本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 使用记录 Amazon SNS API 调用 Amazon CloudTrail
Amazon SNS 与[Amazon CloudTrail](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-user-guide.html)一项服务集成,该服务提供用户、角色或角色所执行操作的 Amazon Web Services 服务记录。 CloudTrail 将 SNS 的所有 API 调用捕获为事件。捕获的调用包括来自 SNS 控制台的调用和对 SNS API 操作的代码调用。使用收集的信息 CloudTrail,您可以确定向 SNS 发出的请求、发出请求的 IP 地址、发出请求的时间以及其他详细信息。
每个事件或日志条目都包含有关生成请求的人员信息。身份信息有助于您确定以下内容:
+ 请求是使用根用户凭证还是用户凭证发出的。
+ 请求是否代表 IAM Identity Center 用户发出。
+ 请求是使用角色还是联合用户的临时安全凭证发出的。
+ 请求是否由其他 Amazon Web Services 服务发出。
CloudTrail 在您创建账户 Amazon Web Services 账户 时在您的账户中处于活动状态,并且您可以自动访问 CloudTrail **活动历史记录**。 CloudTrail **事件历史记录**提供了过去 90 天中记录的管理事件的可查看、可搜索、可下载且不可变的记录。 Amazon Web Services 区域有关更多信息,请参阅《*Amazon CloudTrail 用户指南》*中的 “[使用 CloudTrail 事件历史记录](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/view-cloudtrail-events.html)”。查看**活动历史记录**不 CloudTrail收取任何费用。
要持续记录 Amazon Web Services 账户 过去 90 天内的事件,请创建跟踪或 [CloudTrailLake](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-lake.html) 事件数据存储。
**CloudTrail 步道**
*跟踪*允许 CloudTrail 将日志文件传输到 Amazon S3 存储桶。使用创建的所有跟踪 Amazon Web Services 管理控制台 都是多区域的。您可以通过使用 Amazon CLI创建单区域或多区域跟踪。建议创建多区域跟踪,因为您可以捕获账户 Amazon Web Services 区域 中的所有活动。如果您创建单区域跟踪,则只能查看跟踪的 Amazon Web Services 区域中记录的事件。有关跟踪的更多信息,请参阅《Amazon CloudTrail 用户指南》**中的[为您的 Amazon Web Services 账户创建跟踪](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)和[为组织创建跟踪](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/creating-trail-organization.html)。
通过创建跟踪,您可以免费将正在进行的管理事件的一份副本传送到您的 Amazon S3 存储桶,但会收取 Amazon S3 存储费用。 CloudTrail 有关 CloudTrail 定价的更多信息,请参阅[Amazon CloudTrail 定价](https://www.amazonaws.cn/cloudtrail/pricing/)。有关 Amazon S3 定价的信息,请参阅 [Amazon S3 定价](https://www.amazonaws.cn/s3/pricing/)。
**CloudTrail 湖泊事件数据存储**
CloudTrail L@@ *ak* e 允许您对事件运行基于 SQL 的查询。 CloudTrail Lake 将基于行的 JSON 格式的现有事件转换为 [Apache ORC](https://orc.apache.org/) 格式。ORC 是一种针对快速检索数据进行优化的列式存储格式。事件将被聚合到*事件数据存储*中,它是基于您通过应用[高级事件选择器](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-lake-concepts.html#adv-event-selectors)选择的条件的不可变的事件集合。应用于事件数据存储的选择器用于控制哪些事件持续存在并可供您查询。有关 CloudTrail Lake 的更多信息,[请参阅*Amazon CloudTrail 用户指南*中的使用 Amazon CloudTrail Lake](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-lake.html)。
CloudTrail 湖泊事件数据存储和查询会产生费用。创建事件数据存储时,您可以选择要用于事件数据存储的[定价选项](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-lake-manage-costs.html#cloudtrail-lake-manage-costs-pricing-option)。定价选项决定了摄取和存储事件的成本,以及事件数据存储的默认和最长保留期。有关 CloudTrail 定价的更多信息,请参阅[Amazon CloudTrail 定价](https://www.amazonaws.cn/cloudtrail/pricing/)。
## 中的 SNS 数据事件 CloudTrail
[数据事件](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events)可提供对资源或在资源中所执行资源操作(例如,读取或写入 Amazon S3 对象)的相关信息。这些也称为数据面板操作。数据事件通常是高容量活动。默认情况下, CloudTrail 不记录数据事件。 CloudTrail **事件历史**记录不记录数据事件。
记录数据事件将收取额外费用。有关 CloudTrail 定价的更多信息,请参阅[Amazon CloudTrail 定价](https://www.amazonaws.cn/cloudtrail/pricing/)。
您可以使用 CloudTrail 控制台、 Amazon CLI或 CloudTrail API 操作记录 SNS 资源类型的数据事件。有关如何记录数据事件的更多信息,请参阅《Amazon CloudTrail 用户指南》**中的[使用 Amazon Web Services 管理控制台记录数据事件](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-console)和[使用 Amazon Command Line Interface记录数据事件](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-with-the-AWS-CLI)。
下表列出了可以记录数据事件的 SNS 资源类型。**数据事件类型(控制台)**列显示要从控制 CloudTrail 台上的**数据事件类型**列表中选择的值。res **ources.type 值**列显示该`resources.type`值,您将在使用或配置高级事件选择器时指定该值。 Amazon CLI CloudTrail APIs“** APIs 记录到的数据 CloudTrail**” 列显示了 CloudTrail 针对该资源类型记录的 API 调用。
| 数据事件类型(控制台) | resources.type 值 | 数据 APIs 已记录到 CloudTrail |
| --- | --- | --- |
| SNS 主题 | [https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topic.html](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topic.html) | [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/sns/latest/dg/logging-using-cloudtrail.html) |
| SNS 平台端点 | AWS::SNS::PlatformEndpoint | [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/sns/latest/dg/logging-using-cloudtrail.html) |
**注意**
未记录 SNS 资源类型`AWS::SNS::PhoneNumber`。 CloudTrail
您可以将高级事件选择器配置为在 `eventName`、`readOnly` 和 `resources.ARN` 字段上进行筛选,从而仅记录那些对您很重要的事件。有关这些字段的更多信息,请参阅《Amazon CloudTrail API 参考》**中的 [https://docs.amazonaws.cn/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html](https://docs.amazonaws.cn/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html)。
有关记录数据事件的信息,请参阅 CloudTrail 用户指南 Amazon CLI 中的使用记录数据事件 Amazon Web Services 管理控制台 和使用记录数据事件。
## 中的 SNS 管理事件 CloudTrail
[管理事件](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html#logging-management-events)提供有关对中的资源执行的管理操作的信息 Amazon Web Services 账户。这些也称为控制面板操作。默认情况下, CloudTrail 记录管理事件。
Amazon SNS 将以下 SNS 控制平面操作记录 CloudTrail 为*管理*事件。
+ `[AddPermission](https://docs.amazonaws.cn/sns/latest/api/API_AddPermission.html)`
+ `[CheckIfPhoneNumberIsOptedOut](https://docs.amazonaws.cn/sns/latest/api/API_CheckIfPhoneNumberIsOptedOut.html)`
+ `[ConfirmSubscription](https://docs.amazonaws.cn/sns/latest/api/API_ConfirmSubscription.html)`
+ `[CreatePlatformApplication](https://docs.amazonaws.cn/sns/latest/api/API_CreatePlatformApplication.html)`
+ `[CreatePlatformEndpoint](https://docs.amazonaws.cn/sns/latest/api/API_CreatePlatformEndpoint.html)`
+ `[CreateSMSSandboxPhoneNumber](https://docs.amazonaws.cn/sns/latest/api/API_CreateSMSSandboxPhoneNumber.html)`
+ `[CreateTopic](https://docs.amazonaws.cn/sns/latest/api/API_CreateTopic.html)`
+ `[DeleteEndpoint](https://docs.amazonaws.cn/sns/latest/api/API_DeleteEndpoint.html)`
+ `[DeletePlatformApplication](https://docs.amazonaws.cn/sns/latest/api/API_DeletePlatformApplication.html)`
+ `[DeleteSMSSandboxPhoneNumber](https://docs.amazonaws.cn/sns/latest/api/API_DeleteSMSSandboxPhoneNumber.html)`
+ `[DeleteTopic](https://docs.amazonaws.cn/sns/latest/api/API_DeleteTopic.html)`
+ `[GetDataProtectionPolicy](https://docs.amazonaws.cn/sns/latest/api/API_GetDataProtectionPolicy.html)`
+ `[GetEndpointAttributes](https://docs.amazonaws.cn/sns/latest/api/API_GetEndpointAttributes.html)`
+ `[GetPlatformApplicationAttributes](https://docs.amazonaws.cn/sns/latest/api/API_GetPlatformApplicationAttributes.html)`
+ `[GetSMSAttributes](https://docs.amazonaws.cn/sns/latest/api/API_GetSMSAttributes.html)`
+ `[GetSMSSandboxAccountStatus](https://docs.amazonaws.cn/sns/latest/api/API_GetSMSSandboxAccountStatus.html)`
+ `[GetSubscriptionAttributes](https://docs.amazonaws.cn/sns/latest/api/API_GetSubscriptionAttributes.html)`
+ `[GetTopicAttributes](https://docs.amazonaws.cn/sns/latest/api/API_GetTopicAttributes.html)`
+ `[ListEndpointsByPlatformApplication](https://docs.amazonaws.cn/sns/latest/api/API_ListEndpointsByPlatformApplication.html)`
+ `[ListOriginationNumbers](https://docs.amazonaws.cn/sns/latest/api/API_ListOriginationNumbers.html)`
+ `[ListPhoneNumbersOptedOut](https://docs.amazonaws.cn/sns/latest/api/API_ListPhoneNumbersOptedOut.html)`
+ `[ListPlatformApplications](https://docs.amazonaws.cn/sns/latest/api/API_ListPlatformApplications.html)`
+ `[ListSMSSandboxPhoneNumbers](https://docs.amazonaws.cn/sns/latest/api/API_ListSMSSandboxPhoneNumbers.html)`
+ `[ListSubscriptions](https://docs.amazonaws.cn/sns/latest/api/API_ListSubscriptions.html)`
+ `[ListSubscriptionsByTopic](https://docs.amazonaws.cn/sns/latest/api/API_ListSubscriptionsByTopic.html)`
+ `[ListTagsForResource](https://docs.amazonaws.cn/sns/latest/api/API_ListTagsForResource.html)`
+ `[ListTopics](https://docs.amazonaws.cn/sns/latest/api/API_ListTopics.html)`
+ `[OptInPhoneNumber](https://docs.amazonaws.cn/sns/latest/api/API_OptInPhoneNumber.html)`
+ `[PutDataProtectionPolicy](https://docs.amazonaws.cn/sns/latest/api/API_PutDataProtectionPolicy.html)`
+ `[RemovePermission](https://docs.amazonaws.cn/sns/latest/api/API_RemovePermission.html)`
+ `[SetEndpointAttributes](https://docs.amazonaws.cn/sns/latest/api/API_SetEndpointAttributes.html)`
+ `[SetPlatformApplicationAttributes](https://docs.amazonaws.cn/sns/latest/api/API_SetPlatformApplicationAttributes.html)`
+ `[SetSMSAttributes](https://docs.amazonaws.cn/sns/latest/api/API_SetSMSAttributes.html)`
+ `[SetSubscriptionAttributes](https://docs.amazonaws.cn/sns/latest/api/API_SetSubscriptionAttributes.html)`
+ `[SetTopicAttributes](https://docs.amazonaws.cn/sns/latest/api/API_SetTopicAttributes.html)`
+ `[Subscribe](https://docs.amazonaws.cn/sns/latest/api/API_Subscribe.html)`
+ `[TagResource](https://docs.amazonaws.cn/sns/latest/api/API_TagResource.html)`
+ `[Unsubscribe](https://docs.amazonaws.cn/sns/latest/api/API_Unsubscribe.html)`
+ `[UntagResource](https://docs.amazonaws.cn/sns/latest/api/API_UntagResource.html)`
+ `[VerifySMSSandboxPhoneNumber](https://docs.amazonaws.cn/sns/latest/api/API_VerifySMSSandboxPhoneNumber.html)`
**注意**
如果您未登录到 Amazon Web Services(未经身份验证的模式),并且调用了[https://docs.amazonaws.cn/sns/latest/api/API_ConfirmSubscription.html](https://docs.amazonaws.cn/sns/latest/api/API_ConfirmSubscription.html)或[https://docs.amazonaws.cn/sns/latest/api/API_Unsubscribe.html](https://docs.amazonaws.cn/sns/latest/api/API_Unsubscribe.html)操作,则这些操作将不会被登录到 CloudTrail。例如,当您选择电子邮件通知中提供的链接确认对某一主题的待确认订阅时,会在未验证模式下调用 `ConfirmSubscription` 操作。在此示例中,`ConfirmSubscription`操作不会记录到 CloudTrail。
## SNS 事件示例
事件代表来自任何来源的单个请求,包括有关所请求的 API 操作、操作的日期和时间、请求参数等的信息。 CloudTrail 日志文件不是公共 API 调用的有序堆栈跟踪,因此事件不会按任何特定顺序出现。
以下示例显示了一个演示**`ListTopics`**`CreateTopic`、和`DeleteTopic`操作 CloudTrail 的事件。
```
{
"Records": [
{
"eventVersion": "1.02",
"userIdentity": {
"type": "IAMUser",
"userName": "Bob",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:user/Bob",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE"
},
"eventTime": "2014-09-30T00:00:00Z",
"eventSource": "sns.amazonaws.com",
"eventName": "ListTopics",
"awsRegion": "us-west-2",
"sourceIPAddress": "127.0.0.1",
"userAgent": "aws-sdk-java/unknown-version",
"requestParameters": {
"nextToken": "ABCDEF1234567890EXAMPLE=="
},
"responseElements": null,
"requestID": "example1-b9bb-50fa-abdb-80f274981d60",
"eventID": "example0-09a3-47d6-a810-c5f9fd2534fe",
"eventType": "AwsApiCall",
"recipientAccountId": "123456789012"
},
{
"eventVersion": "1.02",
"userIdentity": {
"type": "IAMUser",
"userName": "Bob",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:user/Bob",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE"
},
"eventTime": "2014-09-30T00:00:00Z",
"eventSource": "sns.amazonaws.com",
"eventName": "CreateTopic",
"awsRegion": "us-west-2",
"sourceIPAddress": "127.0.0.1",
"userAgent": "aws-sdk-java/unknown-version",
"requestParameters": {
"name": "hello"
},
"responseElements": {
"topicArn": "arn:aws:sns:us-west-2:123456789012:hello-topic"
},
"requestID": "example7-5cd3-5323-8a00-f1889011fee9",
"eventID": "examplec-4f2f-4625-8378-130ac89660b1",
"eventType": "AwsApiCall",
"recipientAccountId": "123456789012"
},
{
"eventVersion": "1.02",
"userIdentity": {
"type": "IAMUser",
"userName": "Bob",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:user/Bob",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE"
},
"eventTime": "2014-09-30T00:00:00Z",
"eventSource": "sns.amazonaws.com",
"eventName": "DeleteTopic",
"awsRegion": "us-west-2",
"sourceIPAddress": "127.0.0.1",
"userAgent": "aws-sdk-java/unknown-version",
"requestParameters": {
"topicArn": "arn:aws:sns:us-west-2:123456789012:hello-topic"
},
"responseElements": null,
"requestID": "example5-4faa-51d5-aab2-803a8294388d",
"eventID": "example8-6443-4b4d-abfd-1b867280d964",
"eventType": "AwsApiCall",
"recipientAccountId": "123456789012"
}
]
}
```
以下示例显示了一个演示`Publish`操作 CloudTrail 的事件。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:user/Bob",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAIOSFODNN7EXAMPLE",
"arn": "arn:aws:iam::123456789012:role/Admin",
"accountId": "123456789012",
"userName": "ExampleUser"
},
"attributes": {
"creationDate": "2023-08-21T16:44:05Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-08-21T16:48:37Z",
"eventSource": "sns.amazonaws.com",
"eventName": "Publish",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16",
"requestParameters": {
"topicArn": "arn:aws:sns:us-east-1:123456789012:ExampleSNSTopic",
"message": "HIDDEN_DUE_TO_SECURITY_REASONS",
"subject": "HIDDEN_DUE_TO_SECURITY_REASONS",
"messageStructure": "json",
"messageAttributes": "HIDDEN_DUE_TO_SECURITY_REASONS"
},
"responseElements": {
"messageId": "0787cd1e-d92b-521c-a8b4-90434e8ef840"
},
"requestID": "0a8ab208-11bf-5e01-bd2d-ef55861b545d",
"eventID": "bb3496d4-5252-4660-9c28-3c6aebdb21c0",
"readOnly": false,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::SNS::Topic",
"ARN": "arn:aws:sns:us-east-1:123456789012:ExampleSNSTopic"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "sns.us-east-1.amazonaws.com"
}
}
```
以下示例显示了一个演示`PublishBatch`操作 CloudTrail 的事件。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:user/Bob",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAIOSFODNN7EXAMPLE",
"arn": "arn:aws:iam::123456789012:role/Admin",
"accountId": "123456789012",
"userName": "ExampleUser"
},
"attributes": {
"creationDate": "2023-08-21T19:20:49Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-08-21T19:22:01Z",
"eventSource": "sns.amazonaws.com",
"eventName": "PublishBatch",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16",
"requestParameters": {
"topicArn": "arn:aws:sns:us-east-1:123456789012:ExampleSNSTopic",
"publishBatchRequestEntries": [
{
"id": "1",
"message": "HIDDEN_DUE_TO_SECURITY_REASONS"
},
{
"id": "2",
"message": "HIDDEN_DUE_TO_SECURITY_REASONS"
}
]
},
"responseElements": {
"successful": [
{
"id": "1",
"messageId": "30d68101-a64a-5573-9e10-dc5c1dd3af2f"
},
{
"id": "2",
"messageId": "c0aa0c5c-561d-5455-b6c4-5101ed84de09"
}
],
"failed": []
},
"requestID": "e2cdf7f3-1b35-58ad-ac9e-aaaea0ace2f1",
"eventID": "10da9a14-0154-4ab6-b3a5-1825b229a7ed",
"readOnly": false,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::SNS::Topic",
"ARN": "arn:aws:sns:us-east-1:123456789012:ExampleSNSTopic"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "sns.us-east-1.amazonaws.com"
}
}
```
有关 CloudTrail 录音内容的信息,请参阅《*Amazon CloudTrail 用户指南》*中的[CloudTrail录制内容](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html)。