AwsIam 中的资源 ASFF - Amazon Security Hub
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

AwsIam 中的资源 ASFF

以下是AwsIam资源 Amazon 的安全调查结果格式 (ASFF) 语法的示例。

Amazon Security Hub 将来自各种来源的发现标准化为ASFF。有关背景信息ASFF,请参阅Amazon 安全调查结果格式 (ASFF)

AwsIamAccessKey

AwsIamAccessKey对象包含与调查结果相关的IAM访问密钥的详细信息。

以下示例显示了AwsIamAccessKey对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsIamAccessKey属性的描述,请参阅Amazon Security Hub API参考文献AwsIamAccessKeyDetails中的。

示例

"AwsIamAccessKey": { "AccessKeyId": "string", "AccountId": "string", "CreatedAt": "string", "PrincipalId": "string", "PrincipalName": "string", "PrincipalType": "string", "SessionContext": { "Attributes": { "CreationDate": "string", "MfaAuthenticated": boolean }, "SessionIssuer": { "AccountId": "string", "Arn": "string", "PrincipalId": "string", "Type": "string", "UserName": "string" } }, "Status": "string" }

AwsIamGroup

AwsIamGroup对象包含有关IAM群组的详细信息。

以下示例显示了AwsIamGroup对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsIamGroup属性的描述,请参阅Amazon Security Hub API参考文献AwsIamGroupDetails中的。

示例

"AwsIamGroup": { "AttachedManagedPolicies": [ { "PolicyArn": "arn:aws:iam::aws:policy/ExampleManagedAccess", "PolicyName": "ExampleManagedAccess", } ], "CreateDate": "2020-04-28T14:08:37.000Z", "GroupId": "AGPA4TPS3VLP7QEXAMPLE", "GroupName": "Example_User_Group", "GroupPolicyList": [ { "PolicyName": "ExampleGroupPolicy" } ], "Path": "/" }

AwsIamPolicy

AwsIamPolicy对象表示IAM权限策略。

以下示例显示了AwsIamPolicy对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsIamPolicy属性的描述,请参阅Amazon Security Hub API参考文献AwsIamPolicyDetails中的。

示例

"AwsIamPolicy": { "AttachmentCount": 1, "CreateDate": "2017-09-14T08:17:29.000Z", "DefaultVersionId": "v1", "Description": "Example IAM policy", "IsAttachable": true, "Path": "/", "PermissionsBoundaryUsageCount": 5, "PolicyId": "ANPAJ2UCCR6DPCEXAMPLE", "PolicyName": "EXAMPLE-MANAGED-POLICY", "PolicyVersionList": [ { "VersionId": "v1", "IsDefaultVersion": true, "CreateDate": "2017-09-14T08:17:29.000Z" } ], "UpdateDate": "2017-09-14T08:17:29.000Z" }

AwsIamRole

AwsIamRole对象包含有关IAM角色的信息,包括该角色的所有策略。

以下示例显示了AwsIamRole对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsIamRole属性的描述,请参阅Amazon Security Hub API参考文献AwsIamRoleDetails中的。

示例

"AwsIamRole": { "AssumeRolePolicyDocument": "{'Version': '2012-10-17','Statement': [{'Effect': 'Allow','Action': 'sts:AssumeRole'}]}", "AttachedManagedPolicies": [ { "PolicyArn": "arn:aws:iam::aws:policy/ExamplePolicy1", "PolicyName": "Example policy 1" }, { "PolicyArn": "arn:aws:iam::444455556666:policy/ExamplePolicy2", "PolicyName": "Example policy 2" } ], "CreateDate": "2020-03-14T07:19:14.000Z", "InstanceProfileList": [ { "Arn": "arn:aws:iam::333333333333:ExampleProfile", "CreateDate": "2020-03-11T00:02:27Z", "InstanceProfileId": "AIPAIXEU4NUHUPEXAMPLE", "InstanceProfileName": "ExampleInstanceProfile", "Path": "/", "Roles": [ { "Arn": "arn:aws:iam::444455556666:role/example-role", "AssumeRolePolicyDocument": "", "CreateDate": "2020-03-11T00:02:27Z", "Path": "/", "RoleId": "AROAJ52OTH4H7LEXAMPLE", "RoleName": "example-role", } ] } ], "MaxSessionDuration": 3600, "Path": "/", "PermissionsBoundary": { "PermissionsBoundaryArn": "arn:aws:iam::aws:policy/AdministratorAccess", "PermissionsBoundaryType": "PermissionsBoundaryPolicy" }, "RoleId": "AROA4TPS3VLEXAMPLE", "RoleName": "BONESBootstrapHydra-OverbridgeOpsFunctionsLambda", "RolePolicyList": [ { "PolicyName": "Example role policy" } ] }

AwsIamUser

AwsIamUser 对象提供有关用户的信息。

以下示例显示了AwsIamUser对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsIamUser属性的描述,请参阅Amazon Security Hub API参考文献AwsIamUserDetails中的。

示例

"AwsIamUser": { "AttachedManagedPolicies": [ { "PolicyName": "ExamplePolicy", "PolicyArn": "arn:aws:iam::aws:policy/ExampleAccess" } ], "CreateDate": "2018-01-26T23:50:05.000Z", "GroupList": [], "Path": "/", "PermissionsBoundary" : { "PermissionsBoundaryArn" : "arn:aws:iam::aws:policy/AdministratorAccess", "PermissionsBoundaryType" : "PermissionsBoundaryPolicy" }, "UserId": "AIDACKCEVSQ6C2EXAMPLE", "UserName": "ExampleUser", "UserPolicyList": [ { "PolicyName": "InstancePolicy" } ] }