本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AwsIam 中的资源 ASFF
以下是AwsIam
资源 Amazon 的安全调查结果格式 (ASFF) 语法的示例。
Amazon Security Hub 将来自各种来源的发现标准化为ASFF。有关背景信息ASFF,请参阅Amazon 安全调查结果格式 (ASFF)。
AwsIamAccessKey
该AwsIamAccessKey
对象包含与调查结果相关的IAM访问密钥的详细信息。
以下示例显示了AwsIamAccessKey
对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsIamAccessKey
属性的描述,请参阅Amazon Security Hub API参考文献AwsIamAccessKeyDetails中的。
示例
"AwsIamAccessKey": { "AccessKeyId": "string", "AccountId": "string", "CreatedAt": "string", "PrincipalId": "string", "PrincipalName": "string", "PrincipalType": "string", "SessionContext": { "Attributes": { "CreationDate": "string", "MfaAuthenticated": boolean }, "SessionIssuer": { "AccountId": "string", "Arn": "string", "PrincipalId": "string", "Type": "string", "UserName": "string" } }, "Status": "string" }
AwsIamGroup
该AwsIamGroup
对象包含有关IAM群组的详细信息。
以下示例显示了AwsIamGroup
对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsIamGroup
属性的描述,请参阅Amazon Security Hub API参考文献AwsIamGroupDetails中的。
示例
"AwsIamGroup": { "AttachedManagedPolicies": [ { "PolicyArn": "arn:aws:iam::aws:policy/ExampleManagedAccess", "PolicyName": "ExampleManagedAccess", } ], "CreateDate": "2020-04-28T14:08:37.000Z", "GroupId": "AGPA4TPS3VLP7QEXAMPLE", "GroupName": "Example_User_Group", "GroupPolicyList": [ { "PolicyName": "ExampleGroupPolicy" } ], "Path": "/" }
AwsIamPolicy
该AwsIamPolicy
对象表示IAM权限策略。
以下示例显示了AwsIamPolicy
对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsIamPolicy
属性的描述,请参阅Amazon Security Hub API参考文献AwsIamPolicyDetails中的。
示例
"AwsIamPolicy": { "AttachmentCount": 1, "CreateDate": "2017-09-14T08:17:29.000Z", "DefaultVersionId": "v1", "Description": "Example IAM policy", "IsAttachable": true, "Path": "/", "PermissionsBoundaryUsageCount": 5, "PolicyId": "ANPAJ2UCCR6DPCEXAMPLE", "PolicyName": "EXAMPLE-MANAGED-POLICY", "PolicyVersionList": [ { "VersionId": "v1", "IsDefaultVersion": true, "CreateDate": "2017-09-14T08:17:29.000Z" } ], "UpdateDate": "2017-09-14T08:17:29.000Z" }
AwsIamRole
该AwsIamRole
对象包含有关IAM角色的信息,包括该角色的所有策略。
以下示例显示了AwsIamRole
对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsIamRole
属性的描述,请参阅Amazon Security Hub API参考文献AwsIamRoleDetails中的。
示例
"AwsIamRole": { "AssumeRolePolicyDocument": "{'Version': '2012-10-17','Statement': [{'Effect': 'Allow','Action': 'sts:AssumeRole'}]}", "AttachedManagedPolicies": [ { "PolicyArn": "arn:aws:iam::aws:policy/ExamplePolicy1", "PolicyName": "Example policy 1" }, { "PolicyArn": "arn:aws:iam::444455556666:policy/ExamplePolicy2", "PolicyName": "Example policy 2" } ], "CreateDate": "2020-03-14T07:19:14.000Z", "InstanceProfileList": [ { "Arn": "arn:aws:iam::333333333333:ExampleProfile", "CreateDate": "2020-03-11T00:02:27Z", "InstanceProfileId": "AIPAIXEU4NUHUPEXAMPLE", "InstanceProfileName": "ExampleInstanceProfile", "Path": "/", "Roles": [ { "Arn": "arn:aws:iam::444455556666:role/example-role", "AssumeRolePolicyDocument": "", "CreateDate": "2020-03-11T00:02:27Z", "Path": "/", "RoleId": "AROAJ52OTH4H7LEXAMPLE", "RoleName": "example-role", } ] } ], "MaxSessionDuration": 3600, "Path": "/", "PermissionsBoundary": { "PermissionsBoundaryArn": "arn:aws:iam::aws:policy/AdministratorAccess", "PermissionsBoundaryType": "PermissionsBoundaryPolicy" }, "RoleId": "AROA4TPS3VLEXAMPLE", "RoleName": "BONESBootstrapHydra-OverbridgeOpsFunctionsLambda", "RolePolicyList": [ { "PolicyName": "Example role policy" } ] }
AwsIamUser
AwsIamUser
对象提供有关用户的信息。
以下示例显示了AwsIamUser
对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsIamUser
属性的描述,请参阅Amazon Security Hub API参考文献AwsIamUserDetails中的。
示例
"AwsIamUser": { "AttachedManagedPolicies": [ { "PolicyName": "ExamplePolicy", "PolicyArn": "arn:aws:iam::aws:policy/ExampleAccess" } ], "CreateDate": "2018-01-26T23:50:05.000Z", "GroupList": [], "Path": "/", "PermissionsBoundary" : { "PermissionsBoundaryArn" : "arn:aws:iam::aws:policy/AdministratorAccess", "PermissionsBoundaryType" : "PermissionsBoundaryPolicy" }, "UserId": "AIDACKCEVSQ6C2EXAMPLE", "UserName": "ExampleUser", "UserPolicyList": [ { "PolicyName": "InstancePolicy" } ] }