本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 使用记录 AWS re: Post 私有 API 调用 AWS CloudTrail
AWS re: Post Private 与 AWS CloudTrail一项服务集成,该服务提供用户、角色或服务在 re: Post Pri AWS vate 中采取的操作的记录。 CloudTrail 将 re: Post Private 的所有 API 调用捕获为事件。捕获的调用包括来自 re: Post Private 控制台的调用和对 re: Post Private API 操作的代码调用。如果您创建跟踪,则可以允许将 CloudTrail 事件持续传输到 Amazon S3 存储桶,包括 re: Post Private 的事件。如果您未配置跟踪,您仍然可以在 CloudTrail 控制台的 “事件**历史记录” 中查看最新的事件**。使用收集的信息 CloudTrail,您可以确定向 re: Post Private 发出的请求、发出请求的 IP 地址、谁发出了请求、何时发出请求以及其他详细信息。
要了解更多信息 CloudTrail,请参阅《[AWS CloudTrail 用户指南》](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html)。
## re: 在中发布私人信息 CloudTrail
CloudTrail 在您创建账户 AWS 账户 时已在您的账户上启用。当 re: Post Private 中发生活动时,该活动会与其他 AWS 服务 CloudTrail 事件一起记录在**事件**历史记录中。您可以在中查看、搜索和下载最近发生的事件 AWS 账户。有关更多信息,请参阅[使用 CloudTrail 事件历史记录](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html)。
要持续记录您的事件 AWS 账户,包括 re: Post Private 的事件,请创建跟踪。*跟踪*允许 CloudTrail 将日志文件传输到 Amazon S3 存储桶。预设情况下,在控制台中创建跟踪记录时,此跟踪记录应用于所有 AWS 区域。跟踪记录 AWS 分区中所有区域的事件,并将日志文件传送到您指定的 Amazon S3 存储桶。此外,您可以配置其他 AWS 服务,以进一步分析 CloudTrail 日志中收集的事件数据并对其采取行动。有关更多信息,请参阅下列内容:
+ [为您的 AWS 账户创建跟踪](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail 支持的服务和集成](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html)
+ [配置 Amazon SNS 通知 CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/configure-sns-notifications-for-cloudtrail.html)
+ [接收来自多个区域的 CloudTrail 日志文件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html)和[接收来自多个账户的 CloudTrail 日志文件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)
所有 re: Post 私有操作都由 AWS re: Post [私有 API 参考记录 CloudTrail 并记录在 AWS re: Post Private 参考](https://docs.aws.amazon.com/repostprivate/latest/APIReference/Welcome.html)中。re: Post Private 支持将以下操作作为事件记录在日志文件中: CloudTrail
+ [CreateSpace](https://docs.aws.amazon.com/repostprivate/latest/APIReference/API_CreateSpace.html)
+ [DeleteSpace](https://docs.aws.amazon.com/repostprivate/latest/APIReference/API_DeleteSpace.html)
+ [DeregisterAdmin](https://docs.aws.amazon.com/repostprivate/latest/APIReference/API_DeregisterAdmin.html)
+ [GetSpace](https://docs.aws.amazon.com/repostprivate/latest/APIReference/API_GetSpace.html)
+ [ListSpaces](https://docs.aws.amazon.com/repostprivate/latest/APIReference/APIListSpaces.html)
+ [ListTagsForResource](https://docs.aws.amazon.com/repostprivate/latest/APIReference/API_ListTagsForResource.html)
+ [RegisterAdmin](https://docs.aws.amazon.com/repostprivate/latest/APIReference/API_RegisterAdmin.html)
+ [SendInvites](https://docs.aws.amazon.com/repostprivate/latest/APIReference/API_SendInvites.html)
+ [TagResource](https://docs.aws.amazon.com/repostprivate/latest/APIReference/API_TagResource.html)
+ [UntagResource](https://docs.aws.amazon.com/repostprivate/latest/APIReference/API_UntagResource.html)
+ [UpdateSpace](https://docs.aws.amazon.com/repostprivate/latest/APIReference/API_UpdateSpace.html)
re: post Private 支持将以下 支持 操作作为事件记录在 CloudTrail 日志文件中:
+ [CreateCase](https://docs.aws.amazon.com//awssupport/latest/APIReference/API_CreateCase.html)
+ [AddCommunicationToCase](https://docs.aws.amazon.com//awssupport/latest/APIReference/API_AddCommunicationToCase.html)
+ [ResolveCase](https://docs.aws.amazon.com//awssupport/latest/APIReference/API_ResolveCase.html)
每个事件或日志条目都包含有关生成请求的人员信息。身份信息有助于您确定以下内容:
+ 请求是使用根证书还是 AWS Identity and Access Management (IAM) 用户凭证发出。
+ 请求是使用角色还是联合用户的临时安全凭证发出的。
+ 请求是否由其他 AWS 服务发出。
有关更多信息,请参阅 [CloudTrail userIdentity 元素](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。
## 了解 re: Post 私有日志文件条目
跟踪是一种配置,允许将事件作为日志文件传输到您指定的 Amazon S3 存储桶。 CloudTrail 日志文件包含一个或多个日志条目。事件代表来自任何来源的单个请求,包括有关请求的操作、操作的日期和时间、请求参数等的信息。 CloudTrail 日志文件不是公共 API 调用的有序堆栈跟踪,因此它们不会按任何特定的顺序出现。
以下示例显示了演示该`CreateSpace`操作的 CloudTrail 日志条目。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAQM47QIR7WLEXAMPLE:user",
"arn": "arn:aws:sts::123456789012:assumed-role/User/user",
"accountId": "123456789012",
"accessKeyId": "EXAMPLE_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROAQM47QIR7WLEXAMPLE",
"arn": "arn:aws:iam::123456789012:role/User",
"accountId": "123456789012",
"userName": "User"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-11-06T19:24:39Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-06T21:37:44Z",
"eventSource": "repostspace.amazonaws.com",
"eventName": "CreateSpace",
"awsRegion": "us-west-2",
"sourceIPAddress": "205.251.233.176",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36",
"requestParameters": {
"spaceName": "Test space name",
"spaceSubdomain": "customsubdomain",
"tagSet": {},
"tier": "2000",
"roleArn": "",
"spaceDescription": "Test space description"
},
"responseElements": {
"spaceId": "SPLPWvQmv9SIWYF30EXAMPLE",
"Access-Control-Expose-Headers": "x-amzn-errortype, x-amzn-requestid, x-amzn-errormessage, x-amzn-trace-id, x-amz-apigw-id, date"
},
"requestID": "71d815e0-6632-4ec9-9fac-92af3e4a86dc",
"eventID": "30a6c3da-ce2e-4931-ba5d-b3cc7cf16ec8",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management"
}
```
以下示例显示了演示该`RegisterAdmin`操作的 CloudTrail 日志条目。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAQM47QIR7WLEXAMPLE:user",
"arn": "arn:aws:sts::123456789012:assumed-role/User/user",
"accountId": "123456789012",
"accessKeyId": "EXAMPLE_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROAQM47QIR7WLEXAMPLE",
"arn": "arn:aws:iam::123456789012:role/User",
"accountId": "123456789012",
"userName": "User"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-11-07T21:17:19Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-07T21:24:23Z",
"eventSource": "repostspace.amazonaws.com",
"eventName": "RegisterAdmin",
"awsRegion": "us-west-2",
"sourceIPAddress": "205.251.233.183",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36",
"requestParameters": {
"adminId": "08612310-a0f1-7063-3e54-fb2960444dd1",
"spaceId": "SPlYNZE-ylQEmAXpmEXAMPLE"
},
"responseElements": {
"Access-Control-Expose-Headers": "x-amzn-errortype, x-amzn-requestid, x-amzn-errormessage, x-amzn-trace-id, x-amz-apigw-id, date"
},
"requestID": "9939ebbe-8599-4f9a-827b-4995e3006001",
"eventID": "e1873b18-f80c-4934-9ff2-bf5b35c78031",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management"
}
```
以下示例显示了演示该`ListSpaces`操作的 CloudTrail 日志条目。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAQM47QIR7WLEXAMPLE:user",
"arn": "arn:aws:sts::123456789012:assumed-role/User/user",
"accountId": "123456789012",
"accessKeyId": "EXAMPLE_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROAQM47QIR7WLEXAMPLE",
"arn": "arn:aws:iam::123456789012:role/User",
"accountId": "123456789012",
"userName": "User"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-11-09T22:28:23Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-09T22:38:34Z",
"eventSource": "repostspace.amazonaws.com",
"eventName": "ListSpaces",
"awsRegion": "us-west-2",
"sourceIPAddress": "205.251.233.176",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"requestID": "95be587b-c04f-4eb0-9269-12fee33ae2e3",
"eventID": "9777da32-545f-44c4-af0b-1d9109b8cbc3",
"readOnly": true,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management"
}
```
以下示例显示了演示该`ResolveCase`操作的 CloudTrail 日志条目。您可以使用此日志条目中的`sourceIdentity`元素来识别解决该案例的用户。
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAQM47QIR76DQZ7N5WX:create-support-case-Uk1iHNTWQEOLmR2BR1FDJQ",
"arn": "arn:aws:sts::123456789012:assumed-role/AWSRepostSpaceRole/create-support-case-Uk1iHNTWQEOLmR2BR1FDJQ",
"accountId": "123456789012",
"accessKeyId": "EXAMPLE_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROAQM47QIR76DQZ7N5WX",
"arn": "arn:aws:iam::123456789012:role/AWSRepostSpaceRole",
"accountId": "123456789012",
"userName": "AWSRepostSpaceRole"
},
"attributes": {
"creationDate": "2023-11-17T21:46:42Z",
"mfaAuthenticated": "false"
},
"sourceIdentity": "28e17330-10f1-705d-7cba-3a62a6b10e2e"
}
},
"eventTime": "2023-11-17T21:46:44Z",
"eventSource": "support.amazonaws.com",
"eventName": "ResolveCase",
"awsRegion": "us-west-2",
"sourceIPAddress": "54.68.27.29",
"userAgent": "aws-sdk-nodejs/2.1363.0 linux/v16.20.2 exec-env/AWS_ECS_FARGATE promise",
"requestParameters": {
"caseId": "case-123456789012-muen-2023-75d2c35481b96357"
},
"responseElements": {
"initialCaseStatus": "unassigned",
"finalCaseStatus": "resolved"
},
"requestID": "594b91c6-df1c-47e4-a834-d67d67f34b9d",
"eventID": "7fc9cbe4-c8d5-4d61-a016-e076de272fff",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111111111111",
"eventCategory": "Management",
"tlsDetails": {
"clientProvidedHostHeader": "support.us-west-2.amazonaws.com"
}
}
```