本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
了解AWS智能卡使用者的登入事件
AWS CloudTrail記錄智能卡用户的成功和失敗的登錄事件。這包括每次提示用户解決特定憑據挑戰或因素時捕獲的登錄事件,以及該特定憑據驗證請求的狀態。用户僅在完成所有必需的憑據質詢後才登錄,這會導致UserAuthentication事件正在記錄。
下表捕獲了每個登錄 CloudTrail 事件名稱及其用途。
| 事件名稱 | 活動目的 |
|---|---|
|
通知AWS登錄請求用户解決特定的憑據問題,並指定 |
|
通知用户試圖解決特定 |
|
通知用户受到質疑的所有身份驗證要求均已成功完成,並且用户已成功登錄。當用户無法成功完成所需的憑據質詢時,沒有 |
下表捕獲了特定登錄 CloudTrail 事件中包含的其他有用的事件數據字段。
| 事件名稱 | 活動目的 | 登入事件的適用性 | 範例值 |
|---|---|---|---|
|
關聯整個登錄序列中發出的所有事件。對於每個用户登錄,多個事件可以通過AWS登入。 |
|
「身份驗證書」:「九七八二-四月一號」 |
|
通知用户試圖解決特定 |
|
憑據類型」: 「智能卡」(今天可能的值:智能卡) |
|
通知用户受到質疑的所有身份驗證要求均已成功完成,並且用户已成功登錄。當用户無法成功完成所需的憑據質詢時,沒有 |
|
「登錄」: "https://skylight.local」 |
範例事件AWS登錄方案
下列範例顯示不同登入方案的 CloudTrail 事件的預期序列。
使用智能卡進行身份驗證時成功登錄
以下事件序列捕獲智能卡登錄成功的示例。
- 憑證質詢
-
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:29Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialChallenge", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "CredentialType": "SMARTCARD" }, "requestID": "65551a6d-654a-4be8-90b5-bbfef7187d3a", "eventID": "fb603838-f119-4304-9fdc-c0f947a82116", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialChallenge": "Success" } } - 成功憑證驗證
-
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:39Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialVerification", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "CredentialType": "SMARTCARD" }, "requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5", "eventID": "84c0a2ff-413f-4d0f-9108-f72c90a41b6c", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialVerification": "Success" } } - 成功使用者身份
-
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:39Z", "eventSource": "signin.amazonaws.com", "eventName": "UserAuthentication", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "LoginTo": "https://skylight.local", "CredentialType": "SMARTCARD" }, "requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5", "eventID": "acc0dba8-8e8b-414b-a52d-6b7cd51d38f6", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { UserAuthentication": "Success" } }
僅使用智能卡進行身份驗證時登錄失敗
以下事件序列捕獲智能卡登錄失敗的示例。
- 憑證質詢
-
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:06Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialChallenge", "awaRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb", "CredentialType": "SMARTCARD" }, "requestID": "73eb499d-91a8-4c18-9c5d-281fd45ab50a", "eventID": "f30a50ec-71cf-415a-a5ab-e287edc800da", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialChallenge": "Success" } } - 憑證驗證失敗
-
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:13Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialVerification", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb", "CredentialType": "SMARTCARD" }, "requestID": "051ca316-0b0d-4d38-940b-5fe5794fda03", "eventID": "4e6fbfc7-0479-48da-b7dc-e875155a8177", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialVerification": "Failure" } }
