAccounts.html) `
+ ` [ ListOrganizationRecommendationResources ](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_ListOrganizationRecommendationResources.html) `
+ ` [ ListOrganizationRecommendations ](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_ListOrganizationRecommendations.html) `
+ `ListOrganizationalUnitsForParent`
+ ` [ ListRecommendationResources ](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_ListRecommendationResources.html) `
+ ` [ ListRecommendations ](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_ListRecommendations.html) `
+ `ListRoots`
+ `RefreshCheck`
+ `SetAccountAccess`
+ `SetOrganizationAccess`
+ `UpdateEngagement`
+ `UpdateEngagementStatus`
+ `UpdateNotificationPreferences`
+ ` [ UpdateOrganizationRecommendationLifecycle ](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_UpdateOrganizationRecommendationLifecycle.html) `
+ ` [ UpdateRecommendationLifecycle ](https://docs.amazonaws.cn/trustedadvisor/latest/APIReference/API_UpdateRecommendationLifecycle.html) `
有关 Trusted Advisor 控制台操作的完整列表,请参阅[Trusted Advisor 行动](security-trusted-advisor.md#trusted-advisor-operations)。
**注意**
CloudTrail 还会在 Trusted Advisor API [参考中记录Amazon Web Services 支持 API](https://docs.amazonaws.cn/awssupport/latest/APIReference/) 操作。有关更多信息,请参阅[使用记录 Amazon Web Services 支持 API 调用 Amazon CloudTrail](logging-using-cloudtrail.md)。
每个事件或日志条目都包含有关生成请求的人员信息。身份信息有助于您确定以下内容:
+ 请求是使用根证书还是 Amazon Identity and Access Management (IAM) 用户凭证发出。
+ 请求是使用角色还是联合用户的临时安全凭证发出的。
+ 请求是否由其他 Amazon 服务发出。
有关更多信息,请参阅[CloudTrail 用户身份元素](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。
## 示例: Trusted Advisor 日志文件条目
跟踪是一种配置,允许将事件作为日志文件传输到您指定的 Amazon S3 存储桶。 CloudTrail 日志文件包含一个或多个日志条目。事件代表来自任何来源的单个请求,包括有关请求的操作、操作的日期和时间、请求参数等的信息。 CloudTrail 日志文件不是公共 API 调用的有序堆栈跟踪,因此它们不会按任何特定顺序出现。
**Example : 日志条目 RefreshCheck**
以下示例显示了一个 CloudTrail 日志条目,该条目演示了 Amazon S3 存储桶版本控制检查 (IDR365s2Qddf) 的`RefreshCheck`操作。
```
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/janedoe",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"janedoe",
"sessionContext":{
"attributes":{
"mfaAuthenticated":"false",
"creationDate":"2020-10-21T22:06:18Z"
}
}
},
"eventTime":"2020-10-21T22:06:33Z",
"eventSource":"trustedadvisor.amazonaws.com",
"eventName":"RefreshCheck",
"awsRegion":"us-east-1",
"sourceIPAddress":"100.127.34.136",
"userAgent":"signin.amazonaws.com",
"requestParameters":{
"checkId":"R365s2Qddf"
},
"responseElements":{
"status":{
"checkId":"R365s2Qddf",
"status":"enqueued",
"millisUntilNextRefreshable":3599993
}
},
"requestID":"d23ec729-8995-494c-8054-dedeaEXAMPLE",
"eventID":"a49d5202-560f-4a4e-b38a-02f1cEXAMPLE",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
```
**Example : 日志条目 UpdateNotificationPreferences**
以下示例显示了演示该`UpdateNotificationPreferences`操作的 CloudTrail 日志条目。
```
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/janedoe",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"janedoe",
"sessionContext":{
"attributes":{
"mfaAuthenticated":"false",
"creationDate":"2020-10-21T22:06:18Z"
}
}
},
"eventTime":"2020-10-21T22:09:49Z",
"eventSource":"trustedadvisor.amazonaws.com",
"eventName":"UpdateNotificationPreferences",
"awsRegion":"us-east-1",
"sourceIPAddress":"100.127.34.167",
"userAgent":"signin.amazonaws.com",
"requestParameters":{
"contacts":[
{
"id":"billing",
"type":"email",
"active":false
},
{
"id":"operational",
"type":"email",
"active":false
},
{
"id":"security",
"type":"email",
"active":false
}
],
"language":"en"
},
"responseElements":null,
"requestID":"695295f3-c81c-486e-9404-fa148EXAMPLE",
"eventID":"5f923d8c-d210-4037-bd32-997c6EXAMPLE",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
```
**Example : 日志条目 GenerateReport**
以下示例显示了演示该`GenerateReport`操作的 CloudTrail 日志条目。此操作会为您的 Amazon 组织创建报告。
```
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/janedoe",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"janedoe",
"sessionContext":{
"attributes":{
"mfaAuthenticated":"false",
"creationDate":"2020-11-03T13:03:10Z"
}
}
},
"eventTime":"2020-11-03T13:04:29Z",
"eventSource":"trustedadvisor.amazonaws.com",
"eventName":"GenerateReport",
"awsRegion":"us-east-1",
"sourceIPAddress":"100.127.36.171",
"userAgent":"signin.amazonaws.com",
"requestParameters":{
"refresh":false,
"includeSuppressedResources":false,
"language":"en",
"format":"JSON",
"name":"organizational-view-report",
"preference":{
"accounts":[
],
"organizationalUnitIds":[
"r-j134"
],
"preferenceName":"organizational-view-report",
"format":"json",
"language":"en"
}
},
"responseElements":{
"status":"ENQUEUED"
},
"requestID":"bb866dc1-60af-47fd-a660-21498EXAMPLE",
"eventID":"2606c89d-c107-47bd-a7c6-ec92fEXAMPLE",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
```