Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Pencatatan panggilan API Amazon SQS menggunakan AWS CloudTrail
Amazon SQS terintegrasi dengan AWS CloudTrail untuk merekam panggilan Amazon SQS dari pengguna, peran, atau layanan. AWS CloudTrail menangkap panggilan API yang terkait dengan standar Amazon SQS dan antrian FIFO sebagai peristiwa, termasuk interaksi yang dimulai melalui konsol Amazon SQS serta secara terprogram melalui panggilan ke Amazon SQS API.
CloudTrail diaktifkan secara default saat Anda membuat AWS akun. Ketika aktivitas peristiwa Amazon SQS yang didukung terjadi, aktivitas tersebut direkam dalam suatu CloudTrail peristiwa, bersama dengan peristiwa AWS
layanan lainnya, dalam riwayat acara. Anda dapat melihat, mencari, dan mengunduh acara terbaru untuk AWS akun Anda. Untuk informasi selengkapnya, lihat Melihat CloudTrail Acara dengan Riwayat Acara di Panduan AWS CloudTrail Pengguna.
Amazon SQS API yang memanggil operasi manajemen antrian, seperti AddPermission dikategorikan sebagai peristiwa manajemen dan masuk secara default. CloudTrail Amazon SQS API yang merupakan operasi volume tinggi yang dilakukan pada antrean Amazon SQS, seperti dikategorikan SendMessage sebagai peristiwa data dan dicatat setelah Anda ikut serta. CloudTrail
Dengan menggunakan informasi yang CloudTrail dikumpulkan, Anda dapat mengidentifikasi permintaan khusus ke Amazon SQS API, alamat IP atau identitas pemohon, serta tanggal dan waktu permintaan. Jika mengonfigurasi CloudTrail jejak, Anda dapat terus mengirimkan CloudTrail peristiwa ke bucket Amazon S3 dengan pengiriman opsional ke Amazon CloudWatch Log dan. AWS EventBridge Jika Anda tidak mengonfigurasi jejak, Anda hanya dapat melihat riwayat acara acara acara manajemen dalam acara di CloudTrail konsol. Untuk informasi selengkapnya, lihat Gambaran Umum Pembuatan Jejak di Panduan Pengguna AWS CloudTrail.
Acara manajemen di CloudTrail
Amazon SQS mencatat tindakan API berikut sebagai peristiwa manajemen:
API Amazon SQS berikut tidak didukung untuk CloudTrail pencatatan:
Peristiwa data di CloudTrail
Peristiwa data memberikan informasi tentang operasi sumber daya yang dilakukan pada atau di sumber daya, seperti mengirim atau menerima pesan Amazon SQS ke dan dari antrian Amazon SQS. Peristiwa data adalah aktivitas volume tinggi yang CloudTrail tidak masuk secara default. Anda dapat mengaktifkan pencatatan tindakan API peristiwa data untuk antrean SQS Anda dengan menggunakan CloudTrail API. Untuk informasi selengkapnya, lihat Mencatat peristiwa data dalam AWS CloudTrail Panduan Pengguna.
Dengan CloudTrail, Anda dapat menggunakan penyeleksi peristiwa lanjutan untuk memutuskan aktivitas API Amazon SQS mana yang dicatat dan direkam. Untuk mencatat peristiwa data Amazon SQS, Anda harus menyertakan jenis sumber daya. AWS::SQS::Queue Setelah ini diatur, Anda dapat memperbaiki preferensi logging Anda lebih lanjut dengan memilih peristiwa data tertentu untuk direkam, seperti menggunakan eventName filter untuk melacak SendMessage peristiwa. Untuk informasi selengkapnya, lihat AdvancedEventSelector di dalam Referensi API AWS CloudTrail .
Peristiwa data Amazon SQS:
Biaya tambahan berlaku untuk peristiwa data. Untuk informasi selengkapnya, silakan lihat Harga AWS CloudTrail.
Contoh: acara CloudTrail manajemen untuk Amazon SQS
Contoh berikut menunjukkan entri CloudTrail log untuk API yang didukung:
- AddPermission
-
Contoh berikut menunjukkan entri CloudTrail log untuk panggilan AddPermission API.
{
"Records": [
{
"eventVersion": "1.06",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:iam::123456789012:user/Alice",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Alice"
},
"eventTime": "2018-06-28T22:23:46Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "AddPermission",
"awsRegion": "us-east-2",
"sourceIPAddress": "203.0.113.0",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"requestParameters": {
"actions": [
"SendMessage"
],
"AWSAccountIds": [
"123456789012"
],
"label": "MyLabel",
"queueUrl": "https://sqs.us-east-2.amazon.com/123456789012/MyQueue"
},
"responseElements": null,
"requestID": "123abcde-f4gh-50ij-klmn-60o789012p30",
"eventID": "0987g654-32f1-09e8-d765-c4f3fb2109fa"
}
]
}
- CreateQueue
-
Contoh berikut menunjukkan entri CloudTrail log untuk panggilan CreateQueue API.
{
"Records": [
{
"eventVersion": "1.06",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:iam::123456789012:user/Alejandro",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Alejandro"
},
"eventTime": "2018-06-28T22:23:46Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "CreateQueue",
"awsRegion": "us-east-2",
"sourceIPAddress": "203.0.113.1",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"requestParameters": {
"queueName": "MyQueue"
},
"responseElements": {
"queueUrl": "https://sqs.us-east-2.amazon.com/123456789012/MyQueue"
},
"requestID": "123abcde-f4gh-50ij-klmn-60o789012p30",
"eventID": "0987g654-32f1-09e8-d765-c4f3fb2109fa"
}
]
}
- DeleteQueue
-
Contoh berikut menunjukkan entri CloudTrail log untuk panggilan DeleteQueue API.
{
"Records": [
{
"eventVersion": "1.06",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:iam::123456789012:user/Carlos",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Carlos"
},
"eventTime": "2018-06-28T22:23:46Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "DeleteQueue",
"awsRegion": "us-east-2",
"sourceIPAddress": "203.0.113.2",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"requestParameters": {
"queueUrl": "https://sqs.us-east-2.amazon.com/123456789012/MyQueue"
},
"responseElements": null,
"requestID": "123abcde-f4gh-50ij-klmn-60o789012p30",
"eventID": "0987g654-32f1-09e8-d765-c4f3fb2109fa"
}
]
}
- RemovePermission
-
Contoh berikut menunjukkan entri CloudTrail log untuk panggilan RemovePermission API.
{
"Records": [
{
"eventVersion": "1.06",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:iam::123456789012:user/Jane",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Jane"
},
"eventTime": "2018-06-28T22:23:46Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "RemovePermission",
"awsRegion": "us-east-2",
"sourceIPAddress": "203.0.113.3",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"requestParameters": {
"label": "label",
"queueUrl": "https://sqs.us-east-2.amazon.com/123456789012/MyQueue"
},
"responseElements": null,
"requestID": "123abcde-f4gh-50ij-klmn-60o789012p30",
"eventID": "0987g654-32f1-09e8-d765-c4f3fb2109fa"
}
]
}
- SetQueueAttributes
-
Contoh berikut menunjukkan entri CloudTrail log untukSetQueueAttributes:
{
"Records": [
{
"eventVersion": "1.06",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:iam::123456789012:user/Maria",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Maria"
},
"eventTime": "2018-06-28T22:23:46Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "SetQueueAttributes",
"awsRegion": "us-east-2",
"sourceIPAddress": "203.0.113.4",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"requestParameters": {
"attributes": {
"VisibilityTimeout": "100"
},
"queueUrl": "https://sqs.us-east-2.amazon.com/123456789012/MyQueue"
},
"responseElements": null,
"requestID": "123abcde-f4gh-50ij-klmn-60o789012p30",
"eventID": "0987g654-32f1-09e8-d765-c4f3fb2109fa"
}
]
}
Contoh: peristiwa CloudTrail data untuk Amazon SQS
Berikut ini adalah contoh CloudTrail peristiwa khusus untuk API peristiwa data Amazon SQS:
- SendMessage
-
Contoh berikut menunjukkan peristiwa CloudTrail data untukSendMessage.
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/SessionName",
"accountId": "123456789012",
"accessKeyId": "ACCESS_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed",
"accountId": "123456789012",
"userName": "RoleToBeAssumed"
},
"attributes": {
"creationDate": "2023-11-07T22:13:06Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-07T23:59:11Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "SendMessage",
"awsRegion": "ap-southeast-4",
"sourceIPAddress": "10.0.118.80",
"userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16",
"requestParameters": {
"queueUrl": "https://sqs.ap-southeast-4.amazonaws.com/123456789012/MyQueue",
"messageBody": "HIDDEN_DUE_TO_SECURITY_REASONS",
"messageDeduplicationId": "MsgDedupIdSdk1ae1958f2-bbe8-4442-83e7-4916e3b035aa",
"messageGroupId": "MsgGroupIdSdk16"
},
"responseElements": {
"mD5OfMessageBody": "9a4e3f7a614d9dd9f8722092dbda17a2",
"mD5OfMessageSystemAttributes": "f88f0587f951b7f5551f18ae699c3a9d",
"messageId": "93bb6e2d-1090-416c-81b0-31eb1faa8cd8",
"sequenceNumber": "18881790870905840128"
},
"requestID": "c4584600-fe8a-5aa3-a5ba-1bc42f055fae",
"eventID": "98c735d8-70e0-4644-9432-b6ced4d791b1",
"readOnly": false,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::SQS::Queue",
"ARN": "arn:aws:sqs:ap-southeast-4:123456789012:MyQueue"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "sqs.ap-southeast-4.amazonaws.com"
}
- ReceiveMessage
-
Contoh berikut menunjukkan peristiwa CloudTrail data untukReceiveMessage.
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/SessionName",
"accountId": "123456789012",
"accessKeyId": "ACCESS_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed",
"accountId": "123456789012",
"userName": "RoleToBeAssumed"
},
"attributes": {
"creationDate": "2023-11-07T22:13:06Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-07T23:59:24Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "ReceiveMessage",
"awsRegion": "ap-southeast-4",
"sourceIPAddress": "10.0.118.80",
"userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16",
"requestParameters": {
"queueUrl": "https://sqs.ap-southeast-4.amazonaws.com/123456789012/MyQueue",
"maxNumberOfMessages": 10
},
"responseElements": null,
"requestID": "8b4d4643-8f49-52cd-a6e8-1b875ed54b99",
"eventID": "f3f23ab7-b0a4-4b71-afc0-141209c49206",
"readOnly": true,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::SQS::Queue",
"ARN": "arn:aws:sqs:ap-southeast-4:123456789012:MyQueue"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "sqs.ap-southeast-4.amazonaws.com"
}
}
- DeleteMessageBatch
-
Contoh berikut menunjukkan peristiwa CloudTrail data untukDeleteMessageBatch.
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/SessionName",
"accountId": "123456789012",
"accessKeyId": "ACCESS_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed",
"accountId": "123456789012",
"userName": "RoleToBeAssumed"
},
"attributes": {
"creationDate": "2023-11-07T22:13:06Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-07T23:59:24Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "DeleteMessageBatch",
"awsRegion": "ap-southeast-4",
"sourceIPAddress": "10.0.118.80",
"userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16",
"requestParameters": {
"queueUrl": "https://sqs.ap-southeast-4.amazonaws.com/123456789012/MyQueue",
"entries": [
{
"id": "0",
"receiptHandle": "AQEBefxM1O4zyZGF87DehbRbmri91w2W7mMdD0GrBjQa8e/hpb4RbXHPZ9tLBVleECbChQIE5NtaDuoZhZPOkTy0eN46EyRR4jXDzE3AlkbPlX1mA9f2fUuTrXx8aeCoCA3I3woNg3fXXAoo5ctLgci0Z/hlLS94tjAZqV2krc4BaC2pYgjyHWcW019HwIV8T/bjNMIeZoQwOM5V+o9vHPfewz5QGr5SKpDo7uE7Umyk5n5CJZvcn1efp/mrwtaCIb9M7cCQUYcZm2ZmZDnIO9XpGTAi3m2dQ0M83pnNh0nvDfpkHpoa+hX1TrUmxCupCWHJwA8HFJ1O/CCJsodMNFthLBA9S57dkBZCsw41G8jAmgQ0MkvZ0UL5mg0OFQQd1Yrw0zvthjCgiwdzn0yXoMzxIZMBxkY14E4nVVZ7N5XEMtMmgxsI1XF/h8oRk2C7gByzg2kYJ0LnUvLJFT8DQE28JZppEC9klvrdR/BWiPT7asc="
}
]
},
"responseElements": {
"successful": [
{
"id": "0"
}
],
"failed": []
},
"requestID": "fe423091-5642-5ba5-9256-6d5587de52f1",
"eventID": "88c8020d-d769-4985-8ecb-ee0b59acc418",
"readOnly": false,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::SQS::Queue",
"ARN": "arn:aws:sqs:ap-southeast-4:123456789012:MyQueue"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "sqs.ap-southeast-4.amazonaws.com"
}
}
- ChangeMessageVisibilityBatch
-
Contoh berikut menunjukkan peristiwa CloudTrail data untukChangeMessageVisibilityBatch.
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/SessionName",
"accountId": "123456789012",
"accessKeyId": "ACCESS_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed",
"accountId": "123456789012",
"userName": "RoleToBeAssumed"
},
"attributes": {
"creationDate": "2023-11-07T22:13:06Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-07T23:59:01Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "ChangeMessageVisibilityBatch",
"awsRegion": "ap-southeast-4",
"sourceIPAddress": "10.0.118.80",
"userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16",
"requestParameters": {
"visibilityTimeout": 0,
"entries": [
{
"id": "0",
"receiptHandle": "AQEB2M5cVYg5gslhWME6537hdjcaPnOYPA5M0W460TTb0DzPle631yPWm8qxd4O1hDj/B4ntTMnsgBTa95t14tNx7Vn96jKJ5rIoZ7iI8TRmkT1caKodKIPs8w9yndZq50c2FPQxtyH+2L3UHf/abV3szqVWXOLZR4PwX8zZkWVQGNCNnY2q2lGCG586F8QwvrOFYoXNwB8ymd1t77e1PDPknq1Io3JFuzkEsndkkETy4fV1QqVCSTR1izaTKF44f/l5PHX17nXxaC+DURVlMPXOuSFACGmWqAoyk50HKwGOjLQgpySL/TcnQXClvFq8kNXGwyVzJsbwHpOHxI7oce69vaD6DaWFP75d3hx+PJeG9pauQCKzVP3skt3Hw/zDC7YfKcALD3aCwMmeNDwT3w0BUG6XZdG5lYhtFtTQYV7YuS3i/Jh3HShGbtm07JKOEFiPkxv2+XNaAX3gFEpbng6zamTanfyMXCJIiglAEqiyWHQ=",
"visibilityTimeout": 2271
}
],
"queueUrl": "https://sqs.ap-southeast-4.amazonaws.com/123456789012/MyQueue"
},
"responseElements": {
"successful": [
{
"id": "0"
}
]
},
"requestID": "d49ab65f-9dc7-54b8-875c-eb9b4c42988b",
"eventID": "ca16c8c2-c4ba-4eb5-a54c-e650a10266d4",
"readOnly": false,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::SQS::Queue",
"ARN": "arn:aws:sqs:ap-southeast-4:123456789012:MyQueue"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "sqs.ap-southeast-4.amazonaws.com"
}
}
