SynchronizeMultiRegionKey - AWS Key Management Service

SynchronizeMultiRegionKey

以下示例显示了 AWS KMS 同步多区域密钥时生成的一个 AWS CloudTrail 日志条目。同步涉及将多区域主密钥的共享属性复制到其副本密钥的跨区域调用。AWS KMS 会定期同步多区域密钥,以确保所有相关的多区域密钥具有相同的密钥材料。

CloudTrail 日志条目的 resources 元素包含多区域主密钥的密钥 ARN,包括其 AWS 区域。此日志条目中未列出相关的多区域副本密钥及其区域。

{ "eventVersion": "1.08", "userIdentity": { "accountId": "111122223333", "invokedBy": "AWS Internal" }, "eventTime": "2020-11-18T02:04:37Z", "eventSource": "kms.amazonaws.com", "eventName": "SynchronizeMultiRegionKey", "awsRegion": "us-west-2", "sourceIPAddress": "AWS Internal", "userAgent": "AWS Internal", "requestParameters": null, "responseElements": null, "requestID": "12345681-de97-42e9-bed0-b02ae1abd8dc", "eventID": "abcdec99-2b5c-4670-9521-ddb8f031e146", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }