Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
CloudTrail exemples de fichiers journaux pour les compartiments de répertoires
Un fichier CloudTrail journal contient des informations sur l'opération d'API demandée, la date et l'heure de l'opération, les paramètres de la demande, etc. Cette rubrique contient des exemples d'événements de CloudTrail données et d'événements de gestion pour les compartiments d'annuaire.
CloudTrail exemples de fichiers journaux d'événements de données pour les compartiments de répertoires
L'exemple suivant montre un exemple de fichier CloudTrail journal qui illustre CreateSession.
{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName", "arn": "arn:aws:sts::111122223333assumed-role/RoleToBeAssumed/MySessionName", "accountId": "111122223333", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AROAIDPPEZS35WEXAMPLE", "arn": "arn:aws:iam::111122223333:role/RoleToBeAssumed", "accountId": "111122223333", "userName":"RoleToBeAssumed}, "attributes": { "creationDate": "2024-07-02T00:21:16Z", "mfaAuthenticated": "false" } } }, "eventTime": "2024-07-02T00:22:11Z", "eventSource": "s3express.amazonaws.com", "eventName": "CreateSession", "awsRegion": "us-west-2", "sourceIPAddress": "72.21.198.68", "userAgent": "aws-sdk-java/2.20.160-SNAPSHOT Linux/5.10.216-225.855.amzn2.x86_64 OpenJDK_64-Bit_Server_VM/11.0.23+9-LTS Java/11.0.23 vendor/Amazon.com_Inc. md/internal exec-env/AWS_Lambda_java11 io/sync http/Apache cfg/retry-mode/standard", "requestParameters": { "bucketName":"bucket-base-name--usw2-az1--x-s3". "host":"bucket-base-name--usw2-az1--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com", "x-amz-create-session-mode": "ReadWrite" }, "responseElements": { "credentials": { "accessKeyId": "AKIAI44QH8DHBEXAMPLE" "expiration": ""Mar 20, 2024, 11:16:09 PM", "sessionToken": "<session token string>" }, }, "additionalEventData": { "SignatureVersion": "SigV4", "cipherSuite": "TLS_AES_128_GCM_SHA256", "bytesTransferredIn": 0, "AuthenticationMethod": "AuthHeader", "xAmzId2": "q6xhNJYmhg", "bytesTransferredOut": 1815, "availabilityZone": "usw2-az1" }, "requestID": "28d2faaf-3319-4649-998d-EXAMPLE72818", "eventID": "694d604a-d190-4470-8dd1-EXAMPLEe20c1", "readOnly": true, "resources": [ { "type": "AWS::S3Express::Object", "ARNPrefix": "arn:aws:s3express:us-west-2:111122223333:bucket-base-name--usw2-az1--x-s3" }, { "accountId": "111122223333" "type": "AWS::S3Express::DirectoryBucket", "ARN": "arn:aws:s3express:us-west-2:111122223333:bucket-base-name--usw2-az1--x-s3" } ], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "111122223333", "eventCategory": "Data", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "bucket-base-name--usw2-az1--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com" } }
Pour utiliser les opérations d’API de point de terminaison zonal (opérations de niveau objet ou plan de données), optez pour l’opération d’API CreateSession pour créer et gérer des sessions optimisées afin d’autoriser les demandes de données à faible latence. Vous pouvez également utiliser CreateSession pour réduire le volume de journalisation. Pour identifier les opérations d’API zonales effectuées au cours d’une session, vous pouvez faire correspondre l’accessKeyId sous responseElements dans votre fichier journal CreateSession à l’accessKeyId dans le fichier journal des autres opérations d’API zonales. Pour plus d’informations, consultez Autorisation CreateSession.
L'exemple suivant montre un exemple de fichier CloudTrail journal qui illustre l'opération d'GetObjectAPI authentifiée parCreateSession.
{ "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName", "arn": "arn:aws:sts::111122223333assumed-role/RoleToBeAssumed/MySessionName", "accountId": "111122223333", "accessKeyId": "AKIAI44QH8DHBEXAMPLE", "sessionContext": { "attributes": { "creationDate": "2024-07-02T00:21:49Z" } } }, "eventTime": "2024-07-02T00:22:01Z", "eventSource": "s3express.amazonaws.com", "eventName": "GetObject", "awsRegion": "us-west-2", "sourceIPAddress": "72.21.198.68", "userAgent": "aws-sdk-java/2.25.66 Linux/5.10.216-225.855.amzn2.x86_64 OpenJDK_64-Bit_Server_VM/17.0.11+9-LTS Java/17.0.11 vendor/Amazon.com_Inc. md/internal exec-env/AWS_Lambda_java17 io/sync http/Apache cfg/retry-mode/legacy", "requestParameters": { "bucketName":"bucket-base-name--usw2-az1--x-s3", "x-amz-checksum-mode": "ENABLED", "Host":"bucket-base-name--usw2-az1--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com", "key": "test-get-obj-with-checksum" }, "responseElements": null, "additionalEventData": { "SignatureVersion": "Sigv4", "CipherSuite": "TLS_AES_128_GCM_SHA256", "bytesTransferredIn": 0, "AuthenticationMethod": "AuthHeader", "x-amz-id-2": "oOy6w8K7LFsyFN", "bytesTransferredOut": 9, "availabilityZone": "usw2-az1", "sessionModeApplied": "ReadWrite" }, "requestID": "28d2faaf-3319-4649-998d-EXAMPLE72818", "eventID": "694d604a-d190-4470-8dd1-EXAMPLEe20c1", "readOnly": true, "resources": [ { "type": "AWS::S3Express::Object", "ARNPrefix": "arn:aws:s3express:us-west-2:111122223333:bucket-base-name--usw2-az1--x-s3" }, { "accountId": "111122223333", "type": "AWS::S3Express::DirectoryBucket", "ARN": "arn:aws:s3express:us-west-2:111122223333:bucket-base-name--usw2-az1--x-s3" } ], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "111122223333", "eventCategory": "Data", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "bucket-base-name--usw2-az1--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com" } }
Dans l'exemple de fichier GetObject journal ci-dessus, le accessKeyId (AKIAI44QH8DHBEXAMPLE) correspond responseElements à l'accessKeyIdexemple de fichier CreateSession journal ci-dessous. La correspondance de l’accessKeyId indique la session au cours de laquelle l’opération GetObject a été effectuée.
L'exemple suivant montre une entrée de CloudTrail journal qui illustre une DeleteObjects action sur un compartiment de répertoire, invoqué par S3 Lifecycle. Pour de plus amples informations, veuillez consulter Working with
S3 Lifecycle for directory buckets.
eventVersion:"1.09", userIdentity:{ type:"AWSService", invokedBy:"lifecycle.s3.amazonaws.com" }, eventTime:"2024-09-11T00:55:54Z", eventSource:"s3express.amazonaws.com", eventName:"DeleteObjects", awsRegion:"us-east-2", sourceIPAddress:"lifecycle.s3.amazonaws.com", userAgent:"gamma.lifecycle.s3.amazonaws.com", requestParameters:{ bucketName:"amzn-s3-demo-bucket--use2-az2--x-s3", 'x-amz-expected-bucket-owner':"637423581905", Host:"amzn-s3-demo-bucket--use2-az2--x-s3.gamma.use2-az2.express.s3.aws.dev", delete:"", 'x-amz-sdk-checksum-algorithm':"CRC32C" }, responseElements:null, additionalEventData:{ SignatureVersion:"Sigv4", CipherSuite:"TLS_AES_128_GCM_SHA256", bytesTransferredIn:41903, AuthenticationMethod:"AuthHeader", 'x-amz-id-2':"9H5YWZY0", bytesTransferredOut:35316, availabilityZone:"use2-az2", sessionModeApplied:"ReadWrite" }, requestID:"011eeadd04000191", eventID:"d3d8b116-219d-4ee6-a072-5f9950733c74", readOnly:false, resources:[ { type:"AWS::S3Express::Object", ARNPrefix:"arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3/" }, { accountId:"637423581905", type:"AWS::S3Express::DirectoryBucket", ARN:"arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3" } ], eventType:"AwsApiCall", managementEvent:false, recipientAccountId:"637423581905", sharedEventID:"59f877ac-1dd9-415d-b315-9bb8133289ce", eventCategory:"Data" }
L'exemple suivant montre une entrée de CloudTrail journal qui illustre une Access Denied demande concernant une CreateSession action invoquée par S3 Lifecycle. Pour de plus amples informations, veuillez consulter CreateSession.
{ "eventVersion": "1.09", "userIdentity": { "type": "AWSService", "invokedBy": "gamma.lifecycle.s3.amazonaws.com" }, "eventTime": "2024-09-11T18:13:08Z", "eventSource": "s3express.amazonaws.com", "eventName": "CreateSession", "awsRegion": "us-east-2", "sourceIPAddress": "gamma.lifecycle.s3.amazonaws.com", "userAgent": "gamma.lifecycle.s3.amazonaws.com", "errorCode": "AccessDenied", "errorMessage": "Access Denied", "requestParameters": { "bucketName": "amzn-s3-demo-bucket--use2-az2--x-s3", "Host": "amzn-s3-demo-bucket--use2-az2--x-s3.gamma.use2-az2.express.s3.aws.dev", "x-amz-create-session-mode": "ReadWrite", "x-amz-server-side-encryption": "AES256" }, "responseElements": null, "additionalEventData": { "SignatureVersion": "Sigv4", "CipherSuite": "TLS_AES_128_GCM_SHA256", "bytesTransferredIn": 0, "AuthenticationMethod": "AuthHeader", "x-amz-id-2": "zuDDC1VNbC4LoNwUIc5", "bytesTransferredOut": 210, "availabilityZone": "use2-az2" }, "requestID": "010932f174000191e24a0", "eventID": "dce7cc46-4cd3-46c0-9a47-d1b8b70e301c", "readOnly": true, "resources": [{ "type": "AWS::S3Express::Object", "ARNPrefix": "arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3/" }, { "accountId": "637423581905", "type": "AWS::S3Express::DirectoryBucket", "ARN": "arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3" } ], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "637423581905", "sharedEventID": "da96b5bd-6066-4a8d-ad8d-f7f427ca7d58", "eventCategory": "Data" }
