监控 Amazon EBS 快照锁定 - Amazon EBS
使用 CloudTrail 监控使用 EventBridge 监控

监控 Amazon EBS 快照锁定

您可以使用以下工具监控与 Amazon EBS 快照锁定相关的操作:

使用 AWS CloudTrail 监控 Amazon EBS 快照锁定

您可以将快照锁定的 API 调用作为事件监控,包括来自控制台的调用和对 API 的代码调用。使用 CloudTrail 收集的信息,您可以确定发出的请求、发出请求的 IP 地址、何人发出的请求、请求的发出时间以及其他详细信息。

有关更多信息,请参阅使用 AWS CloudTrail 记录 API 调用

使用 Amazon EventBridge 监控 Amazon EBS 快照锁定

Amazon EBS 发出与快照锁定操作相关的事件。您可以使用 AWS Lambda 和 Amazon EventBridge 以编程方式处理事件通知。尽最大努力发出事件。有关更多信息,请参阅 Amazon EventBridge 用户指南

系统将发出以下事件:

  • 成功在监管或合规模式下锁定快照。

    {
  "version": "0", 
  "id": "01234567-01234-0123-0123-012345678901", 
  "detail-type": "EBS Snapshot Notification", 
  "source": "aws.ec2", 
  "account": "012345678901", 
  "time": "yyyy-mm-ddThh:mm:ssZ", 
  "region": "us-east-1", 
  "resources": [
    "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef" 
  ], 
  "detail": {
    "event": "lockSnapshot", 
    "result": "succeeded", 
    "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef", 
    "source": 012345678901, 
    "lockState": "compliance-cooloff", 
    "lockCreatedOn": "yyyy-mm-ddThh:mm:ssZ", 
    "lockExpiresOn": "yyyy-mm-ddThh:mm:ssZ",
    "lockDuration": 123, 
    "lockStartDurationTime": "yyyy-mm-ddThh:mm:ssZ", 
    "cooOffPeriod": 24, 
    "coolOffPeriodExpiresOn": "yyyy-mm-ddThh:mm:ssZ"
  } 
}

  • 当快照处于 pending 状态且被锁定时,锁定事件失败,而且快照无法达到 completed 状态。

    {
  "version": "0", 
  "id": "01234567-01234-0123-0123-012345678901", 
  "detail-type": "EBS Snapshot Notification", 
  "source": "aws.ec2", 
  "account": "012345678901", 
  "time": "yyyy-mm-ddThh:mm:ssZ", 
  "region": "us-east-1", 
  "resources": [
    "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef"
  ], 
  "detail": {
    "event": "lockSnapshot", 
    "result": "failed", 
    "cause": "snapshot failed", 
    "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef", 
    "lockState": "pending-compliance", 
    "lockCreatedOn": "yyyy-mm-ddThh:mm:ssZ",
    "lockDuration": 123, 
    "lockStartDurationTime": "yyyy-mm-ddThh:mm:ssZ", 
    "cooOffPeriod": 24, 
    "coolOffPeriodExpiresOn": "yyyy-mm-ddThh:mm:ssZ" 
  }
}

  • 锁定已过期

    {
  "version": "0", 
  "id": "01234567-01234-0123-0123-012345678901", 
  "detail-type": "EBS Snapshot Notification", 
  "source": "aws.ec2", 
  "account": "012345678901", 
  "time": "yyyy-mm-ddThh:mm:ssZ", 
  "region": "us-east-1", 
  "resources": [
    "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef"
  ], 
  "detail": {
    "event": "lockDurationExpiry", 
    "result": "succeeded", 
    "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef", 
    "lockState": "expired", 
    "lockCreatedOn": "yyyy-mm-ddThh:mm:ssZ", 
    "lockExpiresOn": "yyyy-mm-ddThh:mm:ssZ", 
    "lockDuration": 123
  }
}

  • 在合规模式下锁定之后,冷静期已过期。

    {
  "version": "0", 
  "id": "01234567-01234-0123-0123-012345678901", 
  "detail-type": "EBS Snapshot Notification", 
  "source": "aws.ec2", 
  "account": "012345678901", 
  "time": "yyyy-mm-ddThh:mm:ssZ", 
  "region": "us-east-1", 
  "resources": [ 
    "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef" 
  ], 
  "detail": {
    "event": "cooloffperiodExpiry", 
    "result": "succeeded", 
    "snapshot_id": "arn:aws:ec2::us-west-2:snapshot/snap-01234567890abcdef", 
    "lockState": "compliance", 
    "lockCreatedOn": "yyyy-mm-ddThh:mm:ssZ", 
    "lockExpiresOn": "yyyy-mm-ddThh:mm:ssZ",
    "lockDuration": 123, 
    "lockStartDurationTime": "yyyy-mm-ddThh:mm:ssZ", 
    "cooOffPeriod": 24, 
    "coolOffPeriodExpiresOn": "yyyy-mm-ddThh:mm:ssZ"
  }
}