CreateKey - AWS Key Management Service

CreateKey

Ces exemples montrent des entrées de journal AWS CloudTrail pour l'opération CreateKey.

Une entrée de journal CreateKey peut résulter d'une demande CreateKey ou de l'opération CreateKey pour une demande ReplicateKey.

L'exemple suivant montre une entrée de journal CloudTrail pour une opération CreateKey qui crée une clé KMS de chiffrement symétrique. Pour plus d'informations sur la création de clés KMS, veuillez consulter Création de clés.

{ "Records": [ { "eventVersion": "1.02", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2020-06-30T02:34:07Z", "eventSource": "kms.amazonaws.com", "eventName": "CreateKey", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "policy": "{\n \"Version\":\"2012-10-17\",\n \"Statement\":[{\n \"Effect\":\"Allow\",\n \"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/Alice\"},\n \"Action\":\"kms:*\",\n \"Resource\":\"*\"\n }, {\n \"Effect\":\"Allow\",\n \"Principal\":{\"AWS\":\"arn:aws:iam::012345678901:user/Bob\"},\n \"Action\":\"kms:CreateGrant\",\n \"Resource\":\"*\"\n }, {\n \"Effect\":\"Allow\",\n \"Principal\":{\"AWS\":\"arn:aws:iam::012345678901:user/Charlie\"},\n \"Action\":\"kms:Encrypt\",\n \"Resource\":\"*\"\n}]\n}", "description": "", "keyUsage": "ENCRYPT_DECRYPT", "customerMasterKeySpec": "SYMMETRIC_DEFAULT", "origin": "AWS_KMS", "bypassPolicyLockoutSafetyCheck": false }, "responseElements": { "keyMetadata": { "aWSAccountId": "111122223333", "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "creationDate": "Jun 30, 2020 2:34:07 AM", "enabled": true, "description": "", "keyUsage": "ENCRYPT_DECRYPT", "keyState": "Enabled", "origin": "AWS_KMS", "keyManager": "CUSTOMER", "keySpec": "SYMMETRIC_DEFAULT", "customerMasterKeySpec": "SYMMETRIC_DEFAULT", "encryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "multiRegion": false }, "requestID": "ebe8ee68-63bc-11e4-bc2b-4198b6150d5c", "eventID": "ba116326-1792-4784-87dd-a688d1cb42ec", "readOnly": false, "resources": [{ "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "accountId": "111122223333" }], "eventType": "AwsApiCall", "recipientAccountId": "111122223333" } ] }

L'exemple suivant montre le journal CloudTrail d'une opération CreateKey qui crée une clé KMS symétrique dans un magasin de clés personnalisé AWS CloudHSM.

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2021-10-14T17:39:50Z", "eventSource": "kms.amazonaws.com", "eventName": "CreateKey", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "keyUsage": "ENCRYPT_DECRYPT", "bypassPolicyLockoutSafetyCheck": false, "origin": "AWS_CLOUDHSM", "keySpec": "SYMMETRIC_DEFAULT", "customerMasterKeySpec": "SYMMETRIC_DEFAULT", "customKeyStoreId": "cks-1234567890abcdef0", "description": "" }, "responseElements": { "keyMetadata": { "aWSAccountId": "111122223333", "keyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "arn": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", "creationDate": "Oct 14, 2021, 5:39:50 PM", "enabled": true, "description": "", "keyUsage": "ENCRYPT_DECRYPT", "keyState": "Enabled", "origin": "AWS_CLOUDHSM", "customKeyStoreId": "cks-1234567890abcdef0", "cloudHsmClusterId": "cluster-1a23b4cdefg", "keyManager": "CUSTOMER", "customerMasterKeySpec": "SYMMETRIC_DEFAULT", "keySpec": "SYMMETRIC_DEFAULT", "encryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "multiRegion": false } }, "additionalEventData": { "backingKey": "{\"keyHandle\":\"19\",\"backingKeyId\":\"backing-key-id\"}" }, "requestID": "4f0b185c-588c-4767-9e90-c618f7e13cad", "eventID": "c73964b8-703d-49e4-bd9e-f773d0ee1e65", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }