本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
記錄 AWS RE: 使用發佈私有 API 呼叫 AWS CloudTrail
AWS RE:私有貼文與服務整合在一起AWS CloudTrail,該服務可提供使用者、角色或服AWS務在 RE: 私有貼文中所採取的動作記錄。 CloudTrail 擷取 Re: 以私有方式張貼為事件的所有 API 呼叫。擷取的呼叫包括來自 Re: POST 私人主控台的呼叫,以及對 Re: POST 私有 API 作業的程式碼呼叫。如果您建立追蹤,您可以啟用持續傳遞 CloudTrail 事件至 Amazon S3 儲存貯體,包括 Re: Post Private 的事件。如果您未設定追蹤,您仍然可以在 [事件歷程記錄] 中檢視 CloudTrail 主控台中最近的事件。使用收集的資訊 CloudTrail,您可以判斷對 Re: Post Private 提出的要求、提出要求的 IP 位址、提出要求的人員、提出要求的時間以及其他詳細資訊。
若要進一步了解 CloudTrail,請參閱使AWS CloudTrail用者指南。
Re: 張貼私人資訊 CloudTrail
CloudTrail 在您創建帳戶AWS 帳戶時啟用。當活動在 Re: Post Private 中發生時,該活動會與事件歷史記錄中的其他AWS服務 CloudTrail 事件一起記錄在事件中。您可以檢視、搜尋和下載 AWS 帳戶 的最新事件。如需詳細資訊,請參閱使用 CloudTrail 事件歷程記錄。
如需您的事件的持續記錄AWS 帳戶,包括 Re: Post Private 的事件,請建立追蹤。追蹤可 CloudTrail 將日誌檔交付到 Amazon S3 儲存貯體。依預設,當您在主控台中建立追蹤時,該追蹤會套用至所有的 AWS 區域。該追蹤會記錄來自 AWS 分割區中所有區域的事件,並將日誌檔案交付到您指定的 Amazon S3 儲存貯體。此外,您還可以設定其他AWS服務,以進一步分析 CloudTrail 記錄中收集的事件資料並採取行動。如需詳細資訊,請參閱下列內容:
所有 RE: 私有貼文動作都會記錄 CloudTrail 並記錄在 AWS RE: POST 私有 API 參考中。Re: Post Priv ate 支援將下列動作記錄為記錄檔中的事件: CloudTrail
RE: 私人貼文支援將下列AWS Support動作記錄為記錄 CloudTrail 檔中的事件:
每一筆事件或日誌項目都會包含產生請求者的資訊。身分資訊可協助您判斷下列事項:
-
該請求是否透過根或 AWS Identity and Access Management (IAM) 使用者憑證來提出。
-
提出該請求時,是否使用了特定角色或聯合身分使用者的暫時安全憑證。
-
該請求是否由另一項 AWS 服務提出。
如需詳細資訊,請參閱 CloudTrail userIdentity 元素。
瞭解 RE: 張貼私人記錄檔項目
追蹤是一種組態,可讓事件以日誌檔的形式傳遞到您指定的 Amazon S3 儲存貯體。 CloudTrail 記錄檔包含一或多個記錄項目。事件代表來自任何來源的單一請求,包括有關請求的操作,動作的日期和時間,請求參數等信息。 CloudTrail 日誌文件不是公共 API 調用的有序堆棧跟踪,因此它們不會以任何特定順序顯示。
下列範例顯示示範CreateSpace動作的 CloudTrail 記錄項目。
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "AROAQM47QIR7WLEXAMPLE:user", "arn": "arn:aws:sts::123456789012:assumed-role/User/user", "accountId": "123456789012", "accessKeyId": "EXAMPLE_KEY_ID", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AROAQM47QIR7WLEXAMPLE", "arn": "arn:aws:iam::123456789012:role/User", "accountId": "123456789012", "userName": "User" }, "webIdFederationData": {}, "attributes": { "creationDate": "2023-11-06T19:24:39Z", "mfaAuthenticated": "false" } } }, "eventTime": "2023-11-06T21:37:44Z", "eventSource": "repostspace.amazonaws.com", "eventName": "CreateSpace", "awsRegion": "us-west-2", "sourceIPAddress": "205.251.233.176", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "requestParameters": { "spaceName": "Test space name", "spaceSubdomain": "customsubdomain", "tagSet": {}, "tier": "2000", "roleArn": "", "spaceDescription": "Test space description" }, "responseElements": { "spaceId": "SPLPWvQmv9SIWYF30EXAMPLE", "Access-Control-Expose-Headers": "x-amzn-errortype, x-amzn-requestid, x-amzn-errormessage, x-amzn-trace-id, x-amz-apigw-id, date" }, "requestID": "71d815e0-6632-4ec9-9fac-92af3e4a86dc", "eventID": "30a6c3da-ce2e-4931-ba5d-b3cc7cf16ec8", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management" }
下列範例顯示示範RegisterAdmin動作的 CloudTrail 記錄項目。
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "AROAQM47QIR7WLEXAMPLE:user", "arn": "arn:aws:sts::123456789012:assumed-role/User/user", "accountId": "123456789012", "accessKeyId": "EXAMPLE_KEY_ID", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AROAQM47QIR7WLEXAMPLE", "arn": "arn:aws:iam::123456789012:role/User", "accountId": "123456789012", "userName": "User" }, "webIdFederationData": {}, "attributes": { "creationDate": "2023-11-07T21:17:19Z", "mfaAuthenticated": "false" } } }, "eventTime": "2023-11-07T21:24:23Z", "eventSource": "repostspace.amazonaws.com", "eventName": "RegisterAdmin", "awsRegion": "us-west-2", "sourceIPAddress": "205.251.233.183", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "requestParameters": { "adminId": "08612310-a0f1-7063-3e54-fb2960444dd1", "spaceId": "SPlYNZE-ylQEmAXpmEXAMPLE" }, "responseElements": { "Access-Control-Expose-Headers": "x-amzn-errortype, x-amzn-requestid, x-amzn-errormessage, x-amzn-trace-id, x-amz-apigw-id, date" }, "requestID": "9939ebbe-8599-4f9a-827b-4995e3006001", "eventID": "e1873b18-f80c-4934-9ff2-bf5b35c78031", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management" }
下列範例顯示示範ListSpaces動作的 CloudTrail 記錄項目。
{ "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "AROAQM47QIR7WLEXAMPLE:user", "arn": "arn:aws:sts::123456789012:assumed-role/User/user", "accountId": "123456789012", "accessKeyId": "EXAMPLE_KEY_ID", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AROAQM47QIR7WLEXAMPLE", "arn": "arn:aws:iam::123456789012:role/User", "accountId": "123456789012", "userName": "User" }, "webIdFederationData": {}, "attributes": { "creationDate": "2023-11-09T22:28:23Z", "mfaAuthenticated": "false" } } }, "eventTime": "2023-11-09T22:38:34Z", "eventSource": "repostspace.amazonaws.com", "eventName": "ListSpaces", "awsRegion": "us-west-2", "sourceIPAddress": "205.251.233.176", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36", "requestParameters": null, "responseElements": null, "requestID": "95be587b-c04f-4eb0-9269-12fee33ae2e3", "eventID": "9777da32-545f-44c4-af0b-1d9109b8cbc3", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management" }
下列範例顯示示範ResolveCase動作的 CloudTrail 記錄項目。您可以使用此記錄項目中的sourceIdentity元素來識別解決案例的使用者。
{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "AROAQM47QIR76DQZ7N5WX:create-support-case-Uk1iHNTWQEOLmR2BR1FDJQ", "arn": "arn:aws:sts::123456789012:assumed-role/AWSRepostSpaceRole/create-support-case-Uk1iHNTWQEOLmR2BR1FDJQ", "accountId": "123456789012", "accessKeyId": "EXAMPLE_KEY_ID", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AROAQM47QIR76DQZ7N5WX", "arn": "arn:aws:iam::123456789012:role/AWSRepostSpaceRole", "accountId": "123456789012", "userName": "AWSRepostSpaceRole" }, "attributes": { "creationDate": "2023-11-17T21:46:42Z", "mfaAuthenticated": "false" }, "sourceIdentity": "28e17330-10f1-705d-7cba-3a62a6b10e2e" } }, "eventTime": "2023-11-17T21:46:44Z", "eventSource": "support.amazonaws.com", "eventName": "ResolveCase", "awsRegion": "us-west-2", "sourceIPAddress": "54.68.27.29", "userAgent": "aws-sdk-nodejs/2.1363.0 linux/v16.20.2 exec-env/AWS_ECS_FARGATE promise", "requestParameters": { "caseId": "case-123456789012-muen-2023-75d2c35481b96357" }, "responseElements": { "initialCaseStatus": "unassigned", "finalCaseStatus": "resolved" }, "requestID": "594b91c6-df1c-47e4-a834-d67d67f34b9d", "eventID": "7fc9cbe4-c8d5-4d61-a016-e076de272fff", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111111111111", "eventCategory": "Management", "tlsDetails": { "clientProvidedHostHeader": "support.us-west-2.amazonaws.com" } }
