Decrypt - Amazon Key Management Service
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

Decrypt

这些示例显示用于 Decrypt 操作的 Amazon CloudTrail 日志条目。

即使未在请求中指定加密算法,Decrypt 操作的 CloudTrail 日志条目也始终在 requestParameters 中包含 encryptionAlgorithm。省略了请求中的密文和响应中的明文。

{ "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2020-07-27T22:58:24Z", "eventSource": "kms.amazonaws.com", "eventName": "Decrypt", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "Amazon Internal", "requestParameters": { "encryptionAlgorithm": "SYMMETRIC_DEFAULT", "keyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "encryptionContext": { "Department": "Engineering", "Project": "Alpha" } }, "responseElements": null, "requestID": "12345126-30d5-4b28-98b9-9153da559963", "eventID": "abcde202-ba1a-467c-b4ba-f729d45ae521", "readOnly": true, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }

以下 CloudTrail 日志条目示例记录了 Amazon CloudHSM 自定义密钥存储中使用 KMS 密钥的 Decrypt 操作。使用自定义密钥存储中的 KMS 密钥进行加密操作的所有日志条目都包含带有 customKeyStoreIdadditionalEventData 字段。请求中未指定该值。

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2021-10-26T23:41:27Z", "eventSource": "kms.amazonaws.com", "eventName": "Decrypt", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "requestParameters": { "encryptionAlgorithm": "SYMMETRIC_DEFAULT", "keyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "encryptionContext": { "Department": "Development", "Purpose": "Test" } }, "responseElements": null, "additionalEventData": { "customKeyStoreId": "cks-1234567890abcdef0" }, "requestID": "e1b881f8-2048-41f8-b6cc-382b7857ec61", "eventID": "a79603d5-4cde-46fc-819c-a7cf547b9df4", "readOnly": true, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }