Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Memantau kunci enkripsi
Amazon Chime SDK Voice Connectors mengirim permintaan ke AWS KMS, dan Anda dapat melacak permintaan tersebut di dalam CloudTrail atau CloudWatch log.
- CreateGrant
-
Saat Anda menggunakan kunci yang dikelola pelanggan untuk membuat sumber daya domain profil suara, Konektor Suara terkait akan mengirimkan
CreateGrant
permintaan atas nama Anda untuk mengakses KMS kunci di AWS akun Anda. Hibah yang dibuat oleh Konektor Suara khusus untuk sumber daya yang terkait dengan kunci yang dikelola pelanggan. Konektor Suara juga menggunakanRetireGrant
operasi untuk menghapus hibah saat Anda menghapus sumber daya.Contoh berikut mencatat
CreateGrant
operasi.{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "
AROAIGDTESTANDEXAMPLE
:Sampleuser01
", "arn": "arn:aws:sts::111122223333
:assumed-role/Admin/Sampleuser01
", "accountId": "111122223333
", "accessKeyId": "AKIAIOSFODNN7EXAMPLE3
", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AROAIGDTESTANDEXAMPLE
:Sampleuser01
", "arn": "arn:aws:sts::111122223333
:assumed-role/Admin/Sampleuser01
", "accountId": "111122223333
", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-04-22T17:02:00Z
" } }, "invokedBy": "AWS Internal" }, "eventTime": "2021-04-22T17:07:02Z
", "eventSource": "kms.amazonaws.com", "eventName": "CreateGrant", "awsRegion": "us-west-2", "sourceIPAddress": "172.12.34.56", "userAgent": "ExampleDesktop
/1.0 (V1; OS)", "requestParameters": { "constraints": { "encryptionContextSubset": { "aws:chime:voice-profile-domain:arn": "arn:aws:chime:us-west-2:111122223333
:voice-profile-domain/sample-domain-id" } }, "retiringPrincipal": "chimevoiceconnector.region.amazonaws.com", "operations": [ "GenerateDataKey", "Decrypt", "DescribeKey", "RetireGrant" ], "keyId": "arn:aws:kms:us-west-2:111122223333
:key/1234abcd-12ab-34cd-56ef-123456SAMPLE", "granteePrincipal": "chimevoiceconnector.region.amazonaws.com", "retiringPrincipal": "chimevoiceconnector.region.amazonaws.com" }, "responseElements": { "grantId": "0ab0ac0d0b000f00ea00cc0a0e00fc00bce000c000f0000000c0bc0a0000aaafSAMPLE" }, "requestID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE
", "eventID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE
", "readOnly": false, "resources": [ { "accountId": "111122223333
", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333
:key/1234abcd-12ab-34cd-56ef-123456SAMPLE" } ], "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "111122223333
" } - GenerateDataKey
-
Saat Anda membuat domain profil suara dan menetapkan kunci terkelola pelanggan ke domain, Konektor Suara terkait akan membuat kunci data unik untuk mengenkripsi audio pendaftaran setiap pembicara. Konektor Suara mengirimkan
GenerateDataKey
permintaan AWS KMS yang menentukan kunci untuk sumber daya.Contoh berikut mencatat
GenerateDataKey
operasi.{ "eventVersion": "1.08", "userIdentity": { "type": "AWSService", "invokedBy": "AWS Internal" }, "eventTime": "
2021-04-22T17:07:02Z
", "eventSource": "kms.amazonaws.com", "eventName": "GenerateDataKey", "awsRegion": "us-west-2", "sourceIPAddress": "172.12.34.56", "userAgent": "ExampleDesktop
/1.0 (V1; OS)", "requestParameters": { "encryptionContext": { "aws:chime:voice-profile-domain:arn": "arn:aws:chime:us-west-2:111122223333
:voice-profile-domain
/sample-domain-id
" }, "keySpec": "AES_256", "keyId": "arn:aws:kms:us-west-2:111122223333
:key/1234abcd-12ab-34cd-56ef-123456SAMPLE
" }, "responseElements": null, "requestID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE
", "eventID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE
", "readOnly": true, "resources": [ { "accountId": "111122223333
", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333
:key/1234abcd-12ab-34cd-56ef-123456SAMPLE
" } ], "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "111122223333
", "sharedEventID": "57f5dbee-16da-413e-979f-2c4c6663475e
" } - Decrypt
-
Jika profil suara di domain profil suara perlu ditingkatkan cetakan suaranya karena model pengenalan suara yang lebih baru, Konektor Suara terkait akan memanggil
Decrypt
operasi untuk menggunakan kunci data terenkripsi yang disimpan untuk mengakses data terenkripsi.Contoh berikut mencatat
Decrypt
operasi.{ "eventVersion": "1.08", "userIdentity": { "type": "AWSService", "invokedBy": "AWS Internal" }, "eventTime": "
2021-10-12T23:59:34Z
", "eventSource": "kms.amazonaws.com", "eventName": "Decrypt", "awsRegion": "us-west-2", "sourceIPAddress": "172.12.34.56", "userAgent": "ExampleDesktop
/1.0 (V1; OS)", "requestParameters": { "encryptionContext": { "keyId": "arn:aws:kms:us-west-2:111122223333
:key/44444444-3333-2222-1111-EXAMPLE11111", "encryptionContext": { "aws:chime:voice-profile-domain:arn": "arn:aws:chime:us-west-2:111122223333
:voice-profile-domain
/sample-domain-id
" }, "encryptionAlgorithm": "SYMMETRIC_DEFAULT" }, "responseElements": null, "requestID": "ed0fe4ab-305b-4388-8adf-7e8e3a4e80fe", "eventID": "31d0d7c6-ce5b-4caf-901f-025bf71241f6", "readOnly": true, "resources": [{ "accountId": "111122223333
", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333
:key/00000000-1111-2222-3333-9999999999999
" }], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333
", "sharedEventID": "35d58aa1-26b2-427a-908f-025bf71241f6
", "eventCategory": "Management" } - DescribeKey
-
Konektor Suara menggunakan
DescribeKey
operasi untuk memverifikasi bahwa kunci yang terkait dengan domain profil suara ada di akun dan Wilayah.Contoh berikut mencatat
DescribeKey
operasi.{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "
AROAIGDTESTANDEXAMPLE
:Sampleuser01
", "arn": "arn:aws:sts::111122223333
:assumed-role/Admin/Sampleuser01
", "accountId": "111122223333
", "accessKeyId": "AKIAIOSFODNN7EXAMPLE3
", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AROAIGDTESTANDEXAMPLE
:Sampleuser01
", "arn": "arn:aws:sts::111122223333
:assumed-role/Admin/Sampleuser01
", "accountId": "111122223333
", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-04-22T17:02:00Z
" } }, "invokedBy": "AWS Internal" }, "eventTime": "2021-04-22T17:07:02Z
", "eventSource": "kms.amazonaws.com", "eventName": "DescribeKey", "awsRegion": "us-west-2", "sourceIPAddress": "172.12.34.56", "userAgent": "ExampleDesktop
/1.0 (V1; OS)", "requestParameters": { "keyId": "00dd0db0-0000-0000-ac00-b0c000SAMPLE
" }, "responseElements": null, "requestID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE
", "eventID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE
", "readOnly": true, "resources": [ { "accountId": "111122223333
", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333
:key/1234abcd-12ab-34cd-56ef-123456SAMPLE
" } ], "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "111122223333
" }