本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
了解 IAM 身份中心 CloudTrail 的事件
跟踪是一种配置,可用于将事件传送到您指定的 Amazon S3 存储桶。事件代表来自任何来源的单个请求,包括有关请求的操作、操作的日期和时间、请求参数等的信息。 CloudTrail 事件不是公共 API 调用的有序堆栈跟踪,因此它们不会按任何特定的顺序出现。在《CloudTrail 用户指南》中了解 CloudTrail 记录的内容。
以下示例显示了在 IAM Identity Center 控制台中发生的管理员 CloudTrail 日志条目 (samadams@example.com):
{ "Records":[ { "eventVersion":"1.05", "userIdentity":{ "type":"IAMUser", "principalId":"AIDAJAIENLMexample", "arn":"arn:aws:iam::08966example:user/samadams", "accountId":"111122223333", "accessKeyId":"AKIAIIJM2K4example", "userName":"samadams" }, "eventTime":"2017-11-29T22:39:43Z", "eventSource":"sso.amazonaws.com", "eventName":"DescribePermissionsPolicies", "awsRegion":"us-east-1", "sourceIPAddress":"203.0.113.0", "userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36", "requestParameters":{ "permissionSetId":"ps-79a0dde74b95ed05" }, "responseElements":null, "requestID":"319ac6a1-d556-11e7-a34f-69a333106015", "eventID":"a93a952b-13dd-4ae5-a156-d3ad6220b071", "readOnly":true, "resources":[ ], "eventType":"AwsApiCall", "recipientAccountId":"111122223333" } ] }
以下示例显示了 Amazon Web Services 访问门户中发生的最终用户 (bobsmith@example.com) 操作的 CloudTrail 日志条目:
{ "Records":[ { "eventVersion":"1.05", "userIdentity":{ "type":"Unknown", "principalId":"example.com//S-1-5-21-1122334455-3652759393-4233131409-1126", "accountId":"111122223333", "userName":"bobsmith@example.com", "onBehalfOf": { "userId": "94d00cd8-e9e6-4810-b177-b08e84775435", "identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890" }, "credentialId" : "cdee2490-82ed-43b3-96ee-b75fbf0b97a5" }, "eventTime":"2017-11-29T18:48:28Z", "eventSource":"sso.amazonaws.com", "eventName":"ListApplications", "awsRegion":"us-east-1", "sourceIPAddress":"203.0.113.0", "userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36", "requestParameters":null, "responseElements":null, "requestID":"de6c0435-ce4b-49c7-9bcc-bc5ed631ce04", "eventID":"e6e1f3df-9528-4c6d-a877-6b2b895d1f91", "eventType":"AwsApiCall", "recipientAccountId":"111122223333" } ] }
以下示例显示了在 IAM Identity Center OIDC 中发生的最终用户 (bobsmith@example.com) 操作的 CloudTrail 日志条目:
{ "eventVersion": "1.05", "userIdentity": { "type": "Unknown", "principalId": "example.com//S-1-5-21-1122334455-3652759393-4233131409-1126", "accountId": "111122223333", "userName": "bobsmith@example.com", "onBehalfOf": { "userId": "94d00cd8-e9e6-4810-b177-b08e84775435", "identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890" }, "credentialId" : "cdee2490-82ed-43b3-96ee-b75fbf0b97a5" }, "eventTime": "2020-06-16T01:31:15Z", "eventSource": "sso.amazonaws.com", "eventName": "CreateToken", "awsRegion": "us-east-1", "sourceIPAddress": "203.0.113.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36", "requestParameters": { "clientId": "clientid1234example", "clientSecret": "HIDDEN_DUE_TO_SECURITY_REASONS", "grantType": "urn:ietf:params:oauth:grant-type:device_code", "deviceCode": "devicecode1234example" }, "responseElements": { "accessToken": "HIDDEN_DUE_TO_SECURITY_REASONS", "tokenType": "Bearer", "expiresIn": 28800, "refreshToken": "HIDDEN_DUE_TO_SECURITY_REASONS", "idToken": "HIDDEN_DUE_TO_SECURITY_REASONS" }, "eventID": "09a6e1a9-50e5-45c0-9f08-e6ef5089b262", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "IdentityStoreId", "ARN": "d-1234567890" } ], "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }