本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用 AWS CloudTrail 記錄 AWS Global Accelerator API 呼叫
AWS Global Accelerator 整合了 AWS CloudTrail,後者是一項服務,可提供由使用者、角色或 AWS 服務在 Global Accelerator 中所採取之動作的記錄。CloudTrail 會將針對的所有 API 呼叫擷取為事件,包括自全域加速器主控台以及自程式碼呼叫對全域加速器 API 的呼叫。如果您建立線索,就可以將 CloudTrail 事件持續交付至 Amazon S3 儲存貯體,包括全球加速器的事件。如果您不設定追蹤記錄,仍然可以透過 CloudTrail 主控台中的 **Event history (事件歷史記錄)** 檢視最新的事件。
若要進一步了解 CloudTrail,請參閱 [AWS CloudTrail User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/)。
## CloudTrail 中的全球加速器資訊
CloudTrailAWS當您建立帳戶時,系統會在您的帳戶中啟用 。此外,Global Accelerator 發生活動時,系統便會將該活動記錄至 CloudTrail 事件,並將其他 AWS 服務事件記錄到**事件歷史記錄**。您可以檢視、搜尋和下載 AWS 帳戶的最新事件。如需詳細資訊,請參閱[使用 CloudTrail 事件歷程記錄檢視事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html)。
若要持續記錄 AWS 帳戶中的事件 (包括 Global Accelerator 事件),請建立線索。追蹤記錄可讓 CloudTrail 將日誌檔案交付到 Amazon S3 儲存貯體。根據預設,當您在主控台建立追蹤記錄時,追蹤記錄會套用到所有區域。線索會記錄來自 AWS 分割區中所有區域的事件,然後將所有日誌檔案交付至您指定的 Amazon S3 儲存貯體。此外,您可以設定其他 AWS 服務,以進一步分析和處理 CloudTrail 日誌中所收集的事件資料。如需詳細資訊,請參閱下列主題:
+ [建立追蹤的概觀](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail 支援的服務和整合](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations)
+ [設定 CloudTrail 的 Amazon SNS 通知](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_notifications_top_level.html)
+ [接收多個區域的 CloudTrail 日誌檔案](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html)及[接收多個帳戶的 CloudTrail 日誌檔案](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)
CloudTrail 會記錄所有 Global Accelerator 動作,並記錄在[AWS Global Accelerator API 參考](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html)。例如,呼叫至`CreateAccelerator`、`ListAccelerators`和`UpdateAccelerator`操作會在 CloudTrail 日誌檔案中產生項目。
每一筆事件或記錄項目都會包含產生請求者的資訊。身分資訊可協助您判斷下列事項:
+ 該請求是否使用根或 IAM 使用者登入資料提出
+ 提出該請求時,是否使用了特定角色或聯合身分使用者的暫時安全登入資料
+ 該請求是否由另一項 AWS 服務提出
如需詳細資訊,請參閱 [CloudTrail 使用者身分元素](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。
## 了解全域加速器日誌檔案項目
線索是一種組態,能讓事件以日誌檔案的形式交付到您指定的 Amazon S3 儲存貯體。每個 JSON 格式的 CloudTrail 日誌檔案可包含一或多個日誌項目。每個日誌項目代表任何來源提出的單一請求,並且包括了請求的動作、包括任何參數、動作的日期和時間等相關資訊。日誌項目不保證以任何特定順序存在;它們不是 API 呼叫的有序堆疊追蹤。
以下範例顯示的是包含這些全域加速器動作的 CloudTrail 日誌項目:
+ 列出帳戶的加速器:`eventName`是`ListAccelerators`。
+ 建立接聽程式:`eventName`是`CreateListener`。
+ 更新接聽程式:`eventName`是`UpdateListener`。
+ 描述接聽程式:`eventName`是`DescribeListener`。
+ 列出帳戶的監聽程式:`eventName`是`ListListeners`。
+ 刪除接聽程式:`eventName`是`DeleteListener`。
```
{
"Records": [
{
"eventVersion": "1.05",
"userIdentity": {
"type": "IAMUser",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2018-11-17T21:02:36Z"
},
"sessionIssuer": {
"type": "Role",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"userName": "smithj"
}
}
},
"eventTime": "2018-11-17T21:03:14Z",
"eventSource": "globalaccelerator.amazonaws.com",
"eventName": "ListAccelerators",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.50",
"userAgent": "aws-cli/1.16.34 Python/2.7.10 Darwin/16.7.0 botocore/1.12.24",
"requestParameters": null,
"responseElements": null,
"requestID": "083cae81-28ab-4a66-862f-096e1example",
"eventID": "fe8b1c13-8757-4c73-b842-fe2a3example",
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
},
{
"eventVersion": "1.05",
"userIdentity": {
"type": "IAMUser",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2018-11-17T21:02:36Z"
},
"sessionIssuer": {
"type": "Role",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"userName": "smithj"
}
}
},
"eventTime": "2018-11-17T21:04:49Z",
"eventSource": "globalaccelerator.amazonaws.com",
"eventName": "CreateListener",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.50",
"userAgent": "aws-cli/1.16.34 Python/2.7.10 Darwin/16.7.0 botocore/1.12.24",
"requestParameters": {
"acceleratorArn": "arn:aws:globalaccelerator::111122223333:accelerator/0339bfd6-13bc-4d45-a114-5d7fexample",
"portRanges": [
{
"fromPort": 80,
"toPort": 80
}
],
"protocol": "TCP"
},
"responseElements": {
"listener": {
"listenerArn": "arn:aws:globalaccelerator::111122223333:accelerator/0339bfd6-13bc-4d45-a114-5d7fexample/listener/abcde1234",
"portRanges": [
{
"fromPort": 80,
"toPort": 80
}
],
"protocol": "TCP",
"clientAffinity": "NONE"
}
},
"requestID": "6090509a-5a97-4be6-8e6a-7d73example",
"eventID": "9cab44ef-0777-41e6-838f-f249example",
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
},
{
"eventVersion": "1.05",
"userIdentity": {
"type": "IAMUser",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2018-11-17T21:02:36Z"
},
"sessionIssuer": {
"type": "Role",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"userName": "smithj"
}
}
},
"eventTime": "2018-11-17T21:03:52Z",
"eventSource": "globalaccelerator.amazonaws.com",
"eventName": "CreateAccelerator",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.50",
"userAgent": "aws-cli/1.16.34 Python/2.7.10 Darwin/16.7.0 botocore/1.12.24",
"requestParameters": {
"name": "cloudTrailTest"
},
"responseElements": {
"accelerator": {
"acceleratorArn": "arn:aws:globalaccelerator::111122223333:accelerator/0339bfd6-13bc-4d45-a114-5d7fexample",
"name": "cloudTrailTest",
"ipAddressType": "IPV4",
"enabled": true,
"ipSets": [
{
"ipFamily": "IPv4",
"ipAddresses": [
"192.0.2.213",
"192.0.2.200"
]
}
],
"status": "IN_PROGRESS",
"createdTime": "Nov 17, 2018 9:03:52 PM",
"lastModifiedTime": "Nov 17, 2018 9:03:52 PM"
}
},
"requestID": "d2d7f300-2f0b-4bda-aa2d-e67d6e4example",
"eventID": "11f9a762-8c00-4fcc-80f9-848a29example",
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
},
{
"eventVersion": "1.05",
"userIdentity": {
"type": "IAMUser",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2018-11-17T21:02:36Z"
},
"sessionIssuer": {
"type": "Role",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"userName": "smithj"
}
}
},
"eventTime": "2018-11-17T21:05:27Z",
"eventSource": "globalaccelerator.amazonaws.com",
"eventName": "UpdateListener",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.50",
"userAgent": "aws-cli/1.16.34 Python/2.7.10 Darwin/16.7.0 botocore/1.12.24",
"requestParameters": {
"listenerArn": "arn:aws:globalaccelerator::111122223333:accelerator/0339bfd6-13bc-4d45-a114-5d7fexample/listener/abcde1234",
"portRanges": [
{
"fromPort": 80,
"toPort": 80
},
{
"fromPort": 81,
"toPort": 81
}
]
},
"responseElements": {
"listener": {
"listenerArn": "arn:aws:globalaccelerator::111122223333:accelerator/0339bfd6-13bc-4d45-a114-5d7fexample/listener/abcde1234",
"portRanges": [
{
"fromPort": 80,
"toPort": 80
},
{
"fromPort": 81,
"toPort": 81
}
],
"protocol": "TCP",
"clientAffinity": "NONE"
}
},
"requestID": "008ef93c-b3a3-44b4-afb3-768example",
"eventID": "85958f0d-63ff-4a2c-99e3-6ffbexample",
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
},
{
"eventVersion": "1.05",
"userIdentity": {
"type": "IAMUser",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2018-11-17T21:02:36Z"
},
"sessionIssuer": {
"type": "Role",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"userName": "smithj"
}
}
},
"eventTime": "2018-11-17T21:06:05Z",
"eventSource": "globalaccelerator.amazonaws.com",
"eventName": "DescribeListener",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.50",
"userAgent": "aws-cli/1.16.34 Python/2.7.10 Darwin/16.7.0 botocore/1.12.24",
"requestParameters": {
"listenerArn": "arn:aws:globalaccelerator::111122223333:accelerator/0339bfd6-13bc-4d45-a114-5d7fexample/listener/abcde1234"
},
"responseElements": null,
"requestID": "9980e368-82fa-40da-95a3-4b0example",
"eventID": "885a02e9-2a60-4626-b1ba-57285example",
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
},
{
"eventVersion": "1.05",
"userIdentity": {
"type": "IAMUser",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2018-11-17T21:02:36Z"
},
"sessionIssuer": {
"type": "Role",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"userName": "smithj"
}
}
},
"eventTime": "2018-11-17T21:05:47Z",
"eventSource": "globalaccelerator.amazonaws.com",
"eventName": "ListListeners",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.50",
"userAgent": "aws-cli/1.16.34 Python/2.7.10 Darwin/16.7.0 botocore/1.12.24",
"requestParameters": {
"acceleratorArn": "arn:aws:globalaccelerator::111122223333:accelerator/0339bfd6-13bc-4d45-a114-5d7fexample"
},
"responseElements": null,
"requestID": "08e4b0f7-689b-4c84-af2d-47619example",
"eventID": "f4fb8e41-ed21-404d-af9d-037c4example",
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
},
{
"eventVersion": "1.05",
"userIdentity": {
"type": "IAMUser",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2018-11-17T21:02:36Z"
},
"sessionIssuer": {
"type": "Role",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"arn": "arn:aws:iam::111122223333:user/smithj",
"accountId": "111122223333",
"userName": "smithj"
}
}
},
"eventTime": "2018-11-17T21:06:24Z",
"eventSource": "globalaccelerator.amazonaws.com",
"eventName": "DeleteListener",
"awsRegion": "us-west-2",
"sourceIPAddress": "192.0.2.50",
"userAgent": "aws-cli/1.16.34 Python/2.7.10 Darwin/16.7.0 botocore/1.12.24",
"requestParameters": {
"listenerArn": "arn:aws:globalaccelerator::111122223333:accelerator/0339bfd6-13bc-4d45-a114-5d7fexample/listener/abcde1234"
},
"responseElements": null,
"requestID": "04d37bf9-3e50-41d9-9932-6112example",
"eventID": "afedb874-2e21-4ada-b1b0-2ddb2example",
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
}
]
}
```