本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
ReEncrypt
以下示例显示了该ReEncrypt操作的 Amazon CloudTrail 日志条目。此日志条目中的resources
字段按顺序指定了两个密钥 Amazon KMS keys,即源 KMS 密钥和目标 KMS 密钥。
{ "eventVersion": "1.11", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2025-05-22T19:34:55Z", "eventSource": "kms.amazonaws.com", "eventName": "ReEncrypt", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "Amazon Internal", "requestParameters": { "sourceEncryptionAlgorithm": "SYMMETRIC_DEFAULT", "sourceEncryptionContext": { "Project": "Alpha", "Department": "Engineering" }, "destinationKeyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "destinationEncryptionAlgorithm": "SYMMETRIC_DEFAULT", "destinationEncryptionContext": { "Level": "3A" } }, "responseElements": null, "additionalEventData": { "destinationKeyMaterialId": "96083e4fb6dbc41d77578a213a6b6669c044dd4c143e96755396d2bf11fd6068", "sourceKeyMaterialId": "123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0" }, "requestID": "03769fd4-acf9-4b33-adf3-2ab8ca73aadf", "eventID": "542d9e04-0e8d-4e05-bf4b-4bdeb032e6ec", "readOnly": true, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333" "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_256_GCM_SHA384", "clientProvidedHostHeader": "kms.us-west-2.amazonaws.com" } }