Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris. # Memantau kunci enkripsi Amazon Chime SDK Voice Connectors mengirim permintaan ke AWS KMS, dan Anda dapat melacak permintaan tersebut di dalam atau log. CloudTrail CloudWatch ------ #### [ CreateGrant ] Saat Anda menggunakan kunci yang dikelola pelanggan untuk membuat sumber daya domain profil suara, Konektor Suara terkait akan mengirimkan `CreateGrant` permintaan atas nama Anda untuk mengakses kunci KMS di AWS akun Anda. Hibah yang dibuat oleh Konektor Suara khusus untuk sumber daya yang terkait dengan kunci yang dikelola pelanggan. Konektor Suara juga menggunakan `RetireGrant` operasi untuk menghapus hibah saat Anda menghapus sumber daya. Contoh berikut mencatat `CreateGrant` operasi. ``` { "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "{{AROAIGDTESTANDEXAMPLE}}:{{Sampleuser01}}", "arn": "arn:aws:sts::{{111122223333}}:assumed-role/Admin/{{Sampleuser01}}", "accountId": "{{111122223333}}", "accessKeyId": "{{AKIAIOSFODNN7EXAMPLE3}}", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "{{AROAIGDTESTANDEXAMPLE}}:{{Sampleuser01}}", "arn": "arn:aws:sts::{{111122223333}}:assumed-role/Admin/{{Sampleuser01}}", "accountId": "{{111122223333}}", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "{{2021-04-22T17:02:00Z}}" } }, "invokedBy": "AWS Internal" }, "eventTime": "{{2021-04-22T17:07:02Z}}", "eventSource": "kms.amazonaws.com", "eventName": "CreateGrant", "awsRegion": "us-west-2", "sourceIPAddress": "172.12.34.56", "userAgent": "{{ExampleDesktop}}/1.0 (V1; OS)", "requestParameters": { "constraints": { "encryptionContextSubset": { "aws:chime:voice-profile-domain:arn": "arn:aws:chime:us-west-2:{{111122223333}}:voice-profile-domain/sample-domain-id" } }, "retiringPrincipal": "chimevoiceconnector.region.amazonaws.com", "operations": [ "GenerateDataKey", "Decrypt", "DescribeKey", "RetireGrant" ], "keyId": "arn:aws:kms:us-west-2:{{111122223333}}:key/1234abcd-12ab-34cd-56ef-123456SAMPLE", "granteePrincipal": "chimevoiceconnector.region.amazonaws.com", "retiringPrincipal": "chimevoiceconnector.region.amazonaws.com" }, "responseElements": { "grantId": "0ab0ac0d0b000f00ea00cc0a0e00fc00bce000c000f0000000c0bc0a0000aaafSAMPLE" }, "requestID": "{{ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE}}", "eventID": "{{ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE}}", "readOnly": false, "resources": [ { "accountId": "{{111122223333}}", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:{{111122223333}}:key/1234abcd-12ab-34cd-56ef-123456SAMPLE" } ], "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "{{111122223333}}" } ``` ------ #### [ GenerateDataKey ] Saat Anda membuat domain profil suara dan menetapkan kunci terkelola pelanggan ke domain, Konektor Suara terkait akan membuat kunci data unik untuk mengenkripsi audio pendaftaran setiap pembicara. Konektor Suara mengirimkan `GenerateDataKey` permintaan ke AWS KMS yang menentukan kunci untuk sumber daya. Contoh berikut mencatat `GenerateDataKey` operasi. ``` { "eventVersion": "1.08", "userIdentity": { "type": "AWSService", "invokedBy": "AWS Internal" }, "eventTime": "{{2021-04-22T17:07:02Z}}", "eventSource": "kms.amazonaws.com", "eventName": "GenerateDataKey", "awsRegion": "us-west-2", "sourceIPAddress": "172.12.34.56", "userAgent": "{{ExampleDesktop}}/1.0 (V1; OS)", "requestParameters": { "encryptionContext": { "aws:chime:voice-profile-domain:arn": "arn:aws:chime:us-west-2:{{111122223333}}:{{voice-profile-domain}}/{{sample-domain-id}}" }, "keySpec": "AES_256", "keyId": "arn:aws:kms:us-west-2:{{111122223333}}:key/{{1234abcd-12ab-34cd-56ef-123456SAMPLE}}" }, "responseElements": null, "requestID": "{{ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE}}", "eventID": "{{ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE}}", "readOnly": true, "resources": [ { "accountId": "{{111122223333}}", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:{{111122223333}}:key/{{1234abcd-12ab-34cd-56ef-123456SAMPLE}}" } ], "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "{{111122223333}}", "sharedEventID": "{{57f5dbee-16da-413e-979f-2c4c6663475e}}" } ``` ------ #### [ Dekripsi ] Ketika profil suara dalam domain profil suara perlu memiliki cetakan suaranya ditingkatkan karena model pengenalan suara yang lebih baru, Konektor Suara terkait akan memanggil `Decrypt` operasi untuk menggunakan kunci data terenkripsi yang disimpan untuk mengakses data terenkripsi. Contoh berikut mencatat `Decrypt` operasi. ``` { "eventVersion": "1.08", "userIdentity": { "type": "AWSService", "invokedBy": "AWS Internal" }, "eventTime": "{{2021-10-12T23:59:34Z}}", "eventSource": "kms.amazonaws.com", "eventName": "Decrypt", "awsRegion": "us-west-2", "sourceIPAddress": "172.12.34.56", "userAgent": "{{ExampleDesktop}}/1.0 (V1; OS)", "requestParameters": { "encryptionContext": { "keyId": "arn:aws:kms:us-west-2:{{111122223333}}:key/44444444-3333-2222-1111-EXAMPLE11111", "encryptionContext": { "aws:chime:voice-profile-domain:arn": "arn:aws:chime:us-west-2:{{111122223333}}:{{voice-profile-domain}}/{{sample-domain-id}}" }, "encryptionAlgorithm": "SYMMETRIC_DEFAULT" }, "responseElements": null, "requestID": "ed0fe4ab-305b-4388-8adf-7e8e3a4e80fe", "eventID": "31d0d7c6-ce5b-4caf-901f-025bf71241f6", "readOnly": true, "resources": [{ "accountId": "{{111122223333}}", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:{{111122223333}}:key/{{00000000-1111-2222-3333-9999999999999}}" }], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "{{111122223333}}", "sharedEventID": "{{35d58aa1-26b2-427a-908f-025bf71241f6}}", "eventCategory": "Management" } ``` ------ #### [ DescribeKey ] Konektor Suara menggunakan `DescribeKey` operasi untuk memverifikasi bahwa kunci yang terkait dengan domain profil suara ada di akun dan Wilayah. Contoh berikut mencatat `DescribeKey` operasi. ``` { "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "{{AROAIGDTESTANDEXAMPLE}}:{{Sampleuser01}}", "arn": "arn:aws:sts::{{111122223333}}:assumed-role/Admin/{{Sampleuser01}}", "accountId": "{{111122223333}}", "accessKeyId": "{{AKIAIOSFODNN7EXAMPLE3}}", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "{{AROAIGDTESTANDEXAMPLE}}:{{Sampleuser01}}", "arn": "arn:aws:sts::{{111122223333}}:assumed-role/Admin/{{Sampleuser01}}", "accountId": "{{111122223333}}", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "mfaAuthenticated": "false", "creationDate": "{{2021-04-22T17:02:00Z}}" } }, "invokedBy": "AWS Internal" }, "eventTime": "{{2021-04-22T17:07:02Z}}", "eventSource": "kms.amazonaws.com", "eventName": "DescribeKey", "awsRegion": "us-west-2", "sourceIPAddress": "172.12.34.56", "userAgent": "{{ExampleDesktop}}/1.0 (V1; OS)", "requestParameters": { "keyId": "{{00dd0db0-0000-0000-ac00-b0c000SAMPLE}}" }, "responseElements": null, "requestID": "{{ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE}}", "eventID": "{{ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE}}", "readOnly": true, "resources": [ { "accountId": "{{111122223333}}", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:{{111122223333}}:key/{{1234abcd-12ab-34cd-56ef-123456SAMPLE}}" } ], "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "{{111122223333}}" } ``` ------