创建 CloudTrail 跟踪 - Amazon 适用于 Ruby 的 SDK
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)


创建 CloudTrail 跟踪

此示例使用 create_trail 方法在该区域创建 CloudTrail 跟踪。us-west-2它需要两个输入:跟踪的名称和存储信息的 CloudTrail 存储桶的名称。如果存储桶没有适当的策略,请包括 -p 标志以向存储桶附加正确的策略。

选择 Copy 将代码保存在本地。

# Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # This file is licensed under the Apache License, Version 2.0 (the "License"). # You may not use this file except in compliance with the License. A copy of the # License is located at # # http://aws.amazon.com/apache2.0/ # # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS # OF ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. require 'aws-sdk-cloudtrail' # v2: require 'aws-sdk' require 'aws-sdk-s3' require 'aws-sdk-sts' # Attach IAM policy to bucket def add_policy(bucket) # Get account ID using STS sts_client = Aws::STS::Client.new(region: 'us-west-2') resp = sts_client.get_caller_identity({}) account_id = resp.account # Attach policy to S3 bucket s3_client = Aws::S3::Client.new(region: 'us-west-2') begin policy = { 'Version' => '2012-10-17', 'Statement' => [ { 'Sid' => 'AWSCloudTrailAclCheck20150319', 'Effect' => 'Allow', 'Principal' => { 'Service' => 'cloudtrail.amazonaws.com', }, 'Action' => 's3:GetBucketAcl', 'Resource' => 'arn:aws:s3:::' + bucket, }, { 'Sid' => 'AWSCloudTrailWrite20150319', 'Effect' => 'Allow', 'Principal' => { 'Service' => 'cloudtrail.amazonaws.com', }, 'Action' => 's3:PutObject', 'Resource' => 'arn:aws:s3:::' + bucket + '/AWSLogs/' + account_id + '/*', 'Condition' => { 'StringEquals' => { 's3:x-amz-acl' => 'bucket-owner-full-control', }, }, }, ] }.to_json s3_client.put_bucket_policy( bucket: bucket, policy: policy ) puts 'Successfully added policy to bucket ' + bucket rescue StandardError => err puts 'Got error trying to add policy to bucket ' + bucket + ':' puts err exit 1 end end # main name = '' bucket = '' attach_policy = false i = 0 while i < ARGV.length case ARGV[i] when '-b' i += 1 bucket = ARGV[i] when '-p' attach_policy = true else name = ARGV[i] end i += 1 end if name == '' || bucket == '' puts 'You must supply a trail name and bucket name' puts USAGE exit 1 end if attach_policy add_policy(bucket) end # Create client in us-west-2 client = Aws::CloudTrail::Client.new(region: 'us-west-2') begin client.create_trail({ name: name, # required s3_bucket_name: bucket, # required }) puts 'Successfully created CloudTrail ' + name + ' in us-west-2' rescue StandardError => err puts 'Got error trying to create trail ' + name + ':' puts err exit 1 end

请参阅上的完整示例 GitHub。