本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 了解智能卡用户的 AWS 登录事件
AWS CloudTrail 记录智能卡用户的成功和失败登录事件。这包括每次提示用户解决特定凭证问题或因素时捕获的登录事件,以及该特定凭证验证请求的状态。用户只有在完成所有必需的凭证质疑后才能登录,这会导致系统记录 `UserAuthentication` 事件日志。
下表记录了每个登录 CloudTrail 事件的名称及其用途。
| 事件名称 | 活动目的 |
| --- | --- |
| `CredentialChallenge` | 通知 AWS 登录已请求用户解决特定的凭据质疑,并指定所需的凭证(例如 SMARTCARD)。`CredentialType` |
| `CredentialVerification` | 通知用户已尝试解决特定 `CredentialChallenge` 请求,并指定该凭证是成功还是失败。 |
| `UserAuthentication` | 通知用户受到质疑的所有身份验证要求均已成功完成,并且用户已成功登录。当用户未能成功完成所需的凭证质疑时,不会记录 `UserAuthentication` 事件日志。 |
下表捕获了特定登录事件中包含的其他有用 CloudTrail 事件数据字段。
| 事件名称 | 活动目的 | 登录事件的适用性 | 示例值 |
| --- | --- | --- | --- |
| `AuthWorkflowID` | 关联整个登录序列中发出的所有事件。对于每位用户登录, AWS 登录可发出多个事件。 | `CredentialChallenge`, `CredentialVerification`, `UserAuthentication` | “AuthWorkflowID”:“9de74b32-8362-4a01-a524-de21df59fd83” |
| `CredentialType` | 通知用户已尝试解决特定 `CredentialChallenge` 请求,并指定该凭证是成功还是失败。 | `CredentialChallenge`, `CredentialVerification`, `UserAuthentication` | CredentialType“: “智能卡”(今天可能的值:智能卡) |
| `LoginTo` | 通知用户受到质疑的所有身份验证要求均已成功完成,并且用户已成功登录。当用户未能成功完成所需的凭证质疑时,不会记录 `UserAuthentication` 事件日志。 | `UserAuthentication` | LoginTo“:” https://skylight.local” |
## AWS 登录场景的示例事件
以下示例显示了不同登录场景的预期 CloudTrail 事件顺序。
**Topics**
+ [使用智能卡进行身份验证时成功登录](#successful-signin)
+ [仅使用智能卡进行身份验证时登录失败](#failed-signin)
### 使用智能卡进行身份验证时成功登录
以下事件序列捕获了成功登录智能卡的示例。
**CredentialChallenge**
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "509318101470",
"arn": "",
"accountId": "509318101470",
"accessKeyId": ""
},
"eventTime": "2021-07-30T17:23:29Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CredentialChallenge",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e",
"CredentialType": "SMARTCARD"
},
"requestID": "65551a6d-654a-4be8-90b5-bbfef7187d3a",
"eventID": "fb603838-f119-4304-9fdc-c0f947a82116",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"eventCategory": "Management",
"recipientAccountId": "509318101470",
"serviceEventDetails": {
CredentialChallenge": "Success"
}
}
```
**成功 CredentialVerification**
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "509318101470",
"arn": "",
"accountId": "509318101470",
"accessKeyId": ""
},
"eventTime": "2021-07-30T17:23:39Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CredentialVerification",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e",
"CredentialType": "SMARTCARD"
},
"requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5",
"eventID": "84c0a2ff-413f-4d0f-9108-f72c90a41b6c",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"eventCategory": "Management",
"recipientAccountId": "509318101470",
"serviceEventDetails": {
CredentialVerification": "Success"
}
}
```
**成功 UserAuthentication**
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "509318101470",
"arn": "",
"accountId": "509318101470",
"accessKeyId": ""
},
"eventTime": "2021-07-30T17:23:39Z",
"eventSource": "signin.amazonaws.com",
"eventName": "UserAuthentication",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e",
"LoginTo": "https://skylight.local",
"CredentialType": "SMARTCARD"
},
"requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5",
"eventID": "acc0dba8-8e8b-414b-a52d-6b7cd51d38f6",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"eventCategory": "Management",
"recipientAccountId": "509318101470",
"serviceEventDetails": {
UserAuthentication": "Success"
}
}
```
### 仅使用智能卡进行身份验证时登录失败
以下事件序列捕获了登录智能卡失败的示例。
**CredentialChallenge**
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "509318101470",
"arn": "",
"accountId": "509318101470",
"accessKeyId": ""
},
"eventTime": "2021-07-30T17:23:06Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CredentialChallenge",
"awaRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb",
"CredentialType": "SMARTCARD"
},
"requestID": "73eb499d-91a8-4c18-9c5d-281fd45ab50a",
"eventID": "f30a50ec-71cf-415a-a5ab-e287edc800da",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"eventCategory": "Management",
"recipientAccountId": "509318101470",
"serviceEventDetails": {
CredentialChallenge": "Success"
}
}
```
**已失败 CredentialVerification**
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "509318101470",
"arn": "",
"accountId": "509318101470",
"accessKeyId": ""
},
"eventTime": "2021-07-30T17:23:13Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CredentialVerification",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb",
"CredentialType": "SMARTCARD"
},
"requestID": "051ca316-0b0d-4d38-940b-5fe5794fda03",
"eventID": "4e6fbfc7-0479-48da-b7dc-e875155a8177",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"eventCategory": "Management",
"recipientAccountId": "509318101470",
"serviceEventDetails": {
CredentialVerification": "Failure"
}
}
```