了解AWS智能卡使用者的登入事件 - Amazon WorkSpaces

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

了解AWS智能卡使用者的登入事件

AWS CloudTrail記錄智能卡用户的成功和失敗的登錄事件。這包括每次提示用户解決特定憑據挑戰或因素時捕獲的登錄事件,以及該特定憑據驗證請求的狀態。用户僅在完成所有必需的憑據質詢後才登錄,這會導致UserAuthentication事件正在記錄。

下表捕獲了每個登錄 CloudTrail 事件名稱及其用途。

事件名稱 活動目的

CredentialChallenge

通知AWS登錄請求用户解決特定的憑據問題,並指定CredentialType(例如,智能卡)。

CredentialVerification

通知用户試圖解決特定CredentialChallenge請求,並指定該憑據是成功還是失敗。

UserAuthentication

通知用户受到質疑的所有身份驗證要求均已成功完成,並且用户已成功登錄。當用户無法成功完成所需的憑據質詢時,沒有UserAuthentication事件被記錄。

下表捕獲了特定登錄 CloudTrail 事件中包含的其他有用的事件數據字段。

事件名稱 活動目的 登入事件的適用性 範例值

AuthWorkflowID

關聯整個登錄序列中發出的所有事件。對於每個用户登錄,多個事件可以通過AWS登入。

CredentialChallenge, CredentialVerification, UserAuthentication

「身份驗證書」:「九七八二-四月一號」

CredentialType

通知用户試圖解決特定CredentialChallenge請求,並指定該憑據是成功還是失敗。

CredentialChallenge, CredentialVerification, UserAuthentication

憑據類型」: 「智能卡」(今天可能的值:智能卡)

LoginTo

通知用户受到質疑的所有身份驗證要求均已成功完成,並且用户已成功登錄。當用户無法成功完成所需的憑據質詢時,沒有UserAuthentication事件被記錄。

UserAuthentication

「登錄」: "https://skylight.local」

範例事件AWS登錄方案

下列範例顯示不同登入方案的 CloudTrail 事件的預期序列。

使用智能卡進行身份驗證時成功登錄

以下事件序列捕獲智能卡登錄成功的示例。

憑證質詢
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:29Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialChallenge", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "CredentialType": "SMARTCARD" }, "requestID": "65551a6d-654a-4be8-90b5-bbfef7187d3a", "eventID": "fb603838-f119-4304-9fdc-c0f947a82116", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialChallenge": "Success" } }
成功憑證驗證
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:39Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialVerification", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "CredentialType": "SMARTCARD" }, "requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5", "eventID": "84c0a2ff-413f-4d0f-9108-f72c90a41b6c", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialVerification": "Success" } }
成功使用者身份
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:39Z", "eventSource": "signin.amazonaws.com", "eventName": "UserAuthentication", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "LoginTo": "https://skylight.local", "CredentialType": "SMARTCARD" }, "requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5", "eventID": "acc0dba8-8e8b-414b-a52d-6b7cd51d38f6", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { UserAuthentication": "Success" } }

僅使用智能卡進行身份驗證時登錄失敗

以下事件序列捕獲智能卡登錄失敗的示例。

憑證質詢
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:06Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialChallenge", "awaRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb", "CredentialType": "SMARTCARD" }, "requestID": "73eb499d-91a8-4c18-9c5d-281fd45ab50a", "eventID": "f30a50ec-71cf-415a-a5ab-e287edc800da", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialChallenge": "Success" } }
憑證驗證失敗
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:13Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialVerification", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb", "CredentialType": "SMARTCARD" }, "requestID": "051ca316-0b0d-4d38-940b-5fe5794fda03", "eventID": "4e6fbfc7-0479-48da-b7dc-e875155a8177", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialVerification": "Failure" } }