# 使用 AWS CloudTrail 记录容量块 API 调用
容量块与 AWS CloudTrail 集成,后者是一种服务,提供用户、角色或 AWS 服务在容量块中采取的操作的记录。CloudTrail 将容量块的 API 调用作为事件捕获。捕获的调用包含来自容量块控制台的调用以及对容量块 API 操作的代码调用。如果您创建跟踪,则可以将 CloudTrail 事件持续交付到 Amazon S3 存储桶,包括容量块事件。如果您不配置跟踪,则仍可在 CloudTrail 控制台中的**事件历史记录**中查看最新事件。使用 CloudTrail 收集的信息,您可以确定向容量块发出的请求、发出请求的 IP 地址、请求方、请求时间以及其他详细信息。
要了解有关 CloudTrail 的更多信息,请参阅[《AWS CloudTrail 用户指南》](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html)。
## CloudTrail 中的容量块信息
在您创建 AWS 账户 时,将在该账户上启用 CloudTrail。当容量块中发生活动时,该活动将记录在 CloudTrail 事件中,并与其他 AWS 服务事件一同记录在**事件历史记录**中。您可以在 AWS 账户 中查看、搜索和下载最新事件。有关更多信息,请参阅[使用 CloudTrail 事件历史记录查看事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html)。
要持续记录 AWS 账户 中的事件(包括容量块事件),请创建跟踪。通过*跟踪*,CloudTrail 可将日志文件传送至 Amazon S3 存储桶。默认情况下,在控制台中创建跟踪记录时,此跟踪记录应用于所有 AWS 区域。此跟踪记录在 AWS 分区中记录所有区域中的事件,并将日志文件传送至您指定的 Amazon S3 存储桶。此外,您可以配置其他 AWS 服务,进一步分析在 CloudTrail 日志中收集的事件数据并采取行动。有关更多信息,请参阅下列内容:
+ [创建跟踪记录概述](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail 支持的服务和集成](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html)
+ [为 CloudTrail 配置 Amazon SNS 通知](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/configure-sns-notifications-for-cloudtrail.html)
+ [从多个区域接收 CloudTrail 日志文件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html)和[从多个账户接收 CloudTrail 日志文件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)
CloudTrail 会记录所有容量块操作,并记录在 Amazon EC2 API 参考中。例如,对 `CapacityBlockScheduled` 和 `CapacityBlockActive` 操作的调用会在 CloudTrail 日志文件中生成条目。
每个事件或日志条目都包含有关生成请求的人员信息。身份信息可帮助您确定以下内容:
+ 请求是使用根用户凭证还是 AWS Identity and Access Management(IAM)用户凭证发出的。
+ 请求是使用角色还是联合用户的临时安全凭证发出的。
+ 请求是否由其他 AWS 服务发出。
有关更多信息,请参阅 [CloudTrail userIdentity 元素](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。
## 了解容量块日志文件条目
跟踪记录是一种配置,可用于将事件作为日志文件传送到您指定的 Simple Storage Service(Amazon S3)存储桶。CloudTrail 日志文件包含一个或多个记录条目。一个事件表示来自任何源的一个请求,包括有关所请求的操作、操作的日期和时间、请求参数等方面的信息。CloudTrail 日志文件不是公有 API 调用的有序堆栈跟踪,因此它们不会按任何特定顺序显示。
以下示例显示了 CloudTrail 日志条目:
+ [TerminateCapacityBlocksInstances](#understanding-capacity-blocks-entries-terminatecapacityblockinstances)
+ [CapacityBlockPaymentFailed](#understanding-capacity-blocks-entries-capacityblockpaymentfailed)
+ [CapacityBlockScheduled](#understanding-capacity-blocks-entries-capacityblockscheduled)
+ [CapacityBlockActive](#understanding-capacity-blocks-entries-capacityblockactive)
+ [CapacityBlockFailed](#understanding-capacity-blocks-entries-capacityblockfailed)
+ [CapacityBlockExpired](#understanding-capacity-blocks-entries-capacityblockexpired)
**注意**
为了保护数据隐私,已从示例中删除了一些字段。
### TerminateCapacityBlocksInstances
```
{
"eventVersion": "1.05",
"userIdentity": {
"accountId": "123456789012",
"invokedBy": "AWS Internal;"
},
"eventTime": "2023-10-02T00:06:08Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "TerminateCapacityBlockInstances",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.25",
"userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60",
"requestParameters": null,
"responseElements": null,
"eventID": "a1b2c3d4-EXAMPLE",
"readOnly": false,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::EC2::Instance",
"ARN": "arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0"
}
{
"accountId": "123456789012",
"type": "AWS::EC2::Instance",
"ARN": "arn:aws:ec2:us-east-1:123456789012:instance/i-0598c7d356eba48d7"
}
],
"eventType": "AwsServiceEvent",
"recipientAccountId": "123456789012",
"serviceEventDetails": {
"capacityReservationId": "cr-12345678",
}
}
```
### CapacityBlockPaymentFailed
```
{
"eventVersion": "1.05",
"userIdentity": {
"accountId": "123456789012",
"invokedBy": "AWS Internal;"
},
"eventTime": "2023-10-02T00:06:08Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "CapacityBlockPaymentFailed",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.25",
"userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60",
"requestParameters": null,
"responseElements": null,
"eventID": "a1b2c3d4-EXAMPLE",
"readOnly": false,
"resources": [
{
"ARN": "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-12345678",
"accountId": "123456789012",
"type": "AWS::EC2::CapacityReservation"
}
],
"eventType": "AwsServiceEvent",
"recipientAccountId": "123456789012",
"serviceEventDetails": {
"capacityReservationId": "cr-12345678",
"capacityReservationState": "payment-failed"
}
}
```
### CapacityBlockScheduled
```
{
"eventVersion": "1.05",
"userIdentity": {
"accountId": "123456789012",
"invokedBy": "AWS Internal;"
},
"eventTime": "2023-10-02T00:06:08Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "CapacityBlockScheduled",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.25",
"userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60",
"requestParameters": null,
"responseElements": null,
"eventID": "a1b2c3d4-EXAMPLE",
"readOnly": false,
"resources": [
{
"ARN": "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-12345678",
"accountId": "123456789012",
"type": "AWS::EC2::CapacityReservation"
}
],
"eventType": "AwsServiceEvent",
"recipientAccountId": "123456789012",
"serviceEventDetails": {
"capacityReservationId": "cr-12345678",
"capacityReservationState": "scheduled"
}
}
```
### CapacityBlockActive
```
{
"eventVersion": "1.05",
"userIdentity": {
"accountId": "123456789012",
"invokedBy": "AWS Internal;"
},
"eventTime": "2023-10-02T00:06:08Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "CapacityBlockActive",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.25",
"userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60",
"requestParameters": null,
"responseElements": null,
"eventID": "a1b2c3d4-EXAMPLE",
"readOnly": false,
"resources": [
{
"ARN": "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-12345678",
"accountId": "123456789012",
"type": "AWS::EC2::CapacityReservation"
}
],
"eventType": "AwsServiceEvent",
"recipientAccountId": "123456789012",
"serviceEventDetails": {
"capacityReservationId": "cr-12345678",
"capacityReservationState": "active"
}
}
```
### CapacityBlockFailed
```
{
"eventVersion": "1.05",
"userIdentity": {
"accountId": "123456789012",
"invokedBy": "AWS Internal;"
},
"eventTime": "2023-10-02T00:06:08Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "CapacityBlockFailed",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.25",
"userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60",
"requestParameters": null,
"responseElements": null,
"eventID": "a1b2c3d4-EXAMPLE",
"readOnly": false,
"resources": [
{
"ARN": "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-12345678",
"accountId": "123456789012",
"type": "AWS::EC2::CapacityReservation"
}
],
"eventType": "AwsServiceEvent",
"recipientAccountId": "123456789012",
"serviceEventDetails": {
"capacityReservationId": "cr-12345678",
"capacityReservationState": "failed"
}
}
```
### CapacityBlockExpired
```
{
"eventVersion": "1.05",
"userIdentity": {
"accountId": "123456789012",
"invokedBy": "AWS Internal;"
},
"eventTime": "2023-10-02T00:06:08Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "CapacityBlockExpired",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.25",
"userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60",
"requestParameters": null,
"responseElements": null,
"eventID": "a1b2c3d4-EXAMPLE",
"readOnly": false,
"resources": [
{
"ARN": "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-12345678",
"accountId": "123456789012",
"type": "AWS::EC2::CapacityReservation"
}
],
"eventType": "AwsServiceEvent",
"recipientAccountId": "123456789012",
"serviceEventDetails": {
"capacityReservationId": "cr-12345678",
"capacityReservationState": "expired"
}
}
```