本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
CloudTrail Amazon S3 和 S3 on Outposts 的日誌檔案項目
重要
Amazon S3 現在會套用伺服器端加密搭配 Amazon S3 受管金鑰 (SSE-S3),作為 Amazon S3 中每個儲存貯體的基本加密層級。從 2023 年 1 月 5 日起,所有上傳到 Amazon S3 的新物件都會自動加密,無需額外費用,也不會影響效能。S3 儲存貯體預設加密組態和新物件上傳的自動加密狀態可在 AWS CloudTrail 日誌、S3 庫存、S3 Storage Lens、Amazon S3 主控台,以及 AWS Command Line Interface 和 中的其他 Amazon S3 API回應標頭中使用 AWS SDKs。如需詳細資訊,請參閱預設加密。 FAQ
事件代表來自任何來源的單一請求,並包含請求API操作、操作日期和時間、請求參數等相關資訊。 CloudTrail log 檔案不是公用API呼叫的有序堆疊追蹤,因此事件不會以任何特定順序顯示。
注意
若要檢視 Amazon S3 Express One Zone 的 CloudTrail 日誌檔案範例,請參閱 CloudTrail S3 Express One Zone 的日誌檔案範例。
如需詳細資訊,請參閱下列範例。
範例:Amazon S3 的 CloudTrail 日誌檔案項目
下列範例顯示 CloudTrail 日誌項目,示範 GET 服務 、 PutBucketAcl、 和 GetBucketVersioning 動作。
{ "Records": [ { "eventVersion": "1.03", "userIdentity": { "type": "IAMUser", "principalId": "
111122223333
", "arn": "arn:aws:iam::111122223333:user/myUserName
", "accountId": "111122223333
", "accessKeyId": "AKIAIOSFODNN7EXAMPLE
", "userName": "myUserName
" }, "eventTime": "2019-02-01T03:18:19Z", "eventSource": "s3.amazonaws.com", "eventName": "ListBuckets", "awsRegion": "us-west-2
", "sourceIPAddress": "127.0.0.1
", "userAgent": "[]", "requestParameters": { "host": [ "s3.us-west-2
.amazonaws.com" ] }, "responseElements": null, "additionalEventData": { "SignatureVersion": "SigV2", "AuthenticationMethod": "QueryString", "aclRequired": "Yes" }, "requestID": "47B8E8D397DCE7A6", "eventID": "cdc4b7ed-e171-4cef-975a-ad829d4123e8", "eventType": "AwsApiCall", "recipientAccountId": "444455556666
", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "s3.amazonaws.com" } }, { "eventVersion": "1.03", "userIdentity": { "type": "IAMUser", "principalId": "111122223333
", "arn": "arn:aws:iam::111122223333
:user/myUserName
", "accountId": "111122223333
", "accessKeyId": "AKIAIOSFODNN7EXAMPLE
", "userName": "myUserName
" }, "eventTime": "2019-02-01T03:22:33Z", "eventSource": "s3.amazonaws.com", "eventName": "PutBucketAcl", "awsRegion": "us-west-2
", "sourceIPAddress": "", "userAgent": "[]", "requestParameters": { "bucketName": "", "AccessControlPolicy": { "AccessControlList": { "Grant": { "Grantee": { "xsi:type": "CanonicalUser", "xmlns:xsi": "http://www.w3.org/2001/XMLSchema-instance", "ID": "d25639fbe9c19cd30a4c0f43fbf00e2d3f96400a9aa8dabfbbebe1906Example" }, "Permission": "FULL_CONTROL" } }, "xmlns": "http://s3.amazonaws.com/doc/2006-03-01/", "Owner": { "ID": "d25639fbe9c19cd30a4c0f43fbf00e2d3f96400a9aa8dabfbbebe1906Example" } }, "host": [ "s3.us-west-2
.amazonaws.com" ], "acl": [ "" ] }, "responseElements": null, "additionalEventData": { "SignatureVersion": "SigV4", "CipherSuite": "ECDHE-RSA-AES128-SHA", "AuthenticationMethod": "AuthHeader" }, "requestID": "BD8798EACDD16751", "eventID": "607b9532-1423-41c7-b048-ec2641693c47", "eventType": "AwsApiCall", "recipientAccountId": "111122223333
", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "s3.amazonaws.com" } }, { "eventVersion": "1.03", "userIdentity": { "type": "IAMUser", "principalId": "111122223333
", "arn": "arn:aws:iam::111122223333
:user/myUserName
", "accountId": "111122223333
", "accessKeyId": "AKIAIOSFODNN7EXAMPLE
", "userName": "myUserName
" }, "eventTime": "2019-02-01T03:26:37Z", "eventSource": "s3.amazonaws.com", "eventName": "GetBucketVersioning", "awsRegion": "us-west-2
", "sourceIPAddress": "", "userAgent": "[]", "requestParameters": { "host": [ "s3.us-west-2
.amazonaws.com" ], "bucketName": "amzn-s3-demo-bucket1
", "versioning": [ "" ] }, "responseElements": null, "additionalEventData": { "SignatureVersion": "SigV4", "CipherSuite": "ECDHE-RSA-AES128-SHA", "AuthenticationMethod": "AuthHeader" }, "requestID": "07D681279BD94AED", "eventID": "f2b287f3-0df1-4961-a2f4-c4bdfed47657", "eventType": "AwsApiCall", "recipientAccountId": "111122223333
", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "s3.amazonaws.com" } } ] }