本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 使用 SCEP 自动连接器 EventBridge
您可以使用 [Amazon EventBridge](https://docs.amazonaws.cn/eventbridge/latest/userguide/eb-cwe-now-eb.html) 实现 Amazon 服务自动化,并自动响应系统事件,例如应用程序可用性问题或资源更改。来自 Amazon 服务的事件几乎实时 EventBridge 地传送到。您可以编写简单的规则来指明您感兴趣的事件,以及当事件与规则匹配时要采取的自动操作。 EventBridge 至少发布一次。有关更多信息,请参阅中的[创建对事件做出反应的规则 EventBridge](https://docs.amazonaws.cn/AmazonCloudWatch/latest/events/Create-CloudWatch-Events-Rule.html)。
CloudWatch 使用将事件转化为操作 EventBridge。使用 EventBridge,您可以使用事件来触发目标。有关更多信息,请参阅[什么是亚马逊 EventBridge?](https://docs.amazonaws.cn/eventbridge/latest/userguide/what-is-amazon-eventbridge.html)
## SCEP 事件类型的连接器
### 证书颁发成功
EventBridge 当我们为响应`PkiOperationPost`请求而颁发证书时,SCEP 连接器会向发送一个`Certificate Issuance Succeeded`事件。
以下是该事件的示例数据。
```
{
"version": "0",
"id": "event_ID",
"detail-type": "Certificate Issuance Succeeded",
"source": "aws.pca-connector-scep",
"account": "account",
"time": "2024-09-12T19:14:56Z",
"region": "region",
"resources":[
"arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566",
"arn:aws:pca-connector-scep:us-east-1:111122223333:connector/11223344-1234-1122-2233-112233445566"
],
"detail": {
"result": "success",
"requestType": "PkiOperationPost",
"certificateArn": "arn:aws:acm-pca:region:account:certificate-authority/CA_ID/certificate/certificate_ID"
}
}
```
### 证书颁发失败
EventBridge 当我们无法为响应`PkiOperationPost`请求颁发证书时,SCEP 连接器会向发送一个`Certificate Issuance Failed`事件。
以下是该事件的示例数据。
```
{
"version": "0",
"id": "event_ID",
"detail-type": "Certificate Issuance Failed",
"source": "aws.pca-connector-scep",
"account": "account",
"time": "2024-09-12T19:14:56Z",
"region": "region",
"resources":[
"arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566",
"arn:aws:pca-connector-scep:us-east-1:111122223333:connector/11223344-1234-1122-2233-112233445566"
],
"detail": {
"result": "failure",
"requestType": "PkiOperationPost",
"reason": "The certificate authority is not active."
}
}
```
### 证书颁发机构证书检索成功
EventBridge 当我们收到`GetCACert`请求并成功检索连接器的私有 CA 证书时,SCEP 连接器会向发送一个`Certificate Authority Certificate Retrieval Succeeded`事件。
以下是该事件的示例数据。
```
{
"version": "0",
"id": "event_ID",
"detail-type": "Certificate Authority Certificate Retrieval Succeeded",
"source": "aws.pca-connector-scep",
"account": "account",
"time": "2024-09-12T19:14:56Z",
"region": "region",
"resources":[
"arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566",
"arn:aws:pca-connector-scep:us-east-1:111122223333:connector/11223344-1234-1122-2233-112233445566"
],
"detail": {
"result": "success",
"requestType": "GetCACert"
}
}
```
### 证书颁发机构证书检索失败
EventBridge 当我们收到`GetCACert`请求但无法检索连接器的私有 CA 证书时,SCEP 连接器会向发送一个`Certificate Authority Certificate Retrieval Failed`事件。该事件包括失败的原因。
以下是该事件的示例数据。
```
{
"version": "0",
"id": "event_ID",
"detail-type": "Certificate Authority Certificate Retrieval Failed",
"source": "aws.pca-connector-scep",
"account": "account",
"time": "2024-09-12T19:14:56Z",
"region": "region",
"resources":[
"arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566",
"arn:aws:pca-connector-scep:us-east-1:111122223333:connector/11223344-1234-1122-2233-112233445566"
],
"detail": {
"result": "failure",
"requestType": "GetCACert",
"reason": "The certificate authority certificate validity must be at least one year from today."
}
}
```
### 证书颁发机构证书检索成功
EventBridge 当我们收到`GetCACert`请求并成功检索连接器的私有 CA 证书时,SCEP 连接器会向发送一个`Certificate Authority Certificate Retrieval Succeeded`事件。
以下是该事件的示例数据。
```
{
"version": "0",
"id": "event_ID",
"detail-type": "Certificate Authority Certificate Retrieval Succeeded",
"source": "aws.pca-connector-scep",
"account": "account",
"time": "2024-09-12T19:14:56Z",
"region": "region",
"resources":[
"arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566",
"arn:aws:pca-connector-scep:us-east-1:111122223333:connector/11223344-1234-1122-2233-112233445566"
],
"detail": {
"result": "success",
"requestType": "GetCACert"
}
}
```
### 证书颁发机构功能检索成功
EventBridge 当我们收到 SCEP `GetCACaps` 请求并成功检索 CA 的功能时,SCEP 连接器会向发送一个`Certificate Authority Capabilities Retrieval Succeeded`事件。
以下是该事件的示例数据。
```
```
### 证书颁发机构功能检索失败
EventBridge 当我们收到 SCEP `GetCACaps` 请求但无法检索 CA 的功能时,SCEP 连接器会向发送一个`Certificate Authority Capabilities Retrieval Failed`事件。我们在事件中注明失败的原因。
以下是该事件的示例数据。
```
{
"resources":
[
"arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566",
"arn:aws:pca-connector-scep:us-east-1:111122223333:connector11223344-1234-1122-2233-112233445566"
],
"detailType":"Certificate Authority Capabilities Retrieval Failed",
"detail": {
"result":"failure",
"requestType":"GetCACaps",
"reason":"The request was denied due to request throttling."
},
"source":"aws.pca-connector-scep","accountId":"111122223333"
}
```
### 已调用不支持的操作
**已调用不支持的操作**
EventBridge 如果发送到连接器端点的操作不受支持或未知,则适用于 SCEP 的连接器会向发送`Unsupported Operation Invoked`事件。
```
{
"version": "0",
"id": "event_ID",
"detail-type": "Unsupported Operation Invoked",
"source": "aws.pca-connector-scep",
"account": "account",
"time": "2024-09-12T19:14:56Z",
"region": "region",
"resources":[
"arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566",
"arn:aws:pca-connector-scep:us-east-1:111122223333:connector/11223344-1234-1122-2233-112233445566"
],
"detail": {}
}
```
## 创建 EventBridge 规则
在中 EventBridge,您可以创建响应所记录的事件的规则 CloudTrail。要创建包含连接器为 SCEP 记录的所有事件的规则,请将源设置为。`aws.pca-connector-scep`有关规则的更多信息,请参阅[在 Amazon 中创建规则 EventBridge](https://docs.amazonaws.cn/eventbridge/latest/userguide/eb-get-started.html#eb-gs-create-rule)。