本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用监控回收站 AWS CloudTrail
回收站服务已与集成 AWS CloudTrail。 CloudTrail 是一项提供用户、角色或服务所执行操作记录的 AWS 服务。 CloudTrail 将回收站中执行的所有API呼叫捕获为事件。如果您创建了跟踪,则可以允许将 CloudTrail 事件持续传输到亚马逊简单存储服务 (Amazon S3) 存储桶。如果您未配置跟踪,您仍然可以在 CloudTrail 控制台的事件历史记录中查看最新的管理事件。您可以使用收集的信息来确定 CloudTrail 向回收站发出的请求、发出请求的 IP 地址、谁发出了请求、何时发出请求以及其他详细信息。
有关的更多信息 CloudTrail,请参阅《AWS CloudTrail 用户指南》。
中的回收站信息 CloudTrail
CloudTrail 在您创建 AWS 账户时已在您的账户上启用。当回收站中出现支持的事件活动时,该活动将与其他 AWS 服务 CloudTrail 事件一起记录在事件历史记录中。您可以在自己的 AWS 账户中查看、搜索和下载最近发生的事件。有关更多信息,请参阅使用事件历史记录查看 CloudTrail 事件。
要持续记录 AWS 账户中的事件,包括回收站的事件,请创建跟踪。跟踪允许 CloudTrail 将日志文件传送到 S3 存储桶。默认情况下,当您在控制台中创建跟踪时,该跟踪将应用于所有 AWS 区域。跟踪记录 AWS 分区中所有区域的事件,并将日志文件传送到您指定的 S3 存储桶。此外,您可以配置其他 AWS 服务,以进一步分析和处理 CloudTrail 日志中收集的事件数据。有关更多信息,请参阅 AWS CloudTrail 用户指南中的创建跟踪记录概述部分。
支持的API操作
对于回收站,您可以使用 CloudTrail 将以下API操作记录为管理事件。
-
CreateRule
-
UpdateRule
-
GetRules
-
ListRule
-
DeleteRule
-
TagResource
-
UntagResource
-
ListTagsForResource
-
LockRule
-
UnlockRule
有关记录管理事件的更多信息,请参阅《CloudTrail 用户指南》中的记录跟踪的管理事件。
身份信息
每个事件或日志条目都包含有关生成请求的人员信息。身份信息有助于您确定以下内容:
-
请求是使用根用户凭证还是用户凭证发出的。
-
请求是使用角色还是联合用户的临时安全凭证发出的。
-
请求是否由其他 AWS 服务发出。
有关更多信息,请参阅CloudTrail userIdentityElement。
了解回收站日志文件条目
跟踪是一种配置,允许将事件作为日志文件传输到您指定的 S3 存储桶。 CloudTrail 日志文件包含一个或多个日志条目。事件代表来自任何来源的单个请求,包括有关请求的操作、操作的日期和时间、请求参数等的信息。 CloudTrail 日志文件不是公共API调用的有序堆栈跟踪,因此它们不会按任何特定的顺序出现。
以下是示例 CloudTrail 日志条目。
- CreateRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-08-02T21:43:38Z" } } }, "eventTime": "2021-08-02T21:45:22Z", "eventSource": "rbin.amazonaws.com", "eventName": "CreateRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.9 Python/3.6.14 Linux/4.9.230-0.1.ac.224.84.332.metal1.x86_64 botocore/1.21.9", "requestParameters": { "retentionPeriod": { "retentionPeriodValue": 7, "retentionPeriodUnit": "DAYS" }, "description": "Match all snapshots", "resourceType": "EBS_SNAPSHOT" }, "responseElements": { "identifier": "jkrnexample" }, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- GetRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-08-02T21:43:38Z" } } }, "eventTime": "2021-08-02T21:45:33Z", "eventSource": "rbin.amazonaws.com", "eventName": "GetRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.9 Python/3.6.14 Linux/4.9.230-0.1.ac.224.84.332.metal1.x86_64 botocore/1.21.9", "requestParameters": { "identifier": "jkrnexample" }, "responseElements": null, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- ListRules
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-08-02T21:43:38Z" } } }, "eventTime": "2021-08-02T21:44:37Z", "eventSource": "rbin.amazonaws.com", "eventName": "ListRules", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.9 Python/3.6.14 Linux/4.9.230-0.1.ac.224.84.332.metal1.x86_64 botocore/1.21.9", "requestParameters": { "resourceTags": [ { "resourceTagKey": "test", "resourceTagValue": "test" } ] }, "responseElements": null, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- UpdateRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-08-02T21:43:38Z" } } }, "eventTime": "2021-08-02T21:46:03Z", "eventSource": "rbin.amazonaws.com", "eventName": "UpdateRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.9 Python/3.6.14 Linux/4.9.230-0.1.ac.224.84.332.metal1.x86_64 botocore/1.21.9", "requestParameters": { "identifier": "jkrnexample", "retentionPeriod": { "retentionPeriodValue": 365, "retentionPeriodUnit": "DAYS" }, "description": "Match all snapshots", "resourceType": "EBS_SNAPSHOT" }, "responseElements": null, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- DeleteRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-08-02T21:43:38Z" } } }, "eventTime": "2021-08-02T21:46:25Z", "eventSource": "rbin.amazonaws.com", "eventName": "DeleteRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.9 Python/3.6.14 Linux/4.9.230-0.1.ac.224.84.332.metal1.x86_64 botocore/1.21.9", "requestParameters": { "identifier": "jkrnexample" }, "responseElements": null, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- TagResource
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-10-22T21:38:34Z" } } }, "eventTime": "2021-10-22T21:43:15Z", "eventSource": "rbin.amazonaws.com", "eventName": "TagResource", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.26 Python/3.6.14 Linux/4.9.273-0.1.ac.226.84.332.metal1.x86_64 botocore/1.21.26", "requestParameters": { "resourceArn": "arn:aws:rbin:us-west-2:123456789012:rule/ABCDEF01234", "tags": [ { "key": "purpose", "value": "production" } ] }, "responseElements": null, "requestID": "examplee-7962-49ec-8633-795efexample", "eventID": "example4-6826-4c0a-bdec-0bab1example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- UntagResource
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-10-22T21:38:34Z" } } }, "eventTime": "2021-10-22T21:44:16Z", "eventSource": "rbin.amazonaws.com", "eventName": "UntagResource", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.26 Python/3.6.14 Linux/4.9.273-0.1.ac.226.84.332.metal1.x86_64 botocore/1.21.26", "requestParameters": { "resourceArn": "arn:aws:rbin:us-west-2:123456789012:rule/ABCDEF01234", "tagKeys": [ "purpose" ] }, "responseElements": null, "requestID": "example7-6c1e-4f09-9e46-bb957example", "eventID": "example6-75ff-4c94-a1cd-4d5f5example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- ListTagsForResource
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-10-22T21:38:34Z" } } }, "eventTime": "2021-10-22T21:42:31Z", "eventSource": "rbin.amazonaws.com", "eventName": "ListTagsForResource", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.26 Python/3.6.14 Linux/4.9.273-0.1.ac.226.84.332.metal1.x86_64 botocore/1.21.26", "requestParameters": { "resourceArn": "arn:aws:rbin:us-west-2:123456789012:rule/ABCDEF01234" }, "responseElements": null, "requestID": "example8-10c7-43d4-b147-3d9d9example", "eventID": "example2-24fc-4da7-a479-c9748example", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- LockRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "creationDate": "2022-10-25T00:45:11Z", "mfaAuthenticated": "false" } } }, "eventTime": "2022-10-25T00:45:19Z", "eventSource": "rbin.amazonaws.com", "eventName": "LockRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "python-requests/2.25.1", "requestParameters": { "identifier": "jkrnexample", "lockConfiguration": { "unlockDelay": { "unlockDelayValue": 7, "unlockDelayUnit": "DAYS" } } }, "responseElements": { "identifier": "jkrnexample", "description": "", "resourceType": "EBS_SNAPSHOT", "retentionPeriod": { "retentionPeriodValue": 7, "retentionPeriodUnit": "DAYS" }, "resourceTags": [], "status": "available", "lockConfiguration": { "unlockDelay": { "unlockDelayValue": 7, "unlockDelayUnit": "DAYS" } }, "lockState": "locked" }, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- UnlockRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "creationDate": "2022-10-25T00:45:11Z", "mfaAuthenticated": "false" } } }, "eventTime": "2022-10-25T00:46:17Z", "eventSource": "rbin.amazonaws.com", "eventName": "UnlockRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "python-requests/2.25.1", "requestParameters": { "identifier": "jkrnexample" }, "responseElements": { "identifier": "jkrnexample", "description": "", "resourceType": "EC2_IMAGE", "retentionPeriod": { "retentionPeriodValue": 7, "retentionPeriodUnit": "DAYS" }, "resourceTags": [], "status": "available", "lockConfiguration": { "unlockDelay": { "unlockDelayValue": 7, "unlockDelayUnit": "DAYS" } }, "lockState": "pending_unlock", "lockEndTime": "Nov 1, 2022, 12:46:17 AM" }, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }
监视器使用 EventBridge
安全性