本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# ASFF 中的 AwsEc2 资源
以下是`AwsEc2`资源 Amazon 的安全调查结果格式 (ASFF) 语法的示例。
Amazon Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [Amazon 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEc2ClientVpnEndpoint
该`AwsEc2ClientVpnEndpoint`对象提供有关 Amazon Client VPN 端点的信息。客户端 VPN 端点是您创建并配置以用于启用和管理客户端 VPN 会话的资源。这是所有 Client VPN 会话的终止点。
以下示例显示了`AwsEc2ClientVpnEndpoint`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2ClientVpnEndpoint`属性的描述,请参阅《*Amazon Security Hub API 参考*》ClientVpnEndpointDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2ClientVpnEndpointDetails.html)。
**示例**
```
"AwsEc2ClientVpnEndpoint": {
"AuthenticationOptions": [
{
"MutualAuthentication": {
"ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Type": "certificate-authentication"
}
],
"ClientCidrBlock": "10.0.0.0/22",
"ClientConnectOptions": {
"Enabled": false
},
"ClientLoginBannerOptions": {
"Enabled": false
},
"ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5",
"ConnectionLogOptions": {
"Enabled": false
},
"Description": "test",
"DnsServer": ["10.0.0.0"],
"ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"SecurityGroupIdSet": [
"sg-0f7a177b82b443691"
],
"SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5",
"SessionTimeoutHours": 24,
"SplitTunnel": false,
"TransportProtocol": "udp",
"VpcId": "vpc-1a2b3c4d5e6f1a2b3",
"VpnPort": 443
}
```
## AwsEc2Eip
`AwsEc2Eip` 对象提供有关弹性 IP 地址的信息。
以下示例显示了`AwsEc2Eip`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2Eip`属性的描述,请参阅《*Amazon Security Hub API 参考*》EipDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2EipDetails.html)。
**示例**
```
"AwsEc2Eip": {
"InstanceId": "instance1",
"PublicIp": "192.0.2.04",
"AllocationId": "eipalloc-example-id-1",
"AssociationId": "eipassoc-example-id-1",
"Domain": "vpc",
"PublicIpv4Pool": "anycompany",
"NetworkBorderGroup": "eu-central-1",
"NetworkInterfaceId": "eni-example-id-1",
"NetworkInterfaceOwnerId": "777788889999",
"PrivateIpAddress": "192.0.2.03"
}
```
## AwsEc2Instance
`AwsEc2Instance` 对象提供有关 Amazon EC2 实例的详细信息。
以下示例显示了`AwsEc2Instance`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2Instance`属性的描述,请参阅《*Amazon Security Hub API 参考*》InstanceDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2InstanceDetails.html)。
**示例**
```
"AwsEc2Instance": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole",
"ImageId": "ami-1234",
"IpV4Addresses": [ "1.1.1.1" ],
"IpV6Addresses": [ "2001:db8:1234:1a2b::123" ],
"KeyName": "my_keypair",
"LaunchedAt": "2018-05-08T16:46:19.000Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled",
},
"Monitoring": {
"State": "disabled"
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "subnet-123",
"Type": "i3.xlarge",
"VpcId": "vpc-123"
}
```
## AwsEc2LaunchTemplate
`AwsEc2LaunchTemplate` 对象包含有关指定实例配置信息的 Amazon Elastic Compute Cloud 启动模板的详细信息。
以下示例显示了`AwsEc2LaunchTemplate`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2LaunchTemplate`属性的描述,请参阅《*Amazon Security Hub API 参考*》LaunchTemplateDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2LaunchTemplateDetals.html)。
**示例**
```
"AwsEc2LaunchTemplate": {
"DefaultVersionNumber": "1",
"ElasticGpuSpecifications": ["string"],
"ElasticInferenceAccelerators": ["string"],
"Id": "lt-0a16e9802800bdd85",
"ImageId": "ami-0d5eff06f840b45e9",
"LatestVersionNumber": "1",
"LaunchTemplateData": {
"BlockDeviceMappings": [{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteonTermination": true,
"Encrypted": true,
"SnapshotId": "snap-01047646ec075f543",
"VolumeSize": 8,
"VolumeType:" "gp2"
}
}],
"MetadataOptions": {
"HttpTokens": "enabled",
"HttpPutResponseHopLimit" : 1
},
"Monitoring": {
"Enabled": true,
"NetworkInterfaces": [{
"AssociatePublicIpAddress" : true,
}],
"LaunchTemplateName": "string",
"LicenseSpecifications": ["string"],
"SecurityGroupIds": ["sg-01fce87ad6e019725"],
"SecurityGroups": ["string"],
"TagSpecifications": ["string"]
}
```
## AwsEc2NetworkAcl
`AwsEc2NetworkAcl` 对象包含有关 Amazon EC2 网络访问控制列表(ACL)的详细信息。
以下示例显示了`AwsEc2NetworkAcl`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2NetworkAcl`属性的描述,请参阅《*Amazon Security Hub API 参考*》NetworkAclDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2NetworkAclDetails.html)。
**示例**
```
"AwsEc2NetworkAcl": {
"IsDefault": false,
"NetworkAclId": "acl-1234567890abcdef0",
"OwnerId": "123456789012",
"VpcId": "vpc-1234abcd",
"Associations": [{
"NetworkAclAssociationId": "aclassoc-abcd1234",
"NetworkAclId": "acl-021345abcdef6789",
"SubnetId": "subnet-abcd1234"
}],
"Entries": [{
"CidrBlock": "10.24.34.0/23",
"Egress": true,
"IcmpTypeCode": {
"Code": 10,
"Type": 30
},
"Ipv6CidrBlock": "2001:DB8::/32",
"PortRange": {
"From": 20,
"To": 40
},
"Protocol": "tcp",
"RuleAction": "allow",
"RuleNumber": 100
}]
}
```
## AwsEc2NetworkInterface
`AwsEc2NetworkInterface` 对象提供有关 Amazon EC2 网络接口的信息。
以下示例显示了`AwsEc2NetworkInterface`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2NetworkInterface`属性的描述,请参阅《*Amazon Security Hub API 参考*》NetworkInterfaceDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2NetworkInterfaceDetails.html)。
**示例**
```
"AwsEc2NetworkInterface": {
"Attachment": {
"AttachTime": "2019-01-01T03:03:21Z",
"AttachmentId": "eni-attach-43348162",
"DeleteOnTermination": true,
"DeviceIndex": 123,
"InstanceId": "i-1234567890abcdef0",
"InstanceOwnerId": "123456789012",
"Status": 'ATTACHED'
},
"SecurityGroups": [
{
"GroupName": "my-security-group",
"GroupId": "sg-903004f8"
},
],
"NetworkInterfaceId": 'eni-686ea200',
"SourceDestCheck": false
}
```
## AwsEc2RouteTable
`AwsEc2RouteTable` 对象提供有关 Amazon EC2 路由表的信息。
以下示例显示了`AwsEc2RouteTable`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2RouteTable`属性的描述,请参阅《*Amazon Security Hub API 参考*》RouteTableDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2RouteTableDetails.html)。
**示例**
```
"AwsEc2RouteTable": {
"AssociationSet": [{
"AssociationSet": {
"State": "associated"
},
"Main": true,
"RouteTableAssociationId": "rtbassoc-08e706c45de9f7512",
"RouteTableId": "rtb-0a59bde9cf2548e34",
}],
"PropogatingVgwSet": [],
"RouteTableId": "rtb-0a59bde9cf2548e34",
"RouteSet": [
{
"DestinationCidrBlock": "10.24.34.0/23",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "10.24.34.0/24",
"GatewayId": "igw-0242c2d7d513fc5d3",
"Origin": "CreateRoute",
"State": "active"
}
],
"VpcId": "vpc-0c250a5c33f51d456"
}
```
## AwsEc2SecurityGroup
`AwsEc2SecurityGroup` 对象描述 Amazon EC2 安全组。
以下示例显示了`AwsEc2SecurityGroup`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2SecurityGroup`属性的描述,请参阅《*Amazon Security Hub API 参考*》SecurityGroupDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2SecurityGroupDetails.html)。
**示例**
```
"AwsEc2SecurityGroup": {
"GroupName": "MySecurityGroup",
"GroupId": "sg-903004f8",
"OwnerId": "123456789012",
"VpcId": "vpc-1a2b3c4d",
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"UserIdGroupPairs": [
{
"UserId": "123456789012",
"GroupId": "sg-903004f8"
}
],
"PrefixListIds": [
{"PrefixListId": "pl-63a5400a"}
]
},
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
}
]
}
```
## AwsEc2Subnet
`AwsEc2Subnet` 对象提供有关 Amazon EC2 中子网的信息。
以下示例显示了`AwsEc2Subnet`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2Subnet`属性的描述,请参阅《*Amazon Security Hub API 参考*》SubnetDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2SubnetDetails.html)。
**示例**
```
AwsEc2Subnet: {
"AssignIpv6AddressOnCreation": false,
"AvailabilityZone": "us-west-2c",
"AvailabilityZoneId": "usw2-az3",
"AvailableIpAddressCount": 8185,
"CidrBlock": "10.0.0.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"OwnerId": "123456789012",
"State": "available",
"SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93",
"SubnetId": "subnet-d5436c93",
"VpcId": "vpc-153ade70",
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "subnet-cidr-assoc-EXAMPLE",
"Ipv6CidrBlock": "2001:DB8::/32",
"CidrBlockState": "associated"
}]
}
```
## AwsEc2TransitGateway
该`AwsEc2TransitGateway`对象提供有关将您的虚拟私有云 (VPCs) 和本地网络互连的 Amazon EC2 传输网关的详细信息。
以下是 Amazon 安全`AwsEc2TransitGateway`调查结果格式 (ASFF) 中的示例发现。要查看`AwsEc2TransitGateway`属性的描述,请参阅《*Amazon Security Hub API 参考*》TransitGatewayDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2TransitGatewayDetails.html)。
**示例**
```
"AwsEc2TransitGateway": {
"AmazonSideAsn": 65000,
"AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
"AutoAcceptSharedAttachments": "disable",
"DefaultRouteTableAssociation": "enable",
"DefaultRouteTablePropagation": "enable",
"Description": "sample transit gateway",
"DnsSupport": "enable",
"Id": "tgw-042ae6bf7a5c126c3",
"MulticastSupport": "disable",
"PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
"TransitGatewayCidrBlocks": ["10.0.0.0/16"],
"VpnEcmpSupport": "enable"
}
```
## AwsEc2Volume
`AwsEc2Volume` 对象提供有关 Amazon EC2 卷的详细信息。
以下示例显示了`AwsEc2Volume`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2Volume`属性的描述,请参阅《*Amazon Security Hub API 参考*》VolumeDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2VolumeDetails.html)。
**示例**
```
"AwsEc2Volume": {
"Attachments": [
{
"AttachTime": "2017-10-17T14:47:11Z",
"DeleteOnTermination": true,
"InstanceId": "i-123abc456def789g",
"Status": "attached"
}
],
"CreateTime": "2020-02-24T15:54:30Z",
"Encrypted": true,
"KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"Size": 80,
"SnapshotId": "",
"Status": "available"
}
```
## AwsEc2Vpc
`AwsEc2Vpc` 对象提供有关 Amazon EC2 VPC 的详细信息。
以下示例显示了`AwsEc2Vpc`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2Vpc`属性的描述,请参阅《*Amazon Security Hub API 参考*》VpcDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2VpcDetails.html)。
**示例**
```
"AwsEc2Vpc": {
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
"CidrBlock": "192.0.2.0/24",
"CidrBlockState": "associated"
}
],
"DhcpOptionsId": "dopt-4e42ce28",
"Ipv6CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
"CidrBlockState": "associated",
"Ipv6CidrBlock": "192.0.2.0/24"
}
],
"State": "available"
}
```
## AwsEc2VpcEndpointService
`AwsEc2VpcEndpointService` 对象包含有关 VPC 端点服务的服务配置的详细信息。
以下示例显示了`AwsEc2VpcEndpointService`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2VpcEndpointService`属性的描述,请参阅《*Amazon Security Hub API 参考*》VpcEndpointServiceDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2VpcEndpointServiceDetails.html)。
**示例**
```
"AwsEc2VpcEndpointService": {
"ServiceType": [
{
"ServiceType": "Interface"
}
],
"ServiceId": "vpce-svc-example1",
"ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1",
"ServiceState": "Available",
"AvailabilityZones": [
"us-east-1"
],
"AcceptanceRequired": true,
"ManagesVpcEndpoints": false,
"NetworkLoadBalancerArns": [
"arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1"
],
"GatewayLoadBalancerArns": [],
"BaseEndpointDnsNames": [
"vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com"
],
"PrivateDnsName": "my-private-dns"
}
```
## AwsEc2VpcPeeringConnection
该`AwsEc2VpcPeeringConnection`对象提供有关两者之间网络连接的详细信息 VPCs。
以下示例显示了`AwsEc2VpcPeeringConnection`对象 Amazon 的安全调查结果格式 (ASFF)。要查看`AwsEc2VpcPeeringConnection`属性的描述,请参阅《*Amazon Security Hub API 参考*》VpcPeeringConnectionDetails中的 [AwsEc2](https://docs.amazonaws.cn/securityhub/1.0/APIReference/API_AwsEc2VpcPeeringConnectionDetails.html)。
**示例**
```
"AwsEc2VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "10.0.0.0/28",
"CidrBlockSet": [{
"CidrBlock": "10.0.0.0/28"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
}],
"OwnerId": "012345678910",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": true,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": true
},
"Region": "us-west-2",
"VpcId": "vpc-i123456"
},
"ExpirationTime": "2022-02-18T15:31:53.161Z",
"RequesterVpcInfo": {
"CidrBlock": "192.168.0.0/28",
"CidrBlockSet": [{
"CidrBlock": "192.168.0.0/28"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
}],
"OwnerId": "012345678910",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": true,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": true
},
"Region": "us-west-2",
"VpcId": "vpc-i123456"
},
"Status": {
"Code": "initiating-request",
"Message": "Active"
},
"VpcPeeringConnectionId": "pcx-1a2b3c4d"
}
```