Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
# Menggunakan CloudTrail dengan AWS Certificate Manager
AWS Certificate Manager terintegrasi dengan AWS CloudTrail, layanan yang menyediakan catatan tindakan yang diambil oleh pengguna, peran, atau AWS layanan di ACM. CloudTrail diaktifkan secara default di AWS akun Anda. CloudTrail menangkap panggilan API untuk ACM sebagai peristiwa, termasuk panggilan dari konsol ACM dan panggilan kode ke operasi ACM API. Jika mengonfigurasi *jejak*, Anda dapat mengaktifkan pengiriman CloudTrail peristiwa secara terus menerus ke bucket Amazon S3, termasuk peristiwa untuk ACM. Jika Anda tidak mengonfigurasi jejak, Anda masih dapat melihat peristiwa terbaru di CloudTrail konsol dalam **Riwayat acara**.
Dengan menggunakan informasi yang dikumpulkan oleh CloudTrail, Anda dapat menentukan permintaan yang dibuat ke ACM, alamat IP dari mana permintaan dibuat, siapa yang membuat permintaan, kapan dibuat, dan detail tambahan. Untuk informasi selengkapnya, lihat [Melihat Acara dengan Riwayat CloudTrail Acara](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html). Ketika aktivitas acara yang didukung terjadi di ACM, aktivitas tersebut direkam dalam suatu CloudTrail peristiwa bersama dengan peristiwa AWS layanan lainnya dalam **riwayat Acara**. Anda dapat melihat, mencari, dan mengunduh peristiwa terbaru di akun AWS .
Selain itu, Anda dapat mengonfigurasi AWS layanan lain untuk menganalisis lebih lanjut dan menindaklanjuti data peristiwa yang dikumpulkan dalam CloudTrail log.
Untuk informasi lebih lanjut tentang CloudTrail, lihat dokumentasi berikut:
+ [AWS CloudTrail Panduan Pengguna](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
+ [Gambaran Umum untuk Membuat Jejak](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail Layanan dan Integrasi yang Didukung](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations)
+ [Mengonfigurasi Notifikasi Amazon SNS untuk CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_notifications_top_level.html)
+ [Menerima File CloudTrail Log dari Beberapa Wilayah](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html) dan [Menerima File CloudTrail Log dari Beberapa Akun](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)
**Topics**
+ [Tindakan ACM API didukung dalam CloudTrail pencatatan](acm-supported-actions-in-cloudtrail.md)
+ [Logging API panggilan untuk layanan terintegrasi](ct-related.md)
# Tindakan ACM API didukung dalam CloudTrail pencatatan
ACM mendukung pencatatan tindakan berikut sebagai peristiwa dalam file CloudTrail log:
Setiap entri peristiwa atau log berisi informasi tentang entitas yang membuat permintaan tersebut. Informasi identitas membantu Anda menentukan hal berikut ini:
+ Apakah permintaan dibuat dengan Pengguna root akun AWS atau AWS Identity and Access Management (IAM) kredensyal pengguna.
+ Apakah permintaan tersebut dibuat dengan kredensial keamanan sementara untuk satu peran atau pengguna gabungan.
+ Apakah permintaan itu dibuat oleh AWS layanan lain
Untuk informasi lain, lihat [Elemen userIdentity CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html).
Bagian berikut menyediakan contoh log untuk operasi API yang didukung.
+ [Menambahkan tag ke sertifikat ([AddTagsToCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_AddTagsToCertificate.html))](#ct-acm-addtags)
+ [Menghapus sertifikat () [DeleteCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DeleteCertificate.html)](#ct-acm-delete)
+ [Menjelaskan sertifikat () [DescribeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html)](#ct-acm-describe)
+ [Mengekspor sertifikat () [ExportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ExportCertificate.html)](#ct-acm-export)
+ [Impor sertifikat ([ImportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ImportCertificate.html))](#ct-acm-import)
+ [Sertifikat daftar ([ListCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html))](#ct-acm-list)
+ [Listing tag untuk sertifikat ([ListTagsForCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListTagsForCertificate.html))](#ct-acm-listtags)
+ [Menghapus tag dari sertifikat ([RemoveTagsFromCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RemoveTagsFromCertificate.html))](#ct-acm-removetag)
+ [Meminta sertifikat () [RequestCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html)](#ct-acm-request)
+ [Mengirim ulang email validasi () [ResendValidationEmail](https://docs.aws.amazon.com/acm/latest/APIReference/API_ResendValidationEmail.html)](#ct-acm-resendmail)
+ [Mengambil sertifikat () [GetCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_GetCertificate.html)](#ct-acm-get)
## Menambahkan tag ke sertifikat ([AddTagsToCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_AddTagsToCertificate.html))
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [AddTagsToCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_AddTagsToCertificate.html)API.
```
{
"Records":[
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Alice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-04-06T13:53:53Z",
"eventSource":"acm.amazonaws.com",
"eventName":"AddTagsToCertificate",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0",
"userAgent":"aws-cli/1.10.16",
"requestParameters":{
"tags":[
{
"value":"Alice",
"key":"Admin"
}
],
"certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/fedcba98-7654-3210-fedc-ba9876543210"
},
"responseElements":null,
"requestID":"fedcba98-7654-3210-fedc-ba9876543210",
"eventID":"fedcba98-7654-3210-fedc-ba9876543210",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
]
}
```
## Menghapus sertifikat () [DeleteCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DeleteCertificate.html)
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [DeleteCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DeleteCertificate.html)API.
```
{
"Records":[
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Alice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-03-18T00:00:26Z",
"eventSource":"acm.amazonaws.com",
"eventName":"DeleteCertificate",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0",
"userAgent":"aws-cli/1.9.15",
"requestParameters":{
"certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/fedcba98-7654-3210-fedc-ba9876543210"
},
"responseElements":null,
"requestID":"01234567-89ab-cdef-0123-456789abcdef",
"eventID":"01234567-89ab-cdef-0123-456789abcdef",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
]
}
```
## Menjelaskan sertifikat () [DescribeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html)
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [DescribeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html)API.
**catatan**
CloudTrail Log untuk `DescribeCertificate` operasi tidak menampilkan informasi tentang sertifikat ACM yang Anda tentukan. Anda dapat melihat informasi tentang sertifikat menggunakan konsol, file AWS Command Line Interface, atau [DescribeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html)API.
```
{
"Records":[
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Alice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-03-18T00:00:42Z",
"eventSource":"acm.amazonaws.com",
"eventName":"DescribeCertificate",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0",
"userAgent":"aws-cli/1.9.15",
"requestParameters":{
"certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/fedcba98-7654-3210-fedc-ba9876543210"
},
"responseElements":null,
"requestID":"fedcba98-7654-3210-fedc-ba9876543210",
"eventID":"fedcba98-7654-3210-fedc-ba9876543210",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
]
}
```
## Mengekspor sertifikat () [ExportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ExportCertificate.html)
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [ExportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ExportCertificate.html)API.
```
{
"Records":[
{
"version":"0",
"id":"01234567-89ab-cdef-0123-456789abcdef",
"detail-type":"AWS API Call via CloudTrail",
"source":"aws.acm",
"account":"123456789012",
"time":"2018-05-24T15:28:11Z",
"region":"us-east-1",
"resources":[
],
"detail":{
"eventVersion":"1.04",
"userIdentity":{
"type":"Root",
"principalId":"123456789012",
"arn":"arn:aws:iam::123456789012:user/Alice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2018-05-24T15:28:11Z",
"eventSource":"acm.amazonaws.com",
"eventName":"ExportCertificate",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0",
"userAgent":"aws-cli/1.15.4 Python/2.7.9 Windows/8 botocore/1.10.4",
"requestParameters":{
"certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
"passphrase": "HIDDEN_DUE_TO_SECURITY_REASONS"
},
"responseElements":{
"certificateChain":
"-----BEGIN CERTIFICATE-----
base64 certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
base64 certificate
-----END CERTIFICATE-----",
"privateKey":"**********",
"certificate":
"-----BEGIN CERTIFICATE-----
base64 certificate
-----END CERTIFICATE-----",
"privateKey": "HIDDEN_DUE_TO_SECURITY_REASONS"
},
"requestID":"01234567-89ab-cdef-0123-456789abcdef",
"eventID":"fedcba98-7654-3210-fedc-ba9876543210",
"readOnly": false,
"eventType":"AwsApiCall"
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "acm.us-east-1.amazonaws.com"
},
"sessionCredentialFromConsole": "true"
}
```
## Impor sertifikat ([ImportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ImportCertificate.html))
Contoh berikut menunjukkan entri CloudTrail log yang merekam panggilan ke operasi ACM [ImportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ImportCertificate.html)API.
```
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::111122223333:user/Alice",
"accountId":"111122223333",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-10-04T16:01:30Z",
"eventSource":"acm.amazonaws.com",
"eventName":"ImportCertificate",
"awsRegion":"ap-southeast-2",
"sourceIPAddress":"54.240.193.129",
"userAgent":"Coral/Netty",
"requestParameters":{
"privateKey":{
"hb":[
"byte",
"byte",
"byte",
"..."
],
"offset":0,
"isReadOnly":false,
"bigEndian":true,
"nativeByteOrder":false,
"mark":-1,
"position":0,
"limit":1674,
"capacity":1674,
"address":0
},
"certificateChain":{
"hb":[
"byte",
"byte",
"byte",
"..."
],
"offset":0,
"isReadOnly":false,
"bigEndian":true,
"nativeByteOrder":false,
"mark":-1,
"position":0,
"limit":2105,
"capacity":2105,
"address":0
},
"certificate":{
"hb":[
"byte",
"byte",
"byte",
"..."
],
"offset":0,
"isReadOnly":false,
"bigEndian":true,
"nativeByteOrder":false,
"mark":-1,
"position":0,
"limit":2503,
"capacity":2503,
"address":0
}
},
"responseElements":{
"certificateArn":"arn:aws:acm:ap-southeast-2:111122223333:certificate/01234567-89ab-cdef-0123-456789abcdef"
},
"requestID":"01234567-89ab-cdef-0123-456789abcdef",
"eventID":"01234567-89ab-cdef-0123-456789abcdef",
"eventType":"AwsApiCall",
"recipientAccountId":"111122223333"
}
```
## Sertifikat daftar ([ListCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html))
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [ListCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html)API.
**catatan**
CloudTrail Log untuk `ListCertificates` operasi tidak menampilkan sertifikat ACM Anda. Anda dapat melihat daftar sertifikat menggunakan konsol, file AWS Command Line Interface, atau [ListCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html)API.
```
{
"Records":[
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Alice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-03-18T00:00:43Z",
"eventSource":"acm.amazonaws.com",
"eventName":"ListCertificates",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0",
"userAgent":"aws-cli/1.9.15",
"requestParameters":{
"maxItems":1000,
"certificateStatuses":[
"ISSUED"
]
},
"responseElements":null,
"requestID":"74c99844-ec9c-11e5-ac34-d1e4dfe1a11b",
"eventID":"cdfe1051-88aa-4aa3-8c33-a325270bff21",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
]
}
```
## Listing tag untuk sertifikat ([ListTagsForCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListTagsForCertificate.html))
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [ListTagsForCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListTagsForCertificate.html)API.
**catatan**
CloudTrail Log untuk `ListTagsForCertificate` operasi tidak menampilkan tag Anda. Anda dapat melihat daftar tag dengan menggunakan konsol, the AWS Command Line Interface, atau [ListTagsForCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListTagsForCertificate.html)API.
```
{
"Records":[
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Alice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-04-06T13:30:11Z",
"eventSource":"acm.amazonaws.com",
"eventName":"ListTagsForCertificate",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0",
"userAgent":"aws-cli/1.10.16",
"requestParameters":{
"certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
},
"responseElements":null,
"requestID":"b010767f-fbfb-11e5-b596-79e9a97a2544",
"eventID":"32181be6-a4a0-48d3-8014-c0d972b5163b",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
]
}
```
## Menghapus tag dari sertifikat ([RemoveTagsFromCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RemoveTagsFromCertificate.html))
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [RemoveTagsFromCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RemoveTagsFromCertificate.html)API.
```
{
"Records":[
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Alice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-04-06T14:10:01Z",
"eventSource":"acm.amazonaws.com",
"eventName":"RemoveTagsFromCertificate",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0",
"userAgent":"aws-cli/1.10.16",
"requestParameters":{
"certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
"tags":[
{
"value":"Bob",
"key":"Admin"
}
]
},
"responseElements":null,
"requestID":"40ded461-fc01-11e5-a747-85804766d6c9",
"eventID":"0cfa142e-ef74-4b21-9515-47197780c424",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
]
}
```
## Meminta sertifikat () [RequestCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html)
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [RequestCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html)API.
```
{
"Records":[
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Alice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-03-18T00:00:49Z",
"eventSource":"acm.amazonaws.com",
"eventName":"RequestCertificate",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0",
"userAgent":"aws-cli/1.9.15",
"requestParameters":{
"domainName":"example.com",
"validationMethod": "DNS",
"idempotencyToken":"8186023d89681c3ad5",
"options": {
"export": "ENABLED"
},
"keyAlgorithm": "RSA_2048"
},
"responseElements":{
"certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
},
"requestID":"77dacef3-ec9c-11e5-ac34-d1e4dfe1a11b",
"eventID":"a4954cdb-8f38-44c7-8927-a38ad4be3ac8",
"eventType":"AwsApiCall",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "acm.us-east-1.amazonaws.com"
},
"recipientAccountId":"123456789012"
}
]
}
```
## Mencabut sertifikat () [RevokeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RevokeCertificate.html)
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [RevokeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RevokeCertificate.html)API.
```
{
"eventVersion": "1.11",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AIDACKCEVSQ6C2EXAMPLE:Role-Session-Name",
"arn": arn:aws:sts::111122223333:assumed-role/Role-Name/Role-Session-Name",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AIDACKCEVSQ6C2EXAMPLE",
"arn": "arn:aws:iam::123456789012:role/Admin",
"accountId": "123456789012",
"userName": "Admin"
},
"attributes": {
"creationDate": "2016-01-01T19:35:52Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime":"2016-01-01T21:11:45Z",
"eventSource": "acm.amazonaws.com",
"eventName": "RevokeCertificate",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0",
"requestParameters": {
"certificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
"revocationReason": "UNSPECIFIED"
},
"responseElements": {
"certificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
},
"requestID": "01234567-89ab-cdef-0123-456789abcdef",
"eventID": "01234567-89ab-cdef-0123-456789abcdef",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "acm.us-east-1.amazonaws.com"
},
"sessionCredentialFromConsole": "true"
}
```
## Mengirim ulang email validasi () [ResendValidationEmail](https://docs.aws.amazon.com/acm/latest/APIReference/API_ResendValidationEmail.html)
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [ResendValidationEmail](https://docs.aws.amazon.com/acm/latest/APIReference/API_ResendValidationEmail.html)API.
```
{
"Records":[
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Alice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-03-17T23:58:25Z",
"eventSource":"acm.amazonaws.com",
"eventName":"ResendValidationEmail",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0",
"userAgent":"aws-cli/1.9.15",
"requestParameters":{
"domain":"example.com",
"certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
"validationDomain":"example.com"
},
"responseElements":null,
"requestID":"23760b88-ec9c-11e5-b6f4-cb861a6f0a28",
"eventID":"41c11b06-ca91-4c1c-8c61-af349ea8bab8",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
]
}
```
## Mengambil sertifikat () [GetCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_GetCertificate.html)
CloudTrail Contoh berikut menunjukkan hasil panggilan ke [GetCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_GetCertificate.html)API.
```
{
"Records":[
{
"eventVersion":"1.04",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Alice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-03-18T00:00:41Z",
"eventSource":"acm.amazonaws.com",
"eventName":"GetCertificate",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0",
"userAgent":"aws-cli/1.9.15",
"requestParameters":{
"certificateArn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
},
"responseElements":{
"certificateChain":
"-----BEGIN CERTIFICATE-----
Base64-encoded certificate chain
-----END CERTIFICATE-----",
"certificate":
"-----BEGIN CERTIFICATE-----
Base64-encoded certificate
-----END CERTIFICATE-----"
},
"requestID":"744dd891-ec9c-11e5-ac34-d1e4dfe1a11b",
"eventID":"7aa4f909-00dd-478a-9a00-b2709bcad2bb",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
]
}
```
# Logging API panggilan untuk layanan terintegrasi
Anda dapat menggunakan CloudTrail untuk mengaudit panggilan API yang dibuat oleh layanan yang terintegrasi dengan ACM. Untuk informasi selengkapnya tentang penggunaan CloudTrail, lihat [Panduan AWS CloudTrail Pengguna](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html). Contoh berikut menunjukkan jenis log yang dapat dihasilkan tergantung pada AWS sumber daya tempat Anda memberikan sertifikat ACM.
**Topics**
+ [Membuat penyeimbang beban](#ct-related-lb)
## Membuat penyeimbang beban
Anda dapat menggunakan CloudTrail untuk mengaudit panggilan API yang dibuat oleh layanan yang terintegrasi dengan ACM. Untuk informasi selengkapnya tentang penggunaan CloudTrail, lihat [Panduan AWS CloudTrail Pengguna](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html). Contoh berikut menunjukkan jenis log yang dapat dihasilkan tergantung pada AWS sumber daya tempat Anda memberikan sertifikat ACM.
**Topics**
+ [Membuat Load Balancer](#ct-related-lb)
+ [Mendaftarkan Instans Amazon EC2 dengan Load Balancer](#ct-related-ec2)
+ [Mengenkripsi Kunci Pribadi](#ct-related-encrypt)
+ [Mendekripsi Kunci Pribadi](#ct-related-decrypt)
### Membuat Load Balancer
Contoh berikut menunjukkan panggilan ke `CreateLoadBalancer` fungsi oleh pengguna IAM bernama Alice. Nama penyeimbang beban adalah`TestLinuxDefault`, dan pendengar dibuat menggunakan sertifikat ACM.
```
{
"eventVersion":"1.03",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::111122223333:user/Alice",
"accountId":"111122223333",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice"
},
"eventTime":"2016-01-01T21:10:36Z",
"eventSource":"elasticloadbalancing.amazonaws.com",
"eventName":"CreateLoadBalancer",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0/24",
"userAgent":"aws-cli/1.9.15",
"requestParameters":{
"availabilityZones":[
"us-east-1b"
],
"loadBalancerName":"LinuxTest",
"listeners":[
{
"sSLCertificateId":"arn:aws:acm:us-east-1:111122223333:certificate/12345678-1234-1234-1234-123456789012",
"protocol":"HTTPS",
"loadBalancerPort":443,
"instanceProtocol":"HTTP",
"instancePort":80
}
]
},
"responseElements":{
"dNSName":"LinuxTest-1234567890.us-east-1.elb.amazonaws.com"
},
"requestID":"19669c3b-b0cc-11e5-85b2-57397210a2e5",
"eventID":"5d6c00c9-a9b8-46ef-9f3b-4589f5be63f7",
"eventType":"AwsApiCall",
"recipientAccountId":"111122223333"
}
```
### Mendaftarkan Instans Amazon EC2 dengan Load Balancer
Saat Anda menyediakan situs web atau aplikasi di instans Amazon Elastic Compute Cloud (Amazon EC2), penyeimbang beban harus mengetahui instans tersebut. Hal ini dapat dicapai melalui konsol Elastic Load Balancing atau. AWS Command Line Interface Contoh berikut menunjukkan panggilan `RegisterInstancesWithLoadBalancer` untuk penyeimbang beban bernama LinuxTest pada AWS akun 123456789012.
```
{
"eventVersion":"1.03",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/ALice",
"accountId":"123456789012",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"Alice",
"sessionContext":{
"attributes":{
"mfaAuthenticated":"false",
"creationDate":"2016-01-01T19:35:52Z"
}
},
"invokedBy":"signin.amazonaws.com"
},
"eventTime":"2016-01-01T21:11:45Z",
"eventSource":"elasticloadbalancing.amazonaws.com",
"eventName":"RegisterInstancesWithLoadBalancer",
"awsRegion":"us-east-1",
"sourceIPAddress":"192.0.2.0/24",
"userAgent":"signin.amazonaws.com",
"requestParameters":{
"loadBalancerName":"LinuxTest",
"instances":[
{
"instanceId":"i-c67f4e78"
}
]
},
"responseElements":{
"instances":[
{
"instanceId":"i-c67f4e78"
}
]
},
"requestID":"438b07dc-b0cc-11e5-8afb-cda7ba020551",
"eventID":"9f284ca6-cbe5-42a1-8251-4f0e6b5739d6",
"eventType":"AwsApiCall",
"recipientAccountId":"123456789012"
}
```
### Mengenkripsi Kunci Pribadi
Contoh berikut menunjukkan `Encrypt` panggilan yang mengenkripsi kunci pribadi yang terkait dengan sertifikat ACM. Enkripsi dilakukan di dalam AWS.
```
{
"Records":[
{
"eventVersion":"1.03",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::111122223333:user/acm",
"accountId":"111122223333",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"userName":"acm"
},
"eventTime":"2016-01-05T18:36:29Z",
"eventSource":"kms.amazonaws.com",
"eventName":"Encrypt",
"awsRegion":"us-east-1",
"sourceIPAddress":"AWS Internal",
"userAgent":"aws-internal",
"requestParameters":{
"keyId":"arn:aws:kms:us-east-1:123456789012:alias/aws/acm",
"encryptionContext":{
"aws:acm:arn":"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
}
},
"responseElements":null,
"requestID":"3c417351-b3db-11e5-9a24-7d9457362fcc",
"eventID":"1794fe70-796a-45f5-811b-6584948f24ac",
"readOnly":true,
"resources":[
{
"ARN":"arn:aws:kms:us-east-1:123456789012:key/87654321-4321-4321-4321-210987654321",
"accountId":"123456789012"
}
],
"eventType":"AwsServiceEvent",
"recipientAccountId":"123456789012"
}
]
}
```
### Mendekripsi Kunci Pribadi
Contoh berikut menunjukkan `Decrypt` panggilan yang mendekripsi kunci pribadi yang terkait dengan sertifikat ACM. Dekripsi dilakukan di dalam AWS, dan kunci yang didekripsi tidak pernah pergi. AWS
```
{
"eventVersion":"1.03",
"userIdentity":{
"type":"AssumedRole",
"principalId":"AIDACKCEVSQ6C2EXAMPLE:1aba0dc8b3a728d6998c234a99178eff",
"arn":"arn:aws:sts::111122223333:assumed-role/DecryptACMCertificate/1aba0dc8b3a728d6998c234a99178eff",
"accountId":"111122223333",
"accessKeyId":"AKIAIOSFODNN7EXAMPLE",
"sessionContext":{
"attributes":{
"mfaAuthenticated":"false",
"creationDate":"2016-01-01T21:13:28Z"
},
"sessionIssuer":{
"type":"Role",
"principalId":"APKAEIBAERJR2EXAMPLE",
"arn":"arn:aws:iam::111122223333:role/DecryptACMCertificate",
"accountId":"111122223333",
"userName":"DecryptACMCertificate"
}
}
},
"eventTime":"2016-01-01T21:13:28Z",
"eventSource":"kms.amazonaws.com",
"eventName":"Decrypt",
"awsRegion":"us-east-1",
"sourceIPAddress":"AWS Internal",
"userAgent":"aws-internal/3",
"requestParameters":{
"encryptionContext":{
"aws:elasticloadbalancing:arn":"arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/LinuxTest",
"aws:acm:arn":"arn:aws:acm:us-east-1:123456789012:certificate/87654321-4321-4321-4321-210987654321"
}
},
"responseElements":null,
"requestID":"809a70ff-b0cc-11e5-8f42-c7fdf1cb6e6a",
"eventID":"7f89f7a7-baff-4802-8a88-851488607fb9",
"readOnly":true,
"resources":[
{
"ARN":"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012",
"accountId":"123456789012"
}
],
"eventType":"AwsServiceEvent",
"recipientAccountId":"123456789012"
}
```