受支持服务的 CloudWatch Events 事件示例 - 亚马逊 CloudWatch 事件

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

受支持服务的 CloudWatch Events 事件示例

注意

Amazon EventBridge is the preferred way to manage your events. CloudWatch Events and EventBridge are the same underlying service and API, but EventBridge provides more features. Changes you make in either CloudWatch or EventBridge will appear in each console. For more information, see Amazon EventBridge.

以下列表中的 AWS 服务会发出 CloudWatch Events 可检测到的事件。

此外,您还可以通过观察通过 CloudTrail 传送的事件,将 CloudWatch Events 与不发出事件且未在此页面上列出的服务一起使用。有关更多信息,请参阅通过 CloudTrail 传送的事件

Amazon Augmented AI 事件

有关 Amazon Augmented AI 生成的事件示例,请参阅在 Amazon Augmented AI 中使用事件

Application Auto Scaling 事件

例如, Application Auto Scaling,请参阅 应用程序自动缩放事件和 EventBridge.

AWS Batch 事件

有关 AWS Batch 生成的事件示例,请参阅 AWS Batch 事件

Amazon CloudWatch Events 计划事件

下面是一个计划事件示例:

{ "id": "53dc4d37-cffa-4f76-80c9-8b7d4a4d2eaa", "detail-type": "Scheduled Event", "source": "aws.events", "account": "123456789012", "time": "2019-10-08T16:53:06Z", "region": "us-east-1", "resources": [ "arn:aws:events:us-east-1:123456789012:rule/MyScheduledRule" ], "detail": {} }

Amazon Chime 事件

例如, Amazon Chime,请参阅 自动化 Amazon Chime 配 EventBridge.

来自 CloudWatch 的事件

对于来自的样本事件 CloudWatch,请参阅 警报事件和 EventBridgeAWS CodeBuild 用户指南.

CodeBuild 事件

有关 CodeBuild 示例事件的信息,请参阅 https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html#sample-build-notifications-ref 中的AWS CodeBuild 用户指南构建通知输入格式参考

CodeCommit 事件

对于 CodeCommit 示例事件,请参阅 监控 CodeCommit 事件 EventBridge 和 CloudWatch EventsAWS CodeCommit 用户指南.

AWS CodeDeploy 事件

以下是 CodeDeploy 事件的示例。有关更多信息,请参阅 监控部署 CloudWatch EventsAWS CodeDeploy User Guide.

CodeDeploy 部署状态更改通知

部署状态发生更改。

{ "account": "123456789012", "region": "us-east-1", "detail-type": "CodeDeploy Deployment State-change Notification", "source": "aws.codedeploy", "version": "0", "time": "2016-06-30T22:06:31Z", "id": "c071bfbf-83c4-49ca-a6ff-3df053957145", "resources": [ "arn:aws:codedeploy:us-east-1:123456789012:application:myApplication", "arn:aws:codedeploy:us-east-1:123456789012:deploymentgroup:myApplication/myDeploymentGroup" ], "detail": { "instanceGroupId": "9fd2fbef-2157-40d8-91e7-6845af69e2d2", "region": "us-east-1", "application": "myApplication", "deploymentId": "d-123456789", "state": "SUCCESS", "deploymentGroup": "myDeploymentGroup" } }

CodeDeploy 实例状态更改通知

属于部署组的实例状态发生更改。

{ "account": "123456789012", "region": "us-east-1", "detail-type": "CodeDeploy Instance State-change Notification", "source": "aws.codedeploy", "version": "0", "time": "2016-06-30T23:18:50Z", "id": "fb1d3015-c091-4bf9-95e2-d98521ab2ecb", "resources": [ "arn:aws:ec2:us-east-1:123456789012:instance/i-0000000aaaaaaaaaa", "arn:aws:codedeploy:us-east-1:123456789012:deploymentgroup:myApplication/myDeploymentGroup", "arn:aws:codedeploy:us-east-1:123456789012:application:myApplication" ], "detail": { "instanceId": "i-0000000aaaaaaaaaa", "region": "us-east-1", "state": "SUCCESS", "application": "myApplication", "deploymentId": "d-123456789", "instanceGroupId": "8cd3bfa8-9e72-4cbe-a1e5-da4efc7efd49", "deploymentGroup": "myDeploymentGroup" } }

CodePipeline 事件

以下是 CodePipeline 事件的示例。

管道执行状态更改

{ "version": "0", "id": "CWE-event-id", "detail-type": "CodePipeline Pipeline Execution State Change", "source": "aws.codepipeline", "account": "123456789012", "time": "2017-04-22T03:31:47Z", "region": "us-east-1", "resources": [ "arn:aws:codepipeline:us-east-1:123456789012:pipeline:myPipeline" ], "detail": { "pipeline": "myPipeline", "version": "1", "state": "STARTED", "execution-id": "01234567-0123-0123-0123-012345678901" } }

阶段执行状态更改

{ "version": "0", "id": "CWE-event-id", "detail-type": "CodePipeline Stage Execution State Change", "source": "aws.codepipeline", "account": "123456789012", "time": "2017-04-22T03:31:47Z", "region": "us-east-1", "resources": [ "arn:aws:codepipeline:us-east-1:123456789012:pipeline:myPipeline" ], "detail": { "pipeline": "myPipeline", "version": "1", "execution-id": "01234567-0123-0123-0123-012345678901", "stage": "Prod", "state": "STARTED" } }

操作执行状态更改

在此示例中有两个 region 字段。顶部的一个字段是在其中执行目标管道中的操作的 AWS 区域的名称。在这个例子中 us-east-1。的 regiondetail 部分是 AWS 创建活动的区域。这与在其中创建管道的区域相同。在本例中,它是 us-west-2

{ "version": "0", "id": "CWE-event-id", "detail-type": "CodePipeline Action Execution State Change", "source": "aws.codepipeline", "account": "123456789012", "time": "2017-04-22T03:31:47Z", "region": "us-east-1", "resources": [ "arn:aws:codepipeline:us-east-1:123456789012:pipeline:myPipeline" ], "detail": { "pipeline": "myPipeline", "version": 1, "execution-id": "01234567-0123-0123-0123-012345678901", "stage": "Prod", "action": "myAction", "state": "STARTED", "region":"us-west-2", "type": { "owner": "AWS", "category": "Deploy", "provider": "CodeDeploy", "version": 1 } } }

AWS Config 事件

有关 AWS Config 事件,请参阅 监控 AWS Config 配 Amazon CloudWatch EventsAWS Config Developer Guide.

Amazon EBS 事件

有关 Amazon EBS 事件,请参阅 Amazon CloudWatch Events 为 Amazon EBSAmazon EC2 用户指南(适用于 Linux 实例).

Amazon EC2 Auto Scaling 事件

有关 Auto Scaling 事件,请参阅 正在获取 CloudWatch 活动时间 Auto Scaling 团体规模Amazon EC2 Auto Scaling 用户指南.

Amazon EC2 Spot 实例中断事件

有关点实例中断的事件的信息,请参阅 即时实例中断通知Amazon EC2 用户指南(适用于 Linux 实例).

Amazon EC2 状态更改事件

以下是实例状态更改时 Amazon EC2实例的事件示例。

EC2 实例状态更改通知

此示例适用于 pending状态中的实例。其他可能的值 state 包括 running, shutting-down, stopped, stopping,和 terminated.

{ "id":"7bf73129-1428-4cd3-a780-95db273d1602", "detail-type":"EC2 Instance State-change Notification", "source":"aws.ec2", "account":"123456789012", "time":"2019-11-11T21:29:54Z", "region":"us-east-1", "resources":[ "arn:aws:ec2:us-east-1:123456789012:instance/i-abcd1111" ], "detail":{ "instance-id":"i-abcd1111", "state":"pending" } }

Amazon Elastic Container Registry 事件

Amazon ECR 将图像操作事件发送到 EventBridge。在推送、扫描或删除图像时发送事件。

对于 Amazon ECS 示例事件,请参阅 Amazon ECR 中的 Amazon Elastic Container Registry 用户指南 事件

Amazon Elastic Container Service 事件

Amazon ECS 将两种类型的事件发送到 EventBridge:容器实例事件和任务事件。仅当您对任务使用 EC2 启动类型时,才发送容器实例事件。对于使用 Fargate 启动类型的任务,您只收到任务状态事件。Amazon ECS 跟踪容器实例和任务的状态。如果任一资源发生更改,将触发事件。这些事件分类为容器实例状态更改事件或任务状态更改事件。

对于 Amazon ECS 示例事件,请参阅 Amazon ECS 中的 Amazon Elastic Container Service Developer Guide 事件

AWS Elemental MediaConvert 事件

对于 MediaConvert 示例事件,请参阅 使用 CloudWatch Events 监控 AWS Elemental MediaConvert 工作AWS Elemental MediaConvert 用户指南.

AWS Elemental MediaPackage 事件

对于 MediaPackage 示例事件,请参阅 监控 AWS Elemental MediaPackage 配 Amazon CloudWatch EventsAWS Elemental MediaPackage 用户指南.

AWS Elemental MediaStore 事件

对于 MediaStore 示例事件,请参阅 自动化 AWS Elemental MediaStore 配 CloudWatch EventsAWS Elemental MediaStore 用户指南.

Amazon EMR 事件

事件报告者 Amazon EMR 有 aws.emr 作为 Source,而 Amazon EMR 通过报告的API事件 CloudTrail 有 aws.elasticmapreduce 作为 Source.

以下是 Amazon EMR报告的事件的示例。

Amazon EMR 自动缩放策略状态更改

{ "version":"0", "id":"2f8147ab-8c48-47c6-b0b6-3ee23ec8d300", "detail-type":"EMR Auto Scaling Policy State Change", "source":"aws.emr", "account":"123456789012", "time":"2016-12-16T20:42:44Z", "region":"us-east-1", "resources":[], "detail":{ "resourceId":"ig-X2LBMHTGPCBU", "clusterId":"j-1YONHTCP3YZKC", "state":"PENDING", "message":"AutoScaling policy modified by user request", "scalingResourceType":"INSTANCE_GROUP" } }

Amazon EMR 群集状态更改 – 启动

{ "version": "0", "id": "999cccaa-eaaa-0000-1111-123456789012", "detail-type": "EMR Cluster State Change", "source": "aws.emr", "account": "123456789012", "time": "2016-12-16T20:43:05Z", "region": "us-east-1", "resources": [], "detail": { "severity": "INFO", "stateChangeReason": "{\"code\":\"\"}", "name": "Development Cluster", "clusterId": "j-123456789ABCD", "state": "STARTING", "message": "Amazon EMR cluster j-123456789ABCD (Development Cluster) was requested at 2016-12-16 20:42 UTC and is being created." } }

Amazon EMR 群集状态更改 – 已终止

{ "version": "0", "id": "1234abb0-f87e-1234-b7b6-000000123456", "detail-type": "EMR Cluster State Change", "source": "aws.emr", "account": "123456789012", "time": "2016-12-16T21:00:23Z", "region": "us-east-1", "resources": [], "detail": { "severity": "INFO", "stateChangeReason": "{\"code\":\"USER_REQUEST\",\"message\":\"Terminated by user request\"}", "name": "Development Cluster", "clusterId": "j-123456789ABCD", "state": "TERMINATED", "message": "Amazon EMR Cluster jj-123456789ABCD (Development Cluster) has terminated at 2016-12-16 21:00 UTC with a reason of USER_REQUEST." } }

Amazon EMR 实例组状态更改

{ "version": "0", "id": "999cccaa-eaaa-0000-1111-123456789012", "detail-type": "EMR Instance Group State Change", "source": "aws.emr", "account": "123456789012", "time": "2016-12-16T20:57:47Z", "region": "us-east-1", "resources": [], "detail": { "market": "ON_DEMAND", "severity": "INFO", "requestedInstanceCount": "2", "instanceType": "m3.xlarge", "instanceGroupType": "CORE", "instanceGroupId": "ig-ABCDEFGHIJKL", "clusterId": "j-123456789ABCD", "runningInstanceCount": "2", "state": "RUNNING", "message": "The resizing operation for instance group ig-ABCDEFGHIJKL in Amazon EMR cluster j-123456789ABCD (Development Cluster) is complete. It now has an instance count of 2. The resize started at 2016-12-16 20:57 UTC and took 0 minutes to complete." } }

Amazon EMR 步骤状态更改

{ "version": "0", "id": "999cccaa-eaaa-0000-1111-123456789012", "detail-type": "EMR Step Status Change", "source": "aws.emr", "account": "123456789012", "time": "2016-12-16T20:53:09Z", "region": "us-east-1", "resources": [], "detail": { "severity": "ERROR", "actionOnFailure": "CONTINUE", "stepId": "s-ZYXWVUTSRQPON", "name": "CustomJAR", "clusterId": "j-123456789ABCD", "state": "FAILED", "message": "Step s-ZYXWVUTSRQPON (CustomJAR) in Amazon EMR cluster j-123456789ABCD (Development Cluster) failed at 2016-12-16 20:53 UTC." } }

Amazon GameLift 事件

以下是 Amazon GameLift 事件的示例。有关更多信息,请参阅 FlexMatch 事件参考Amazon GameLift 开发人员指南.

对战搜索

{ "version": "0", "id": "cc3d3ebe-1d90-48f8-b268-c96655b8f013", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-08T21:15:36.421Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-08T21:15:35.676Z", "players": [ { "playerId": "player-1" } ] } ], "estimatedWaitMillis": "NOT_AVAILABLE", "type": "MatchmakingSearching", "gameSessionInfo": { "players": [ { "playerId": "player-1" } ] } } }

潜在的对战游戏已创建

{ "version": "0", "id": "fce8633f-aea3-45bc-aeba-99d639cad2d4", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-08T21:17:41.178Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-08T21:15:35.676Z", "players": [ { "playerId": "player-1", "team": "red" } ] }, { "ticketId": "ticket-2", "startTime": "2017-08-08T21:17:40.657Z", "players": [ { "playerId": "player-2", "team": "blue" } ] } ], "acceptanceTimeout": 600, "ruleEvaluationMetrics": [ { "ruleName": "EvenSkill", "passedCount": 3, "failedCount": 0 }, { "ruleName": "EvenTeams", "passedCount": 3, "failedCount": 0 }, { "ruleName": "FastConnection", "passedCount": 3, "failedCount": 0 }, { "ruleName": "NoobSegregation", "passedCount": 3, "failedCount": 0 } ], "acceptanceRequired": true, "type": "PotentialMatchCreated", "gameSessionInfo": { "players": [ { "playerId": "player-1", "team": "red" }, { "playerId": "player-2", "team": "blue" } ] }, "matchId": "3faf26ac-f06e-43e5-8d86-08feff26f692" } }

接受对战游戏

{ "version": "0", "id": "b3f76d66-c8e5-416a-aa4c-aa1278153edc", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-09T20:04:42.660Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-09T20:01:35.305Z", "players": [ { "playerId": "player-1", "team": "red" } ] }, { "ticketId": "ticket-2", "startTime": "2017-08-09T20:04:16.637Z", "players": [ { "playerId": "player-2", "team": "blue", "accepted": false } ] } ], "type": "AcceptMatch", "gameSessionInfo": { "players": [ { "playerId": "player-1", "team": "red" }, { "playerId": "player-2", "team": "blue", "accepted": false } ] }, "matchId": "848b5f1f-0460-488e-8631-2960934d13e5" } }

接受对战游戏已完成

{ "version": "0", "id": "b1990d3d-f737-4d6c-b150-af5ace8c35d3", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-08T20:43:14.621Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-08T20:30:40.972Z", "players": [ { "playerId": "player-1", "team": "red" } ] }, { "ticketId": "ticket-2", "startTime": "2017-08-08T20:33:14.111Z", "players": [ { "playerId": "player-2", "team": "blue" } ] } ], "acceptance": "TimedOut", "type": "AcceptMatchCompleted", "gameSessionInfo": { "players": [ { "playerId": "player-1", "team": "red" }, { "playerId": "player-2", "team": "blue" } ] }, "matchId": "a0d9bd24-4695-4f12-876f-ea6386dd6dce" } }

对战已成功

{ "version": "0", "id": "5ccb6523-0566-412d-b63c-1569e00d023d", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-09T19:59:09.159Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-09T19:58:59.277Z", "players": [ { "playerId": "player-1", "playerSessionId": "psess-6e7c13cf-10d6-4756-a53f-db7de782ed67", "team": "red" } ] }, { "ticketId": "ticket-2", "startTime": "2017-08-09T19:59:08.663Z", "players": [ { "playerId": "player-2", "playerSessionId": "psess-786b342f-9c94-44eb-bb9e-c1de46c472ce", "team": "blue" } ] } ], "type": "MatchmakingSucceeded", "gameSessionInfo": { "gameSessionArn": "arn:aws:gamelift:us-west-2:123456789012:gamesession/836cf48d-bcb0-4a2c-bec1-9c456541352a", "ipAddress": "192.168.1.1", "port": 10777, "players": [ { "playerId": "player-1", "playerSessionId": "psess-6e7c13cf-10d6-4756-a53f-db7de782ed67", "team": "red" }, { "playerId": "player-2", "playerSessionId": "psess-786b342f-9c94-44eb-bb9e-c1de46c472ce", "team": "blue" } ] }, "matchId": "c0ec1a54-7fec-4b55-8583-76d67adb7754" } }

对战超时

{ "version": "0", "id": "fe528a7d-46ad-4bdc-96cb-b094b5f6bf56", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-09T20:11:35.598Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "reason": "TimedOut", "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-09T20:01:35.305Z", "players": [ { "playerId": "player-1", "team": "red" } ] } ], "ruleEvaluationMetrics": [ { "ruleName": "EvenSkill", "passedCount": 3, "failedCount": 0 }, { "ruleName": "EvenTeams", "passedCount": 3, "failedCount": 0 }, { "ruleName": "FastConnection", "passedCount": 3, "failedCount": 0 }, { "ruleName": "NoobSegregation", "passedCount": 3, "failedCount": 0 } ], "type": "MatchmakingTimedOut", "message": "Removed from matchmaking due to timing out.", "gameSessionInfo": { "players": [ { "playerId": "player-1", "team": "red" } ] } } }

对战已取消

{ "version": "0", "id": "8d6f84da-5e15-4741-8d5c-5ac99091c27f", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-09T20:00:07.843Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "reason": "Cancelled", "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-09T19:59:26.118Z", "players": [ { "playerId": "player-1" } ] } ], "ruleEvaluationMetrics": [ { "ruleName": "EvenSkill", "passedCount": 0, "failedCount": 0 }, { "ruleName": "EvenTeams", "passedCount": 0, "failedCount": 0 }, { "ruleName": "FastConnection", "passedCount": 0, "failedCount": 0 }, { "ruleName": "NoobSegregation", "passedCount": 0, "failedCount": 0 } ], "type": "MatchmakingCancelled", "message": "Cancelled by request.", "gameSessionInfo": { "players": [ { "playerId": "player-1" } ] } } }

对战已失败

{ "version": "0", "id": "025b55a4-41ac-4cf4-89d1-f2b3c6fd8f9d", "detail-type": "GameLift Matchmaking Event", "source": "aws.gamelift", "account": "123456789012", "time": "2017-08-16T18:41:09.970Z", "region": "us-west-2", "resources": [ "arn:aws:gamelift:us-west-2:123456789012:matchmakingconfiguration/SampleConfiguration" ], "detail": { "tickets": [ { "ticketId": "ticket-1", "startTime": "2017-08-16T18:41:02.631Z", "players": [ { "playerId": "player-1", "team": "red" } ] } ], "customEventData": "foo", "type": "MatchmakingFailed", "reason": "UNEXPECTED_ERROR", "message": "An unexpected error was encountered during match placing.", "gameSessionInfo": { "players": [ { "playerId": "player-1", "team": "red" } ] }, "matchId": "3ea83c13-218b-43a3-936e-135cc570cba7" } }

AWS Glue 事件

以下是 AWS Glue 事件的格式。

成功的作业运行

{ "version":"0", "id":"abcdef00-1234-5678-9abc-def012345678", "detail-type":"Glue Job State Change", "source":"aws.glue", "account":"123456789012", "time":"2017-09-07T18:57:21Z", "region":"us-west-2", "resources":[], "detail":{ "jobName":"MyJob", "severity":"INFO", "state":"SUCCEEDED", "jobRunId":"jr_abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789", "message":"Job run succeeded" } }

失败的作业运行

{ "version":"0", "id":"abcdef01-1234-5678-9abc-def012345678", "detail-type":"Glue Job State Change", "source":"aws.glue", "account":"123456789012", "time":"2017-09-07T06:02:03Z", "region":"us-west-2", "resources":[], "detail":{ "jobName":"MyJob", "severity":"ERROR", "state":"FAILED", "jobRunId":"jr_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", "message":"JobName:MyJob and JobRunId:jr_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef failed to execute with exception Role arn:aws:iam::123456789012:role/Glue_Role should be given assume role permissions for Glue Service." } }

Timeout

{ "version":"0", "id":"abcdef00-1234-5678-9abc-def012345678", "detail-type":"Glue Job State Change", "source":"aws.glue", "account":"123456789012", "time":"2017-11-20T20:22:06Z", "region":"us-east-1", "resources":[], "detail":{ "jobName":"MyJob", "severity":"WARN", "state":"TIMEOUT", "jobRunId":"jr_abc0123456789abcdef0123456789abcdef0123456789abcdef0123456789def", "message":"Job run timed out" } }

停止的作业运行

{ "version":"0", "id":"abcdef00-1234-5678-9abc-def012345678", "detail-type":"Glue Job State Change", "source":"aws.glue", "account":"123456789012", "time":"2017-11-20T20:22:06Z", "region":"us-east-1", "resources":[], "detail":{ "jobName":"MyJob", "severity":"INFO", "state":"STOPPED", "jobRunId":"jr_abc0123456789abcdef0123456789abcdef0123456789abcdef0123456789def", "message":"Job run stopped" } }

爬网程序已启动

{ "version":"0", "id":"05efe8a2-c309-6884-a41b-3508bcdc9695", "detail-type":"Glue Crawler State Change", "source":"aws.glue", "account":"561226563745", "time":"2017-11-11T01:09:46Z", "region":"us-east-1", "resources":[ ], "detail":{ "accountId":"561226563745", "crawlerName":"S3toS3AcceptanceTestCrawlera470bd94-9e00-4518-8942-e80c8431c322", "startTime":"2017-11-11T01:09:46Z", "state":"Started", "message":"Crawler Started" } }

爬网程序成功

{ "version":"0", "id":"3d675db5-59b9-6388-b8e8-e0a9b6d567a9", "detail-type":"Glue Crawler State Change", "source":"aws.glue", "account":"561226563745", "time":"2017-11-11T01:25:00Z", "region":"us-east-1", "resources":[ ], "detail":{ "tablesCreated":"0", "warningMessage":"N/A", "partitionsUpdated":"0", "tablesUpdated":"0", "message":"Crawler Succeeded", "partitionsDeleted":"0", "accountId":"561226563745", "runningTime (sec)":"7", "tablesDeleted":"0", "crawlerName":"SchedulerTestCrawler51fb3a8b-1015-49f0-a969-ca126680b94b", "completionDate":"2017-11-11T01:25:00Z", "state":"Succeeded", "partitionsCreated":"0", "cloudWatchLogLink":"https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEventViewer:group=/aws-glue/crawlers;stream=SchedulerTestCrawler51fb3a8b-1015-49f0-a969-ca126680b94b" } }

爬网程序失败

{ "version":"0", "id":"f7965b59-470f-2e06-bb89-a8cebaabefac", "detail-type":"Glue Crawler State Change", "source":"aws.glue", "account":"782104008917", "time":"2017-10-20T05:10:08Z", "region":"us-east-1", "resources":[ ], "detail":{ "crawlerName":"test-crawler-notification", "errorMessage":"Internal Service Exception", "accountId":"1234", "cloudWatchLogLink":"https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEventViewer:group=/aws-glue/crawlers;stream=test-crawler-notification", "state":"Failed", "message":"Crawler Failed" } }

作业运行处于正在启动状态

{ "version":"0", "id":"66fbc5e1-aac3-5e85-63d0-856ec669a050", "detail-type":"Glue Job Run Status", "source":"aws.glue", "account":"123456789012", "time":"2018-04-24T20:57:34Z", "region":"us-east-1", "resources":[], "detail":{ "jobName":"MyJob", "severity":"INFO", "notificationCondition":{ "NotifyDelayAfter":1.0 }, "state":"STARTING", "jobRunId":"jr_6aa58e7a3aa44e2e4c7db2c50e2f7396cb57901729e4b702dcb2cfbbeb3f7a86", "message":"Job is in STARTING state", "startedOn":"2018-04-24T20:55:47.941Z" } }

作业运行处于正在运行状态

{ "version":"0", "id":"66fbc5e1-aac3-5e85-63d0-856ec669a050", "detail-type":"Glue Job Run Status", "source":"aws.glue", "account":"123456789012", "time":"2018-04-24T20:57:34Z", "region":"us-east-1", "resources":[], "detail":{ "jobName":"MyJob", "severity":"INFO", "notificationCondition":{ "NotifyDelayAfter":1.0 }, "state":"RUNNING", "jobRunId":"jr_6aa58e7a3aa44e2e4c7db2c50e2f7396cb57901729e4b702dcb2cfbbeb3f7a86", "message":"Job is in RUNNING state", "startedOn":"2018-04-24T20:55:47.941Z" } }

作业运行处于正在停止状态

{ "version":"0", "id":"66fbc5e1-aac3-5e85-63d0-856ec669a050", "detail-type":"Glue Job Run Status", "source":"aws.glue", "account":"123456789012", "time":"2018-04-24T20:57:34Z", "region":"us-east-1", "resources":[], "detail":{ "jobName":"MyJob", "severity":"INFO", "notificationCondition":{ "NotifyDelayAfter":1.0 }, "state":"STOPPING", "jobRunId":"jr_6aa58e7a3aa44e2e4c7db2c50e2f7396cb57901729e4b702dcb2cfbbeb3f7a86", "message":"Job is in STOPPING state", "startedOn":"2018-04-24T20:55:47.941Z" } }

AWS Glue 数据目录表状态更改

{ "version": "0", "id": "2617428d-715f-edef-70b8-d210da0317a0", "detail-type": "Glue Data Catalog Table State Change", "source": "aws.glue", "account": "123456789012", "time": "2019-01-16T18:16:01Z", "region": "eu-west-1", "resources": [ "arn:aws:glue:eu-west-1:123456789012:table/d1/t1" ], "detail": { "databaseName": "d1", "changedPartitions": [ "[C.pdf, dir3]", "[D.doc, dir4]" ], "typeOfChange": "BatchCreatePartition", "tableName": "t1" } }

AWS Glue 数据目录数据库状态更改

在以下示例中, typeofChangeCreateTable。此字段的其他可能值是 CreateDatabaseUpdateTable.

{ "version": "0", "id": "60e7ddc2-a588-5328-220a-21c060f6c3f4", "detail-type": "Glue Data Catalog Database State Change", "source": "aws.glue", "account": "123456789012", "time": "2019-01-16T18:08:48Z", "region": "eu-west-1", "resources": [ "arn:aws:glue:eu-west-1:123456789012:table/d1/t1" ], "detail": { "databaseName": "d1", "typeOfChange": "CreateTable", "changedTables": [ "t1" ] } }

AWS Ground Station 事件

有关AWS地面站事件示例的信息,请参阅 使用自动化AWS地面站 CloudWatch EventsAWS地面站用户指南.

Amazon GuardDuty 事件

有关示例 Amazon GuardDuty 事件的信息,请参阅 Amazon GuardDuty 用户指南Amazon CloudWatch Events中的使用 监控 Amazon GuardDuty

AWS Health 事件

以下是 AWS Personal Health Dashboard (AWS Health) 事件的格式。有关更多信息,请参阅 使用管理AWSHealth事件 Amazon CloudWatch EventsAWSHealth用户指南.

AWS Health 事件格式

{ "version": "0", "id": "7bf73129-1428-4cd3-a780-95db273d1602", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2016-06-05T06:27:57Z", "region": "region", "resources": [], "detail": { "eventArn": "arn:aws:health:region::event/id", "service": "service", "eventTypeCode": "AWS_service_code", "eventTypeCategory": "category", "startTime": "Sun, 05 Jun 2016 05:01:10 GMT", "endTime": "Sun, 05 Jun 2016 05:30:57 GMT", "eventDescription": [{ "language": "lang-code", "latestDescription": "description" }] ... } }
eventTypeCategory

事件的类别代码。可能的值为issueaccountNotificationscheduledChange

eventTypeCode

事件类型的唯一标识符。示例包括 AWS_EC2_INSTANCE_NETWORK_MAINTENANCE_SCHEDULEDAWS_EC2_INSTANCE_REBOOT_MAINTENANCE_SCHEDULED。包括 MAINTENANCE_SCHEDULED 通常在 startTime.

id

事件的唯一标识符。

服务

受事件影响的 AWS 服务。例如, EC2, S3, REDSHIFT,或 RDS.

Elastic Load Balancing API问题

{ "version": "0", "id": "121345678-1234-1234-1234-123456789012", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2016-06-05T06:27:57Z", "region": "ap-southeast-2", "resources": [], "detail": { "eventArn": "arn:aws:health:ap-southeast-2::event/AWS_ELASTICLOADBALANCING_API_ISSUE_90353408594353980", "service": "ELASTICLOADBALANCING", "eventTypeCode": "AWS_ELASTICLOADBALANCING_API_ISSUE", "eventTypeCategory": "issue", "startTime": "Sat, 11 Jun 2016 05:01:10 GMT", "endTime": "Sat, 11 Jun 2016 05:30:57 GMT", "eventDescription": [{ "language": "en_US", "latestDescription": "A description of the event will be provided here" } }

Amazon EC2 实例存储驱动器性能已降级

{ "version": "0", "id": "121345678-1234-1234-1234-123456789012", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2016-06-05T06:27:57Z", "region": "us-west-2", "resources": [ "i-abcd1111" ], "detail": { "eventArn": "arn:aws:health:us-west-2::event/AWS_EC2_INSTANCE_STORE_DRIVE_PERFORMANCE_DEGRADED_90353408594353980", "service": "EC2", "eventTypeCode": "AWS_EC2_INSTANCE_STORE_DRIVE_PERFORMANCE_DEGRADED", "eventTypeCategory": "issue", "startTime": "Sat, 05 Jun 2016 15:10:09 GMT", "eventDescription": [{ "language": "en_US", "latestDescription": "A description of the event will be provided here" }], "affectedEntities": [{ "entityValue": "i-abcd1111", "tags": { "stage": "prod", "app": "my-app" } }

AWS KMS 事件

以下是 AWS Key Management Service (AWS KMS) 事件的示例。有关更多信息,请参阅 AWS KMS 事件AWS Key Management Service Developer Guide.

KMS CMK 轮换

AWS KMS 自动轮换了 CMK 的密钥材料。

{ "version": "0", "id": "6a7e8feb-b491-4cf7-a9f1-bf3703467718", "detail-type": "KMS CMK Rotation", "source": "aws.kms", "account": "111122223333", "time": "2016-08-25T21:05:33Z", "region": "us-west-2", "resources": [ "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" ], "detail": { "key-id": "1234abcd-12ab-34cd-56ef-1234567890ab" } }

KMS 导入的密钥材料过期

AWS KMS 删除了 CMK 的过期密钥材料。

{ "version": "0", "id": "9da9af57-9253-4406-87cb-7cc400e43465", "detail-type": "KMS Imported Key Material Expiration", "source": "aws.kms", "account": "111122223333", "time": "2016-08-22T20:12:19Z", "region": "us-west-2", "resources": [ "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" ], "detail": { "key-id": "1234abcd-12ab-34cd-56ef-1234567890ab" } }

KMS CMK 删除

AWS KMS 完成了计划的 CMK 删除。

{ "version": "0", "id": "e9ce3425-7d22-412a-a699-e7a5fc3fbc9a", "detail-type": "KMS CMK Deletion", "source": "aws.kms", "account": "111122223333", "time": "2016-08-19T03:23:45Z", "region": "us-west-2", "resources": [ "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" ], "detail": { "key-id": "1234abcd-12ab-34cd-56ef-1234567890ab" } }

Amazon Macie 经典活动

以下是 Amazon Macie 经典活动。

警报已创建

{ "version": "0", "id": "CWE-event-id", "detail-type": "Macie Alert", "source": "aws.macie", "account": "123456789012", "time": "2017-04-24T22:28:49Z", "region": "us-east-1", "resources": [ "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id" ], "detail": { "notification-type": "ALERT_CREATED", "name": "Scanning bucket policies", "tags": [ "Custom_Alert", "Insider" ], "url": "https://lb00.us-east-1.macie.aws.amazon.com/111122223333/posts/alert_id", "alert-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "risk-score": 80, "trigger": { "rule-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id", "alert-type": "basic", "created-at": "2017-01-02 19:54:00.644000", "description": "Alerting on failed enumeration of large number of bucket policies", "risk": 8 }, "created-at": "2017-04-18T00:21:12.059000", "actor": "555566667777:assumed-role:superawesome:aroaidpldc7nsesfnheji", "summary": { "Description": "Alerting on failed enumeration of large number of bucket policies", "IP": { "34.199.185.34": 121, "34.205.153.2": 2, "72.21.196.70": 2 }, "Time Range": [ { "count": 125, "start": "2017-04-24T20:23:49Z", "end": "2017-04-24T20:25:54Z" } ], "Source ARN": "arn:aws:sts::123456789012:assumed-role/RoleName", "Record Count": 1, "Location": { "us-east-1": 125 }, "Event Count": 125, "Events": { "GetBucketLocation": { "count": 48, "ISP": { "Amazon": 48 } }, "ListRoles": { "count": 2, "ISP": { "Amazon": 2 } }, "GetBucketPolicy": { "count": 37, "ISP": { "Amazon": 37 }, "Error Code": { "NoSuchBucketPolicy": 22 } }, "GetBucketAcl": { "count": 37, "ISP": { "Amazon": 37 } }, "ListBuckets": { "count": 1, "ISP": { "Amazon": 1 } } }, "recipientAccountId": { "123456789012": 125 } } } }
{ "version": "0", "id": "CWE-event-id", "detail-type": "Macie Alert", "source": "aws.macie", "account": "123456789012", "time": "2017-04-18T18:15:41Z", "region": "us-east-1", "resources": [ "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id" ], "detail": { "notification-type": "ALERT_CREATED", "name": "Bucket is writable by all authenticated users", "tags": [ "Custom_Alert", "Audit" ], "url": "https://lb00.us-east-1.macie.aws.amazon.com/111122223333/posts/alert_id", "alert-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "risk-score": 70, "trigger": { "rule-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id", "alert-type": "basic", "created-at": "2017-04-08 00:21:30.749000", "description": "Bucket is writable by all authenticated users", "risk": 7 }, "created-at": "2017-04-18T18:16:17.046454", "actor": "444455556666", "summary": { "Description": "Bucket is writable by all authenticated users", "Bucket": { "secret-bucket-name": 1 }, "Record Count": 1, "ACL": { "secret-bucket-name": [ { "Owner": { "DisplayName": "bucket_owner", "ID": "089d2842f4b392f5c5c61f073bd2e4a37b3bb2e62659318c6960e8981648a17e" }, "Grants": [ { "Grantee": { "Type": "Group", "URI": "http://acs.amazonaws.com/groups/global/AuthenticatedUsers" }, "Permission": "WRITE" } ] } ] }, "Event Count": 1, "Timestamps": { "2017-01-10T22:48:06.784937": 1 } } } }

警报已更新

{ "version": "0", "id": "CWE-event-id", "detail-type": "Macie Alert", "source": "aws.macie", "account": "123456789012", "time": "2017-04-18T17:47:48Z", "region": "us-east-1", "resources": [ "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id" ], "detail": { "notification-type": "ALERT_UPDATED", "name": "Public bucket contains high risk object", "tags": [ "Custom_Alert", "Audit" ], "url": "https://lb00.us-east-1.macie.aws.amazon.com/111122223333/posts/alert_id", "alert-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id/alert/alert_id", "risk-score": 100, "trigger": { "rule-arn": "arn:aws:macie:us-east-1:123456789012:trigger/trigger_id", "alert-type": "basic", "created-at": "2017-04-08 00:23:39.138000", "description": "Public bucket contains high risk object", "risk": 10 }, "created-at": "2017-04-08T00:36:26.270000", "actor": "public_bucket", "summary": { "Description": "Public bucket contains high risk object", "Object": { "public_bucket/secret_key.txt": 1, "public_bucket/financial_summary.txt": 1 }, "Record Count": 2, "Themes": { "Secret Markings": 1, "Corporate Proposals": 1, "Confidential Markings": 1 }, "Event Count": 2, "DLP risk": { "7": 2 }, "Owner": { "bucket_owner": 2 }, "Timestamps": { "2017-04-03T16:12:53+00:00": 2 } } } }
{ "version": "0", "id": "CWE-event-id", "detail-type": "Macie Alert", "source": "aws.macie", "account": "123456789012", "time": "2017-04-22T03:31:47Z", "region": "us-east-1", "resources": [ "arn:aws:macie:us-east-1:123456789012:trigger/macie/alert/alert_id", "arn:aws:macie:us-east-1:123456789012:trigger/macie" ], "detail": { "notification-type": "ALERT_UPDATED", "name": "Lists the instance profiles that have the specified associated IAM role, Lists the names of the inline policies that are embedded in the specified IAM role", "tags": [ "Predictive", "Behavioral_Anomaly" ], "url": "https://lb00.us-east-1.macie.aws.amazon.com/111122223333/posts/alert_id", "alert-arn": "arn:aws:macie:us-east-1:123456789012:trigger/macie/alert/alert_id", "risk-score": 20, "created-at": "2017-04-22T03:08:35.256000", "actor": "123456789012:assumed-role:rolename", "trigger": { "alert-type": "predictive", "features": { "distinctEventName": { "name": "distinctEventName", "description": "Event Names executed during a user session", "narrative": "A sudden increase in event names utilized by a user can be an indicator of a change in user behavior or account risk", "risk": 3 }, "ListInstanceProfilesForRole": { "name": "ListInstanceProfilesForRole", "description": "Lists the instance profiles that have the specified associated IAM role", "narrative": "Information collection activity suggesting the start of a reconnaissance or exfiltration campaign", "anomalous": true, "multiplier": 8.420560747663552, "excession_times": [ "2017-04-21T18:00:00Z" ], "risk": 1 }, "ListRolePolicies": { "name": "ListRolePolicies", "description": "Lists the names of the inline policies that are embedded in the specified IAM role", "narrative": "Information collection activity suggesting the start of a reconnaisance or exfiltration campaign", "anomalous": true, "multiplier": 12.017441860465116, "excession_times": [ "2017-04-21T18:00:00Z" ], "risk": 2 } } } } }

Amazon Macie 事件

例如, Amazon Macie,请参阅 事件模式 Amazon Macie 发现。

AWS 管理控制台登录事件

AWS 管理控制台 登录事件仅可由 CloudWatch Events 在 美国东部(弗吉尼亚北部) 区域中检测到。

以下是控制台登录事件的示例:

{ "id": "6f87d04b-9f74-4f04-a780-7acf4b0a9b38", "detail-type": "AWS Console Sign In via CloudTrail", "source": "aws.signin", "account": "123456789012", "time": "2016-01-05T18:21:27Z", "region": "us-east-1", "resources": [], "detail": { "eventVersion": "1.02", "userIdentity": { "type": "Root", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012" }, "eventTime": "2016-01-05T18:21:27Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion": "us-east-1", "sourceIPAddress": "0.0.0.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36", "requestParameters": null, "responseElements": { "ConsoleLogin": "Success" }, "additionalEventData": { "LoginTo": "https://console.aws.amazon.com/console/home?state=hashArgs%23&isauthcode=true", "MobileVersion": "No", "MFAUsed": "No" }, "eventID": "324731c0-64b3-4421-b552-dfc3c27df4f6", "eventType": "AwsConsoleSignIn" } }

AWS OpsWorks Stacks 事件

以下是 AWS OpsWorks Stacks 事件的示例。

AWS OpsWorks 堆栈实例状态更改

指示 AWS OpsWorks Stacks 实例的状态更改。以下是实例状态。

  • booting

  • connection_lost

  • online

  • pending

  • rebooting

  • requested

  • running_setup

  • setup_failed

  • shutting_down

  • start_failed

  • stopping

  • stop_failed

  • stopped

  • terminating

  • terminated

{ "version": "0", "id": "dc5fa8df-48f1-2108-b1b9-1fe5ebcf2296", "detail-type": "OpsWorks Instance State Change", "source": "aws.opsworks", "account": "123456789012", "time": "2018-01-25T11:12:23Z", "region": "us-east-1", "resources": [ "arn:aws:opsworks:us-east-1:123456789012:instance/a648d98f-fdd8-4323-952a-a50z3e4z500z" ], "detail": { "initiated_by": "user", "hostname": "testing1", "stack-id": "acd3df16-e859-4598-8414-377b12a902da", "layer-ids": [ "d1a0cb7f-c7e9-4a63-811c-976f0267b2c8" ], "instance-id": "a648d98f-fdd8-4323-952a-a50z3e4z500z", "ec2-instance-id": "i-08b1c2b67aa292276", "status": "requested" } }

只有当实例处于 requestedterminatingstopping 状态时,才会填充 initiated_by 字段。initiated_by 字段可以包含以下值之一。

  • user - 用户使用 API 或 AWS 管理控制台 请求的实例状态更改。

  • auto-scaling - AWS OpsWorks Stacks 自动扩展功能启动的实例状态更改。

  • auto-healing - AWS OpsWorks Stacks 自动修复功能启动的实例状态更改。

AWS OpsWorks 堆栈命令状态更改

AWS OpsWorks Stacks 命令的状态中出现的更改。命令状态如下。

  • expired - 命令超时。

  • failed - 出现一般命令故障。

  • skipped - 由于实例在 AWS OpsWorks Stacks 中与在 Amazon EC2 中具有不同的状态,跳过了命令。

  • successful - 命令成功。

  • superseded - 由于命令将应用已经应用过的配置更改,跳过了命令。

{ "version": "0", "id": "96c778b6-a40e-c8c1-aafc-c9852a3a7b52", "detail-type": "OpsWorks Command State Change", "source": "aws.opsworks", "account": "123456789012", "time": "2018-01-26T08:54:40Z", "region": "us-east-1", "resources": [ "arn:aws:opsworks:us-east-1:123456789012:instance/a648d98f-fdd8-4323-952a-a50a3e4e500f" ], "detail": { "command-id": "acc9f4f3-a3ec-4fab-b70f-c7d04e71e3ec", "instance-id": "a648d98f-fdd8-4323-952a-a50a3e4e500f", "type": "setup", "status": "successful" } }

AWS OpsWorks 堆栈部署状态更改

AWS OpsWorks Stacks 部署的状态中出现的更改。部署状态如下。

  • running

  • successful

  • failed

{ "version": "0", "id": "b8230afa-60c7-f43f-b632-841c1cfb22ff", "detail-type": "OpsWorks Deployment State Change", "source": "aws.opsworks", "account": "123456789012", "time": "2018-01-25T11:15:48Z", "region": "us-east-1", "resources": [ "arn:aws:opsworks:us-east-1:123456789012:instance/a648d98f-fdd8-4323-952a-a50a3e4e500f" ], "detail": { "duration": 16, "stack-id": "acd3df16-e859-4598-8414-377b12a902da", "instance-ids": [ "a648d98f-fdd8-4323-952a-a50a3e4e500f" ], "deployment-id": "606419dc-418e-489c-8531-bff9770fc346", "command": "configure", "status": "successful" } }

只有在部署完成后才填充 duration 字段,以秒为单位显示时间。

AWS OpsWorks 堆栈警报

引发了 AWS OpsWorks Stacks 服务错误。

{ "version": "0", "id": "f99faa6f-0e27-e398-95bb-8f190806d275", "detail-type": "OpsWorks Alert", "source": "aws.opsworks", "account": "123456789012", "time": "2018-01-20T16:51:29Z", "region": "us-east-1", "resources": [], "detail": { "stack-id": "2f48f2be-ac7d-4dd5-80bb-88375f94db7b", "instance-id": "986efb74-69e8-4c6d-878e-5b77c054cbb0", "type": "InstanceStop", "message": "The shutdown of the instance timed out. Please try stopping it again." } }

SageMaker 事件

有关示例的信息 SageMaker 事件,请参阅 自动化 SageMaker 配 Amazon EventBridgeSageMaker 开发者指南

AWS Security Hub 事件

有关示例 Security Hub 事件的信息,请参阅 AWS Security Hub 用户指南Amazon CloudWatch Events中的使用 监控 AWS Security Hub

AWS Server Migration Service 事件

以下是 AWS Server Migration Service 事件的示例。

已删除复制作业通知

{ "version": "0", "id": "5630992d-92cd-439f-f2a8-92c8212aee24", "detail-type": "Server Migration Job State Change", "source": "aws.sms", "account": "123456789012", "time": "2018-02-07T22:30:11Z", "region": "us-west-1", "resources": [ "arn:aws:sms:us-west-1:123456789012:sms-job-21a64348" ], "detail": { "state": "Deleted", "replication-run-id": "N/A", "replication-job-id": "sms-job-21a64348", "version": "1.0" } }

已完成复制作业通知

{ "version": "0", "id": "3f9c59cc-f941-522a-be6d-f08e44ff1715", "detail-type": "Server Migration Job State Change", "source": "aws.sms", "account": "123456789012", "time": "2018-02-07T22:54:00Z", "region": "us-west-1", "resources": [ "arn:aws:sms:us-west-1:123456789012:sms-job-2ea64347", "arn:aws:sms:us-west-1:123456789012:sms-job-2ea64347/sms-run-e1a64388" ], "detail": { "state": "Completed", "replication-run-id": "sms-run-e1a64388", "replication-job-id": "sms-job-2ea64347", "ami-id": "ami-746d6314", "version": "1.0" } }

AWS Systems Manager 事件

以下是 AWS Systems Manager 事件的示例。有关更多信息,请参阅 监控 Systems Manager 事件 Amazon EventBridgeAWS Systems Manager 用户指南.

AWS Systems Manager 自动化事件

自动化步骤状态更改通知

{ "version": "0", "id": "eeca120b-a321-433e-9635-dab369006a6b", "detail-type": "EC2 Automation Step Status-change Notification", "source": "aws.ssm", "account": "123456789012", "time": "2016-11-29T19:43:35Z", "region": "us-east-1", "resources": ["arn:aws:ssm:us-east-1:123456789012:automation-execution/333ba70b-2333-48db-b17e-a5e69c6f4d1c", "arn:aws:ssm:us-east-1:123456789012:automation-definition/runcommand1:1"], "detail": { "ExecutionId": "333ba70b-2333-48db-b17e-a5e69c6f4d1c", "Definition": "runcommand1", "DefinitionVersion": 1.0, "Status": "Success", "EndTime": "Nov 29, 2016 7:43:25 PM", "StartTime": "Nov 29, 2016 7:43:23 PM", "Time": 2630.0, "StepName": "runFixedCmds", "Action": "aws:runCommand" } }

自动化执行状态更改通知

{ "version": "0", "id": "d290ece9-1088-4383-9df6-cd5b4ac42b99", "detail-type": "EC2 Automation Execution Status-change Notification", "source": "aws.ssm", "account": "123456789012", "time": "2016-11-29T19:43:35Z", "region": "us-east-1", "resources": ["arn:aws:ssm:us-east-1:123456789012:automation-execution/333ba70b-2333-48db-b17e-a5e69c6f4d1c", "arn:aws:ssm:us-east-1:123456789012:automation-definition/runcommand1:1"], "detail": { "ExecutionId": "333ba70b-2333-48db-b17e-a5e69c6f4d1c", "Definition": "runcommand1", "DefinitionVersion": 1.0, "Status": "Success", "StartTime": "Nov 29, 2016 7:43:20 PM", "EndTime": "Nov 29, 2016 7:43:26 PM", "Time": 5753.0, "ExecutedBy": "arn:aws:iam::123456789012:user/userName" } }

AWS Systems Manager 合规事件

以下是 AWS Systems Manager 合规性.

关联合规

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "Configuration Compliance State Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-07-17T19:03:26Z", "region": "us-west-1", "resources": [ "arn:aws:ssm:us-west-1:461348341421:managed-instance/i-01234567890abcdef" ], "detail": { "last-runtime": "2017-01-01T10:10:10Z", "compliance-status": "compliant", "resource-type": "managed-instance", "resource-id": "i-01234567890abcdef", "compliance-type": "Association" } }

关联不合规

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "Configuration Compliance State Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-07-17T19:02:31Z", "region": "us-west-1", "resources": [ "arn:aws:ssm:us-west-1:461348341421:managed-instance/i-01234567890abcdef" ], "detail": { "last-runtime": "2017-01-01T10:10:10Z", "compliance-status": "non_compliant", "resource-type": "managed-instance", "resource-id": "i-01234567890abcdef", "compliance-type": "Association" } }

补丁合规

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "Configuration Compliance State Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-07-17T19:03:26Z", "region": "us-west-1", "resources": [ "arn:aws:ssm:us-west-1:461348341421:managed-instance/i-01234567890abcdef" ], "detail": { "resource-type": "managed-instance", "resource-id": "i-01234567890abcdef", "compliance-status": "compliant", "compliance-type": "Patch", "patch-baseline-id": "PB789", "severity": "critical" } }

补丁不合规

{ "version": "0", "id": "01234567-0123-0123-0123-012345678901", "detail-type": "Configuration Compliance State Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-07-17T19:02:31Z", "region": "us-west-1", "resources": [ "arn:aws:ssm:us-west-1:461348341421:managed-instance/i-01234567890abcdef" ], "detail": { "resource-type": "managed-instance", "resource-id": "i-01234567890abcdef", "compliance-status": "non_compliant", "compliance-type": "Patch", "patch-baseline-id": "PB789", "severity": "critical" } }

AWS Systems Manager 维护时段事件

以下是 Systems Manager 维护时段事件的示例。

注册目标

另一个有效状态值为 DEREGISTERED.

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"Maintenance Window Target Registration Notification", "source":"aws.ssm", "account":"012345678901", "time":"2016-11-16T00:58:37Z", "region":"us-east-1", "resources":[ "arn:aws:ssm:us-west-2:001312665065:maintenancewindow/mw-0ed7251d3fcf6e0c2", "arn:aws:ssm:us-west-2:001312665065:windowtarget/e7265f13-3cc5-4f2f-97a9-7d3ca86c32a6" ], "detail":{ "window-target-id":"e7265f13-3cc5-4f2f-97a9-7d3ca86c32a6", "window-id":"mw-0ed7251d3fcf6e0c2", "status":"REGISTERED" } }

时间段执行类型

其他有效状态值是 PENDING, IN_PROGRESS, SUCCESS, FAILED, TIMED_OUT,和 SKIPPED_OVERLAPPING.

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"Maintenance Window Execution State-change Notification", "source":"aws.ssm", "account":"012345678901", "time":"2016-11-16T01:00:57Z", "region":"us-east-1", "resources":[ "arn:aws:ssm:us-west-2:0123456789ab:maintenancewindow/mw-123456789012345678" ], "detail":{ "start-time":"2016-11-16T01:00:56.427Z", "end-time":"2016-11-16T01:00:57.070Z", "window-id":"mw-0ed7251d3fcf6e0c2", "window-execution-id":"b60fb56e-776c-4e5c-84ee-123456789012", "status":"TIMED_OUT" } }

任务执行类型

其他有效状态值是 IN_PROGRESS, SUCCESS, FAILED,和 TIMED_OUT.

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"Maintenance Window Task Execution State-change Notification", "source":"aws.ssm", "account":"012345678901", "time":"2016-11-16T01:00:56Z", "region":"us-east-1", "resources":[ "arn:aws:ssm:us-west-2:0123456789ab:maintenancewindow/mw-123456789012345678" ], "detail":{ "start-time":"2016-11-16T01:00:56.759Z", "task-execution-id":"6417e808-7f35-4d1a-843f-123456789012", "end-time":"2016-11-16T01:00:56.847Z", "window-id":"mw-0ed7251d3fcf6e0c2", "window-execution-id":"b60fb56e-776c-4e5c-84ee-123456789012", "status":"TIMED_OUT" } }

已处理的任务目标

其他有效状态值是 IN_PROGRESS, SUCCESS, FAILED,和 TIMED_OUT.

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"Maintenance Window Task Target Invocation State-change Notification", "source":"aws.ssm", "account":"012345678901", "time":"2016-11-16T01:00:57Z", "region":"us-east-1", "resources":[ "arn:aws:ssm:us-west-2:0123456789ab:maintenancewindow/mw-123456789012345678" ], "detail":{ "start-time":"2016-11-16T01:00:56.427Z", "end-time":"2016-11-16T01:00:57.070Z", "window-id":"mw-0ed7251d3fcf6e0c2", "window-execution-id":"b60fb56e-776c-4e5c-84ee-123456789012", "task-execution-id":"6417e808-7f35-4d1a-843f-123456789012", "window-target-id":"e7265f13-3cc5-4f2f-97a9-123456789012", "status":"TIMED_OUT", "owner-information":"Owner" } }

时间段状态更改

有效的状态值为 ENABLEDDISABLED.

{ "version":"0", "id":"01234567-0123-0123-0123-0123456789ab", "detail-type":"Maintenance Window State-change Notification", "source":"aws.ssm", "account":"012345678901", "time":"2016-11-16T00:58:37Z", "region":"us-east-1", "resources":[ "arn:aws:ssm:us-west-2:0123456789ab:maintenancewindow/mw-123456789012345678" ], "detail":{ "window-id":"mw-123456789012", "status":"DISABLED" } }

AWS Systems Manager Parameter Store 事件

以下是 Systems Manager 参数存储.

创建参数

{ "version": "0", "id": "6a7e4feb-b491-4cf7-a9f1-bf3703497718", "detail-type": "Parameter Store Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-05-22T16:43:48Z", "region": "us-east-1", "resources": [ "arn:aws:ssm:us-east-1:123456789012:parameter/foo" ], "detail": { "operation": "Create", "name": "foo", "type": "String", "description": "Sample Parameter" } }

更新参数

{ "version": "0", "id": "9547ef2d-3b7e-4057-b6cb-5fdf09ee7c8f", "detail-type": "Parameter Store Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-05-22T16:44:48Z", "region": "us-east-1", "resources": [ "arn:aws:ssm:us-east-1:123456789012:parameter/foo" ], "detail": { "operation": "Update", "name": "foo", "type": "String", "description": "Sample Parameter" } }

删除参数

{ "version": "0", "id": "80e9b391-6a9b-413c-839a-453b528053af", "detail-type": "Parameter Store Change", "source": "aws.ssm", "account": "123456789012", "time": "2017-05-22T16:45:48Z", "region": "us-east-1", "resources": [ "arn:aws:ssm:us-east-1:123456789012:parameter/foo" ], "detail": { "operation": "Delete", "name": "foo", "type": "String", "description": "Sample Parameter" } }

AWS Systems Manager 运行命令事件

运行命令状态更改通知

{ "version": "0", "id": "51c0891d-0e34-45b1-83d6-95db273d1602", "detail-type": "EC2 Command Status-change Notification", "source": "aws.ssm", "account": "123456789012", "time": "2016-07-10T21:51:32Z", "region": "us-east-1", "resources": ["arn:aws:ec2:us-east-1:123456789012:instance/i-abcd1111"], "detail": { "command-id": "e8d3c0e4-71f7-4491-898f-c9b35bee5f3b", "document-name": "AWS-RunPowerShellScript", "expire-after": "2016-07-14T22:01:30.049Z", "parameters": { "executionTimeout": ["3600"], "commands": ["date"] }, "requested-date-time": "2016-07-10T21:51:30.049Z", "status": "Success" } }

运行命令调用状态更改通知

{ "version": "0", "id": "4780e1b8-f56b-4de5-95f2-95db273d1602", "detail-type": "EC2 Command Invocation Status-change Notification", "source": "aws.ssm", "account": "123456789012", "time": "2016-07-10T21:51:32Z", "region": "us-east-1", "resources": ["arn:aws:ec2:us-east-1:123456789012:instance/i-abcd1111"], "detail": { "command-id": "e8d3c0e4-71f7-4491-898f-c9b35bee5f3b", "document-name": "AWS-RunPowerShellScript", "instance-id": "i-9bb89e2b", "requested-date-time": "2016-07-10T21:51:30.049Z", "status": "Success" } }

AWS Systems Manager 州经理事件

State Manager 关联状态更改

{ "version":"0", "id":"db839caf-6f6c-40af-9a48-25b2ae2b7774", "detail-type":"EC2 State Manager Association State Change", "source":"aws.ssm", "account":"123456789012", "time":"2017-05-16T23:01:10Z", "region":"us-west-1", "resources":[ "arn:aws:ssm:us-west-1::document/AWS-RunPowerShellScript" ], "detail":{ "association-id":"6e37940a-23ba-4ab0-9b96-5d0a1a05464f", "document-name":"AWS-RunPowerShellScript", "association-version":"1", "document-version":"Optional.empty", "targets":"[{\"key\":\"InstanceIds\",\"values\":[\"i-12345678\"]}]", "creation-date":"2017-02-13T17:22:54.458Z", "last-successful-execution-date":"2017-05-16T23:00:01Z", "last-execution-date":"2017-05-16T23:00:01Z", "last-updated-date":"2017-02-13T17:22:54.458Z", "status":"Success", "association-status-aggregated-count":"{\"Success\":1}", "schedule-expression":"cron(0 */30 * * * ? *)", "association-cwe-version":"1.0" } }

State Manager 实例关联状态更改

{ "version":"0", "id":"6a7e8feb-b491-4cf7-a9f1-bf3703467718", "detail-type":"EC2 State Manager Instance Association State Change", "source":"aws.ssm", "account":"123456789012", "time":"2017-02-23T15:23:48Z", "region":"us-east-1", "resources":[ "arn:aws:ec2:us-east-1:123456789012:instance/i-12345678", "arn:aws:ssm:us-east-1:123456789012:document/my-custom-document" ], "detail":{ "association-id":"34fcb7e0-9a14-4984-9989-0e04e3f60bd8", "instance-id":"i-12345678", "document-name":"my-custom-document", "document-version":"1", "targets":"[{\"key\":\"instanceids\",\"values\":[\"i-12345678\"]}]", "creation-date":"2017-02-23T15:23:48Z", "last-successful-execution-date":"2017-02-23T16:23:48Z", "last-execution-date":"2017-02-23T16:23:48Z", "status":"Success", "detailed-status":"", "error-code":"testErrorCode", "execution-summary":"testExecutionSummary", "output-url":"sampleurl", "instance-association-cwe-version":"1" } }

AWS Step Functions 事件

对于 Step Functions 示例事件,请参阅 Step Functions 事件示例AWS Step Functions 开发人员指南.

AWS 资源上的标签更改事件

下面是一个标签事件示例。

{ "version": "0", "id": "ffd8a6fe-32f8-ef66-c85c-111111111111", "detail-type": "Tag Change on Resource", "source": "aws.tag", "account": "123456789012", "time": "2018-09-18T20:41:06Z", "region": "us-east-1", "resources": [ "arn:aws:ec2:us-east-1:123456789012:instance/i-0000000aaaaaaaaaa" ], "detail": { "changed-tag-keys": [ "key2", "key3" ], "service": "ec2", "resource-type": "instance", "version": 5, "tags": { "key4": "value4", "key1": "value1", "key2": "value2" } } }

AWS Trusted Advisor 事件

以下是 AWS Trusted Advisor 事件的示例。有关更多信息,请参阅 监控 Trusted Advisor 使用查看结果 Amazon CloudWatch EventsAWS Support User Guide.

低利用率 Amazon EC2 实例

{ "version": "0", "id": "1234abcd-ab12-123a-123a-1234567890ab", "detail-type": "Trusted Advisor Check Item Refresh Notification", "source": "aws.trustedadvisor", "account": "123456789012", "time": "2018-01-12T20:07:49Z", "region": "us-east-2", "resources": [], "detail": { "check-name": "Low Utilization Amazon EC2 Instances", "check-item-detail": { "Day 1": "0.1% 0.00MB", "Day 2": "0.1% 0.00MB", "Day 3": "0.1% 0.00MB", "Region/AZ": "ca-central-1a", "Estimated Monthly Savings": "$9.22", "14-Day Average CPU Utilization": "0.1%", "Day 14": "0.1% 0.00MB", "Day 13": "0.1% 0.00MB", "Day 12": "0.1% 0.00MB", "Day 11": "0.1% 0.00MB", "Day 10": "0.1% 0.00MB", "14-Day Average Network I/O": "0.00MB", "Number of Days Low Utilization": "14 days", "Instance Type": "t2.micro", "Instance ID": "i-01234567890abcdef", "Day 8": "0.1% 0.00MB", "Instance Name": null, "Day 9": "0.1% 0.00MB", "Day 4": "0.1% 0.00MB", "Day 5": "0.1% 0.00MB", "Day 6": "0.1% 0.00MB", "Day 7": "0.1% 0.00MB" }, "status": "WARN", "resource_id": "arn:aws:ec2:ca-central-1:123456789012:instance/i-01234567890abcdef", "uuid": "aa12345f-55c7-498e-b7ac-123456789012" } }

负载均衡器优化

{ "version": "0", "id": "1234abcd-ab12-123a-123a-1234567890ab", "detail-type": "Trusted Advisor Check Item Refresh Notification", "source": "aws.trustedadvisor", "account": "123456789012", "time": "2018-01-12T20:07:03Z", "region": "us-east-2", "resources": [], "detail": { "check-name": "Load Balancer Optimization ", "check-item-detail": { "Instances in Zone a": "1", "Status": "Yellow", "Instances in Zone b": "0", "# of Zones": "2", "Region": "eu-central-1", "Load Balancer Name": "my-load-balance", "Instances in Zone e": null, "Instances in Zone c": null, "Reason": "Single AZ", "Instances in Zone d": null }, "status": "WARN", "resource_id": "arn:aws:elasticloadbalancing:eu-central-1:123456789012:loadbalancer/my-load-balancer", "uuid": "aa12345f-55c7-498e-b7ac-123456789012" } }

已泄露的访问密钥

{ "version": "0", "id": "1234abcd-ab12-123a-123a-1234567890ab", "detail-type": "Trusted Advisor Check Item Refresh Notification", "source": "aws.trustedadvisor", "account": "123456789012", "time": "2018-01-12T19:38:24Z", "region": "us-east-1", "resources": [], "detail": { "check-name": "Exposed Access Keys", "check-item-detail": { "Case ID": "12345678-1234-1234-abcd-1234567890ab", "Usage (USD per Day)": "0", "User Name (IAM or Root)": "my-username", "Deadline": "1440453299248", "Access Key ID": "AKIAIOSFODNN7EXAMPLE", "Time Updated": "1440021299248", "Fraud Type": "Exposed", "Location": "www.example.com" }, "status": "ERROR", "resource_id": "", "uuid": "aa12345f-55c7-498e-b7ac-123456789012" } }

Amazon WorkSpaces 事件

有关 Amazon WorkSpaces 事件,请参阅 监控您的 WorkSpaces 使用 CloudWatch 事件Amazon WorkSpaces Administration Guide.

通过 CloudTrail 传送的事件

您也可以对并不发出事件且不在此页面中列出的服务使用 CloudWatch Events。AWS CloudTrail 是一个服务,可用于自动记录事件,例如 AWS API 调用。您可以创建对 CloudTrail 所捕获的信息触发的 CloudWatch Events 规则。有关 CloudTrail 的更多信息,请参阅什么是 AWS CloudTrail?。有关如何创建使用 CloudTrail 的 CloudWatch Events规则的更多信息,请参阅 使用 AWS CloudTrail 创建对 AWS API 调用触发的 CloudWatch Events 规则

通过 CloudTrail 传递的所有事件都具有 AWS API Call via CloudTrail 作为 detail-type 的值。

AWS 中的某些事件可以由服务本身和由 CloudTrail 报告给 CloudWatch Events,但是以不同的方式报告。例如,启动或终止实例的 Amazon EC2 API 调用生成可通过 CloudTrail 对 CloudWatch Events 可用的事件。但是,举例来说,Amazon EC2 实例状态更改(从“正在运行”更改为“正在终止”)是 CloudWatch Events 事件本身。

以下是通过 CloudTrail 传送的事件的示例。该事件由对 Amazon S3 的 AWS API 调用生成,用以创建存储桶。

{ "version": "0", "id": "36eb8523-97d0-4518-b33d-ee3579ff19f0", "detail-type": "AWS API Call via CloudTrail", "source": "aws.s3", "account": "123456789012", "time": "2016-02-20T01:09:13Z", "region": "us-east-1", "resources": [], "detail": { "eventVersion": "1.03", "userIdentity": { "type": "Root", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "sessionContext": { "attributes": { "mfaAuthenticated": "false", "creationDate": "2016-02-20T01:05:59Z" } } }, "eventTime": "2016-02-20T01:09:13Z", "eventSource": "s3.amazonaws.com", "eventName": "CreateBucket", "awsRegion": "us-east-1", "sourceIPAddress": "100.100.100.100", "userAgent": "[S3Console/0.4]", "requestParameters": { "bucketName": "bucket-test-iad" }, "responseElements": null, "requestID": "9D767BCC3B4E7487", "eventID": "24ba271e-d595-4e66-a7fd-9c16cbf8abae", "eventType": "AwsApiCall" } }

大于 256 KB 的 AWS API 调用事件不受支持。有关可用作规则触发器的API调用的更多信息,请参阅 支持的服务 CloudTrail 事件历史记录.