了解智慧卡使用者的 AWS 登入事件 - Amazon WorkSpaces

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

了解智慧卡使用者的 AWS 登入事件

AWS CloudTrail 會為智慧卡使用者記錄成功和失敗的登入事件。這包括每次提示使用者解決特定憑證挑戰或要素時擷取的登入事件,以及該特定憑證驗證請求的狀態。使用者只會在完成所有必要的憑證挑戰後才會登入,這會導致 UserAuthentication 事件被記錄。

下表擷取每個登入 CloudTrail 事件名稱及其目的。

事件名稱 事件目的

CredentialChallenge

通知 AWS 登入已請求使用者解決特定登入資料挑戰CredentialType,並指定必要的 (例如 SMARTCARD)。

CredentialVerification

通知使用者已嘗試解決特定 CredentialChallenge 請求,並指定該憑證是成功還是失敗。

UserAuthentication

通知使用者遭到挑戰的所有驗證需求都已成功完成,且使用者已成功登入。當使用者無法順利完成所需的憑證挑戰時,不會記錄任何 UserAuthentication 事件。

下表擷取特定登入 CloudTrail 事件中包含的其他實用事件資料欄位。

事件名稱 事件目的 登入事件適用性 範例值

AuthWorkflowID

使整個登入序列中發出的所有事件產生關聯。對於每次使用者登入, AWS 登入可以發出多個事件。

CredentialChallenge, CredentialVerification, UserAuthentication

"AuthWorkflowID": "9de74b32-8362-4a01-a524-de21df59fd83"

CredentialType

通知使用者已嘗試解決特定 CredentialChallenge 請求,並指定該憑證是成功還是失敗。

CredentialChallenge, CredentialVerification, UserAuthentication

CredentialType": "SMARTCARD" (現今可能的值:SMARTCARD)

LoginTo

通知使用者遭到挑戰的所有驗證需求都已成功完成,且使用者已成功登入。當使用者無法順利完成所需的憑證挑戰時,不會記錄任何 UserAuthentication 事件。

UserAuthentication

"LoginTo": "https://skylight.local“

AWS 登入案例的範例事件

下列範例顯示不同登入案例中 CloudTrail 事件的預期序列。

使用智慧卡驗證時登入成功

下列事件序列會擷取智慧卡登入成功的範例。

CredentialChallenge
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:29Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialChallenge", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "CredentialType": "SMARTCARD" }, "requestID": "65551a6d-654a-4be8-90b5-bbfef7187d3a", "eventID": "fb603838-f119-4304-9fdc-c0f947a82116", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialChallenge": "Success" } }
成功的 CredentialVerification
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:39Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialVerification", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "CredentialType": "SMARTCARD" }, "requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5", "eventID": "84c0a2ff-413f-4d0f-9108-f72c90a41b6c", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialVerification": "Success" } }
成功的 UserAuthentication
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:39Z", "eventSource": "signin.amazonaws.com", "eventName": "UserAuthentication", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e", "LoginTo": "https://skylight.local", "CredentialType": "SMARTCARD" }, "requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5", "eventID": "acc0dba8-8e8b-414b-a52d-6b7cd51d38f6", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { UserAuthentication": "Success" } }

僅使用智慧卡驗證時登入失敗

下列事件序列會擷取智慧卡登入失敗的範例。

CredentialChallenge
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:06Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialChallenge", "awaRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb", "CredentialType": "SMARTCARD" }, "requestID": "73eb499d-91a8-4c18-9c5d-281fd45ab50a", "eventID": "f30a50ec-71cf-415a-a5ab-e287edc800da", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialChallenge": "Success" } }
失敗的 CredentialVerification
{ "eventVersion": "1.08", "userIdentity": { "type": "Unknown", "principalId": "509318101470", "arn": "", "accountId": "509318101470", "accessKeyId": "" }, "eventTime": "2021-07-30T17:23:13Z", "eventSource": "signin.amazonaws.com", "eventName": "CredentialVerification", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36", "requestParameters": null, "responseElements": null, "additionalEventData": { "AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb", "CredentialType": "SMARTCARD" }, "requestID": "051ca316-0b0d-4d38-940b-5fe5794fda03", "eventID": "4e6fbfc7-0479-48da-b7dc-e875155a8177", "readOnly": false, "eventType": "AwsServiceEvent", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "509318101470", "serviceEventDetails": { CredentialVerification": "Failure" } }