ReEncrypt - AWS Key Management Service
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

ReEncrypt

以下示例显示了一个 AWS CloudTrail 日志条目的ReEncryptoperation. 这些区域有:resources字段按此顺序指定两个客户主密钥 (CMK),即源 CMK 和目标 CMK。

{ "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2020-07-27T23:09:13Z", "eventSource": "kms.amazonaws.com", "eventName": "ReEncrypt", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "sourceEncryptionAlgorithm": "SYMMETRIC_DEFAULT", "sourceEncryptionContext": { "Project": "Alpha", "Department": "Engineering" }, "destinationKeyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "destinationEncryptionAlgorithm": "SYMMETRIC_DEFAULT", "destinationEncryptionContext": { "Level": "3A" } }, "responseElements": null, "requestID": "03769fd4-acf9-4b33-adf3-2ab8ca73aadf", "eventID": "542d9e04-0e8d-4e05-bf4b-4bdeb032e6ec", "readOnly": true, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ], "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }