本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用監視回收站 AWS CloudTrail
資源回收筒服務已與整合 AWS CloudTrail。 CloudTrail 是提供使用者、角色或服務所採取之動作記錄的 AWS 服務。 CloudTrail 捕獲在回收站中執行的所有 API 調用作為事件。如果您建立追蹤,您可以啟用連續交付 CloudTrail 事件到 Amazon Simple Storage Service (Amazon S3) 儲存貯體。如果您未設定追蹤,您仍然可以在 [事件歷程記錄] 的 CloudTrail 主控台中檢視最近的管理事件。您可以使用收集的資訊 CloudTrail 來判斷向資源回收筒提出的要求、提出要求的 IP 位址、提出要求的人員、提出要求的時間,以及其他詳細資訊。
若要取得有關的更多資訊 CloudTrail,請參閱AWS CloudTrail 使用者指南。
資源回收筒資訊 CloudTrail
CloudTrail 在您創建 AWS 帳戶時,您的帳戶已啟用。當資源回收筒中發生受支援的事件活動時,該活動會與 CloudTrail 事件歷史記錄中的其他 AWS 服務事件一起記錄在事件中。您可以在帳戶中查看,搜索和下載最近的事 AWS 件。如需詳細資訊,請參閱檢視具有事 CloudTrail 件記錄的事件。
如需 AWS 帳戶中持續記錄事件 (包括資源回收筒的事件),請建立追蹤。追蹤可 CloudTrail 將日誌檔傳遞至 S3 儲存貯體。根據預設,當您在主控台中建立追蹤時,追蹤會套用至所有 AWS 區域。追蹤記錄來自 AWS 分割區中所有區域的事件,並將日誌檔傳送到您指定的 S3 儲存貯體。此外,您還可以設定其他 AWS 服務,以進一步分析 CloudTrail 記錄中收集的事件資料並採取行動。如需詳細資訊,請參閱 AWS CloudTrail 使用者指南中的建立追蹤的概觀。
支援的 API 動作
對於資源回收筒,您可以使 CloudTrail 用將下列 API 動作記錄為管理事件。
-
CreateRule
-
UpdateRule
-
GetRules
-
ListRule
-
DeleteRule
-
TagResource
-
UntagResource
-
ListTagsForResource
-
LockRule
-
UnlockRule
如需有關記錄管理事件的詳細資訊,請參閱《CloudTrail 使用指南》中的記錄追蹤的管理事件。
身分資訊
每一筆事件或日誌項目都會包含產生請求者的資訊。身分資訊可協助您判斷下列事項:
-
該請求是使用根使用者還是使用者憑證提出。
-
提出該請求時,是否使用了特定角色或聯合身分使用者的暫時安全憑證。
-
請求是否由其他 AWS 服務提出。
如需詳細資訊,請參閱CloudTrail userIdentityElement。
了解資源回收筒日誌檔項目
追蹤是一種組態,可讓事件以日誌檔的形式傳遞至您指定的 S3 儲存貯體。 CloudTrail 記錄檔包含一或多個記錄項目。事件代表來自任何來源的單一請求,包括有關請求的操作,動作的日期和時間,請求參數等信息。 CloudTrail 日誌文件不是公共 API 調用的有序堆棧跟踪,因此它們不會以任何特定順序顯示。
以下是範例 CloudTrail 記錄項目。
- CreateRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-08-02T21:43:38Z" } } }, "eventTime": "2021-08-02T21:45:22Z", "eventSource": "rbin.amazonaws.com", "eventName": "CreateRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.9 Python/3.6.14 Linux/4.9.230-0.1.ac.224.84.332.metal1.x86_64 botocore/1.21.9", "requestParameters": { "retentionPeriod": { "retentionPeriodValue": 7, "retentionPeriodUnit": "DAYS" }, "description": "Match all snapshots", "resourceType": "EBS_SNAPSHOT" }, "responseElements": { "identifier": "jkrnexample" }, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- GetRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-08-02T21:43:38Z" } } }, "eventTime": "2021-08-02T21:45:33Z", "eventSource": "rbin.amazonaws.com", "eventName": "GetRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.9 Python/3.6.14 Linux/4.9.230-0.1.ac.224.84.332.metal1.x86_64 botocore/1.21.9", "requestParameters": { "identifier": "jkrnexample" }, "responseElements": null, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- ListRules
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-08-02T21:43:38Z" } } }, "eventTime": "2021-08-02T21:44:37Z", "eventSource": "rbin.amazonaws.com", "eventName": "ListRules", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.9 Python/3.6.14 Linux/4.9.230-0.1.ac.224.84.332.metal1.x86_64 botocore/1.21.9", "requestParameters": { "resourceTags": [ { "resourceTagKey": "test", "resourceTagValue": "test" } ] }, "responseElements": null, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- UpdateRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-08-02T21:43:38Z" } } }, "eventTime": "2021-08-02T21:46:03Z", "eventSource": "rbin.amazonaws.com", "eventName": "UpdateRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.9 Python/3.6.14 Linux/4.9.230-0.1.ac.224.84.332.metal1.x86_64 botocore/1.21.9", "requestParameters": { "identifier": "jkrnexample", "retentionPeriod": { "retentionPeriodValue": 365, "retentionPeriodUnit": "DAYS" }, "description": "Match all snapshots", "resourceType": "EBS_SNAPSHOT" }, "responseElements": null, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- DeleteRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-08-02T21:43:38Z" } } }, "eventTime": "2021-08-02T21:46:25Z", "eventSource": "rbin.amazonaws.com", "eventName": "DeleteRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.9 Python/3.6.14 Linux/4.9.230-0.1.ac.224.84.332.metal1.x86_64 botocore/1.21.9", "requestParameters": { "identifier": "jkrnexample" }, "responseElements": null, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- TagResource
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-10-22T21:38:34Z" } } }, "eventTime": "2021-10-22T21:43:15Z", "eventSource": "rbin.amazonaws.com", "eventName": "TagResource", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.26 Python/3.6.14 Linux/4.9.273-0.1.ac.226.84.332.metal1.x86_64 botocore/1.21.26", "requestParameters": { "resourceArn": "arn:aws:rbin:us-west-2:123456789012:rule/ABCDEF01234", "tags": [ { "key": "purpose", "value": "production" } ] }, "responseElements": null, "requestID": "examplee-7962-49ec-8633-795efexample", "eventID": "example4-6826-4c0a-bdec-0bab1example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- UntagResource
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-10-22T21:38:34Z" } } }, "eventTime": "2021-10-22T21:44:16Z", "eventSource": "rbin.amazonaws.com", "eventName": "UntagResource", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.26 Python/3.6.14 Linux/4.9.273-0.1.ac.226.84.332.metal1.x86_64 botocore/1.21.26", "requestParameters": { "resourceArn": "arn:aws:rbin:us-west-2:123456789012:rule/ABCDEF01234", "tagKeys": [ "purpose" ] }, "responseElements": null, "requestID": "example7-6c1e-4f09-9e46-bb957example", "eventID": "example6-75ff-4c94-a1cd-4d5f5example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- ListTagsForResource
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "2021-10-22T21:38:34Z" } } }, "eventTime": "2021-10-22T21:42:31Z", "eventSource": "rbin.amazonaws.com", "eventName": "ListTagsForResource", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "aws-cli/1.20.26 Python/3.6.14 Linux/4.9.273-0.1.ac.226.84.332.metal1.x86_64 botocore/1.21.26", "requestParameters": { "resourceArn": "arn:aws:rbin:us-west-2:123456789012:rule/ABCDEF01234" }, "responseElements": null, "requestID": "example8-10c7-43d4-b147-3d9d9example", "eventID": "example2-24fc-4da7-a479-c9748example", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "123456789012", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- LockRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "creationDate": "2022-10-25T00:45:11Z", "mfaAuthenticated": "false" } } }, "eventTime": "2022-10-25T00:45:19Z", "eventSource": "rbin.amazonaws.com", "eventName": "LockRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "python-requests/2.25.1", "requestParameters": { "identifier": "jkrnexample", "lockConfiguration": { "unlockDelay": { "unlockDelayValue": 7, "unlockDelayUnit": "DAYS" } } }, "responseElements": { "identifier": "jkrnexample", "description": "", "resourceType": "EBS_SNAPSHOT", "retentionPeriod": { "retentionPeriodValue": 7, "retentionPeriodUnit": "DAYS" }, "resourceTags": [], "status": "available", "lockConfiguration": { "unlockDelay": { "unlockDelayValue": 7, "unlockDelayUnit": "DAYS" } }, "lockState": "locked" }, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }- UnlockRule
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:root", "accountId": "123456789012", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "123456789012", "arn": "arn:aws:iam::123456789012:role/Admin", "accountId": "123456789012", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "creationDate": "2022-10-25T00:45:11Z", "mfaAuthenticated": "false" } } }, "eventTime": "2022-10-25T00:46:17Z", "eventSource": "rbin.amazonaws.com", "eventName": "UnlockRule", "awsRegion": "us-west-2", "sourceIPAddress": "123.123.123.123", "userAgent": "python-requests/2.25.1", "requestParameters": { "identifier": "jkrnexample" }, "responseElements": { "identifier": "jkrnexample", "description": "", "resourceType": "EC2_IMAGE", "retentionPeriod": { "retentionPeriodValue": 7, "retentionPeriodUnit": "DAYS" }, "resourceTags": [], "status": "available", "lockConfiguration": { "unlockDelay": { "unlockDelayValue": 7, "unlockDelayUnit": "DAYS" } }, "lockState": "pending_unlock", "lockEndTime": "Nov 1, 2022, 12:46:17 AM" }, "requestID": "ex0577a5-amc4-pl4f-ef51-50fdexample", "eventID": "714fafex-2eam-42pl-913e-926d4example", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "rbin.us-west-2.amazonaws.com" } }
監視器使用 EventBridge
資源位置