本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 目錄儲存貯體的 CloudTrail 日誌檔案範例
CloudTrail 日誌檔案包含請求的 API 操作、操作的日期和時間、請求參數等相關資訊。本主題提供目錄儲存貯體的 CloudTrail 資料事件和管理事件範例。
**Topics**
+ [目錄儲存貯體的 CloudTrail 資料事件日誌檔案範例](#example-ct-log-s3express)
## 目錄儲存貯體的 CloudTrail 資料事件日誌檔案範例
下列範例顯示 CloudTrail 日誌檔案,其中示範了 [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html)。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName",
"arn": "arn:aws:sts::111122223333assumed-role/RoleToBeAssumed/MySessionName",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROAIDPPEZS35WEXAMPLE",
"arn": "arn:aws:iam::111122223333:role/RoleToBeAssumed",
"accountId": "111122223333",
"userName":"RoleToBeAssumed
},
"attributes": {
"creationDate": "2024-07-02T00:21:16Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-07-02T00:22:11Z",
"eventSource": "s3express.amazonaws.com",
"eventName": "CreateSession",
"awsRegion": "us-west-2",
"sourceIPAddress": "72.21.198.68",
"userAgent": "aws-sdk-java/2.20.160-SNAPSHOT Linux/5.10.216-225.855.amzn2.x86_64 OpenJDK_64-Bit_Server_VM/11.0.23+9-LTS Java/11.0.23 vendor/Amazon.com_Inc. md/internal exec-env/AWS_Lambda_java11 io/sync http/Apache cfg/retry-mode/standard",
"requestParameters": {
"bucketName": "bucket-base-name--usw2-az1--x-s3".
"host": "bucket-base-name--usw2-az1--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com",
"x-amz-create-session-mode": "ReadWrite"
},
"responseElements": {
"credentials": {
"accessKeyId": "AKIAI44QH8DHBEXAMPLE"
"expiration": ""Mar 20, 2024, 11:16:09 PM",
"sessionToken": ""
},
},
"additionalEventData": {
"SignatureVersion": "SigV4",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"bytesTransferredIn": 0,
"AuthenticationMethod": "AuthHeader",
"xAmzId2": "q6xhNJYmhg",
"bytesTransferredOut": 1815,
"availabilityZone": "usw2-az1"
},
"requestID": "28d2faaf-3319-4649-998d-EXAMPLE72818",
"eventID": "694d604a-d190-4470-8dd1-EXAMPLEe20c1",
"readOnly": true,
"resources": [
{
"type": "AWS::S3Express::Object",
"ARNPrefix": "arn:aws:s3express:us-west-2:111122223333:bucket-base-name--usw2-az1--x-s3"
},
{
"accountId": "111122223333"
"type": "AWS::S3Express::DirectoryBucket",
"ARN": "arn:aws:s3express:us-west-2:111122223333:bucket-base-name--usw2-az1--x-s3"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "111122223333",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bucket-base-name--usw2-az1--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com"
}
}
```
若要使用區域端點 API 操作 (物件層級或資料平面操作),您可以使用 `CreateSession` API 操作來建立和管理工作階段,這些工作階段經過最佳化,可提供低延遲的資料請求授權。您也可以使用 `CreateSession` 來減少記錄量。若要確定在工作階段期間執行了哪些區域 API 操作,您可以將 `CreateSession` 日誌檔案中 `responseElements` 下的 `accessKeyId` 與其他區域 API 操作日誌檔案中的 `accessKeyId` 進行比對。如需詳細資訊,請參閱[`CreateSession` 授權](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-create-session.html)。
下列範例顯示 CloudTrail 日誌檔案範例,其中示範了 `CreateSession` 已驗證的 [https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) API 操作。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName",
"arn": "arn:aws:sts::111122223333assumed-role/RoleToBeAssumed/MySessionName",
"accountId": "111122223333",
"accessKeyId": "AKIAI44QH8DHBEXAMPLE",
"sessionContext": {
"attributes": {
"creationDate": "2024-07-02T00:21:49Z"
}
}
},
"eventTime": "2024-07-02T00:22:01Z",
"eventSource": "s3express.amazonaws.com",
"eventName": "GetObject",
"awsRegion": "us-west-2",
"sourceIPAddress": "72.21.198.68",
"userAgent": "aws-sdk-java/2.25.66 Linux/5.10.216-225.855.amzn2.x86_64 OpenJDK_64-Bit_Server_VM/17.0.11+9-LTS Java/17.0.11 vendor/Amazon.com_Inc. md/internal exec-env/AWS_Lambda_java17 io/sync http/Apache cfg/retry-mode/legacy",
"requestParameters": {
"bucketName": "bucket-base-name--usw2-az1--x-s3",
"x-amz-checksum-mode": "ENABLED",
"Host": "bucket-base-name--usw2-az1--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com",
"key": "test-get-obj-with-checksum"
},
"responseElements": null,
"additionalEventData": {
"SignatureVersion": "Sigv4",
"CipherSuite": "TLS_AES_128_GCM_SHA256",
"bytesTransferredIn": 0,
"AuthenticationMethod": "AuthHeader",
"x-amz-id-2": "oOy6w8K7LFsyFN",
"bytesTransferredOut": 9,
"availabilityZone": "usw2-az1",
"sessionModeApplied": "ReadWrite"
},
"requestID": "28d2faaf-3319-4649-998d-EXAMPLE72818",
"eventID": "694d604a-d190-4470-8dd1-EXAMPLEe20c1",
"readOnly": true,
"resources": [
{
"type": "AWS::S3Express::Object",
"ARNPrefix": "arn:aws:s3express:us-west-2:111122223333:bucket-base-name--usw2-az1--x-s3"
},
{
"accountId": "111122223333",
"type": "AWS::S3Express::DirectoryBucket",
"ARN": "arn:aws:s3express:us-west-2:111122223333:bucket-base-name--usw2-az1--x-s3"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "111122223333",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bucket-base-name--usw2-az1--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com"
}
}
```
在上述 `GetObject` 日誌檔案範例中,`accessKeyId` (AKIAI44QH8DHBEXAMPLE) 符合 CreateSession 日誌檔案範例中 `responseElements` 下的 `accessKeyId`。相符的 `accessKeyId` 會指出執行 `GetObject` 操作所在的工作階段。
下列範例顯示 CloudTrail 日誌項目,其中示範了 S3 生命週期在目錄儲存貯體上調用的 `DeleteObjects` 動作。如需詳細資訊,請參閱[https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html)。
```
eventVersion:"1.09",
userIdentity:{
type:"AWSService",
invokedBy:"lifecycle.s3.amazonaws.com"
},
eventTime:"2024-09-11T00:55:54Z",
eventSource:"s3express.amazonaws.com",
eventName:"DeleteObjects",
awsRegion:"us-east-2",
sourceIPAddress:"lifecycle.s3.amazonaws.com",
userAgent:"gamma.lifecycle.s3.amazonaws.com",
requestParameters:{
bucketName:"amzn-s3-demo-bucket--use2-az2--x-s3",
'x-amz-expected-bucket-owner':"637423581905",
Host:"amzn-s3-demo-bucket--use2-az2--x-s3.gamma.use2-az2.express.s3.aws.dev",
delete:"",
'x-amz-sdk-checksum-algorithm':"CRC32C"
},
responseElements:null,
additionalEventData:{
SignatureVersion:"Sigv4",
CipherSuite:"TLS_AES_128_GCM_SHA256",
bytesTransferredIn:41903,
AuthenticationMethod:"AuthHeader",
'x-amz-id-2':"9H5YWZY0",
bytesTransferredOut:35316,
availabilityZone:"use2-az2",
sessionModeApplied:"ReadWrite"
},
requestID:"011eeadd04000191",
eventID:"d3d8b116-219d-4ee6-a072-5f9950733c74",
readOnly:false,
resources:[
{
type:"AWS::S3Express::Object",
ARNPrefix:"arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3/"
},
{
accountId:"637423581905",
type:"AWS::S3Express::DirectoryBucket",
ARN:"arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3"
}
],
eventType:"AwsApiCall",
managementEvent:false,
recipientAccountId:"637423581905",
sharedEventID:"59f877ac-1dd9-415d-b315-9bb8133289ce",
eventCategory:"Data"
}
```
下列範例顯示 CloudTrail 日誌項目,其中示範了對 S3 生命週期所調用 `CreateSession` 動作的 `Access Denied` 請求。如需詳細資訊,請參閱[https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html)。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AWSService",
"invokedBy": "gamma.lifecycle.s3.amazonaws.com"
},
"eventTime": "2024-09-11T18:13:08Z",
"eventSource": "s3express.amazonaws.com",
"eventName": "CreateSession",
"awsRegion": "us-east-2",
"sourceIPAddress": "gamma.lifecycle.s3.amazonaws.com",
"userAgent": "gamma.lifecycle.s3.amazonaws.com",
"errorCode": "AccessDenied",
"errorMessage": "Access Denied",
"requestParameters": {
"bucketName": "amzn-s3-demo-bucket--use2-az2--x-s3",
"Host": "amzn-s3-demo-bucket--use2-az2--x-s3.gamma.use2-az2.express.s3.aws.dev",
"x-amz-create-session-mode": "ReadWrite",
"x-amz-server-side-encryption": "AES256"
},
"responseElements": null,
"additionalEventData": {
"SignatureVersion": "Sigv4",
"CipherSuite": "TLS_AES_128_GCM_SHA256",
"bytesTransferredIn": 0,
"AuthenticationMethod": "AuthHeader",
"x-amz-id-2": "zuDDC1VNbC4LoNwUIc5",
"bytesTransferredOut": 210,
"availabilityZone": "use2-az2"
},
"requestID": "010932f174000191e24a0",
"eventID": "dce7cc46-4cd3-46c0-9a47-d1b8b70e301c",
"readOnly": true,
"resources": [{
"type": "AWS::S3Express::Object",
"ARNPrefix": "arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3/"
},
{
"accountId": "637423581905",
"type": "AWS::S3Express::DirectoryBucket",
"ARN": "arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "637423581905",
"sharedEventID": "da96b5bd-6066-4a8d-ad8d-f7f427ca7d58",
"eventCategory": "Data"
}
```