**引入全新的主机体验 Amazon WAF**

现在，您可以使用更新的体验访问控制台中任意位置的 Amazon WAF 功能。有关更多详细信息，请参阅[使用控制台](https://docs.amazonaws.cn/waf/latest/developerguide/working-with-console.html)。

本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# Amazon Shield Advanced 信息在 CloudTrail
<a name="shield-info-in-cloudtrail"></a>

Amazon Shield Advanced 支持将以下操作作为事件记录在 CloudTrail 日志文件中：
+ [ListAttacks](https://docs.amazonaws.cn/waf/latest/DDOSAPIReference/API_ListAttacks.html)
+ [DescribeAttack](https://docs.amazonaws.cn/waf/latest/DDOSAPIReference/API_DescribeAttack.html)
+ [CreateProtection](https://docs.amazonaws.cn/waf/latest/DDOSAPIReference/API_CreateProtection.html)
+ [DescribeProtection](https://docs.amazonaws.cn/waf/latest/DDOSAPIReference/API_DescribeProtection.html)
+ [DeleteProtection](https://docs.amazonaws.cn/waf/latest/DDOSAPIReference/API_DeleteProtection.html)
+ [ListProtections](https://docs.amazonaws.cn/waf/latest/DDOSAPIReference/API_ListProtections.html)
+ [CreateSubscription](https://docs.amazonaws.cn/waf/latest/DDOSAPIReference/API_CreateSubscription.html)
+ [DescribeSubscription](https://docs.amazonaws.cn/waf/latest/DDOSAPIReference/API_DescribeSubscription.html)
+ [GetSubscriptionState](https://docs.amazonaws.cn/waf/latest/DDOSAPIReference/API_GetSubscriptionState.html)

每个事件或日志条目都包含有关生成请求的人员信息。身份信息有助于您确定以下内容：
+ 请求是否使用根用户凭证发出。
+ 请求是使用角色还是联合用户的临时安全凭证发出的。
+ 请求是否由其他 Amazon 服务发出。

有关更多信息，请参阅 [CloudTrail userIdentity 元素](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。

## 示例：Shield Advanced 日志文件条目
<a name="understanding-service-name-entries-shield"></a>

跟踪是一种配置，允许将事件作为日志文件传输到您指定的 Amazon S3 存储桶。 CloudTrail 日志文件包含一个或多个日志条目。事件代表来自任何来源的单个请求，包括有关请求的操作、操作的日期和时间、请求参数等的信息。 CloudTrail 日志文件不是公共 API 调用的有序堆栈跟踪，因此它们不会按任何特定顺序出现。

以下示例显示了一个演示`DeleteProtection`和`ListProtections`操作的 CloudTrail 日志条目。

```
 
 [
  {
    "eventVersion": "1.05",
    "userIdentity": {
      "type": "IAMUser",
      "principalId": "1234567890987654321231",
      "arn": "arn:aws:iam::123456789012:user/SampleUser",
      "accountId": "123456789012",
      "accessKeyId": "1AFGDT647FHU83JHFI81H",
      "userName": "SampleUser"
    },
    "eventTime": "2018-01-10T21:31:14Z",
    "eventSource": "shield.amazonaws.com",
    "eventName": "DeleteProtection",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "Amazon Internal",
    "userAgent": "aws-cli/1.14.10 Python/3.6.4 Darwin/16.7.0 botocore/1.8.14",
    "requestParameters": {
      "protectionId": "12345678-5104-46eb-bd03-agh4j8rh3b6n"
    },
    "responseElements": null,
    "requestID": "95bc0042-f64d-11e7-abd1-1babdc7aa857",
    "eventID": "85263bf4-17h4-43bb-b405-fh84jhd8urhg",
    "eventType": "AwsApiCall",
    "apiVersion": "AWSShield_20160616",
    "recipientAccountId": "123456789012"
  },
  {
    "eventVersion": "1.05",
    "userIdentity": {
      "type": "IAMUser",
      "principalId": "123456789098765432123",
      "arn": "arn:aws:iam::123456789012:user/SampleUser",
      "accountId": "123456789012",
      "accessKeyId": "1AFGDT647FHU83JHFI81H",
      "userName": "SampleUser"
    },
    "eventTime": "2018-01-10T21:30:03Z",
    "eventSource": "shield.amazonaws.com",
    "eventName": "ListProtections",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "Amazon Internal",
    "userAgent": "aws-cli/1.14.10 Python/3.6.4 Darwin/16.7.0 botocore/1.8.14",
    "requestParameters": null,
    "responseElements": null,
    "requestID": "6accca40-f64d-11e7-abd1-1bjfi8urhj47",
    "eventID": "ac0570bd-8dbc-41ac-a2c2-987j90j3h78f",
    "eventType": "AwsApiCall",
    "apiVersion": "AWSShield_20160616",
    "recipientAccountId": "123456789012"
  }
]
```