本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# AwsIam ASFF 中的资源
以下是`AwsIam`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsIamAccessKey
`AwsIamAccessKey` 对象包含与调查发现相关的 IAM 访问密钥的详细信息。
以下示例显示了`AwsIamAccessKey`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamAccessKey` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamAccessKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamAccessKeyDetails.html)。
**示例**
```
"AwsIamAccessKey": {
"AccessKeyId": "string",
"AccountId": "string",
"CreatedAt": "string",
"PrincipalId": "string",
"PrincipalName": "string",
"PrincipalType": "string",
"SessionContext": {
"Attributes": {
"CreationDate": "string",
"MfaAuthenticated": boolean
},
"SessionIssuer": {
"AccountId": "string",
"Arn": "string",
"PrincipalId": "string",
"Type": "string",
"UserName": "string"
}
},
"Status": "string"
}
```
## AwsIamGroup
`AwsIamGroup` 对象包含有关 IAM 组的详细信息。
以下示例显示了`AwsIamGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamGroupDetails.html)。
**示例**
```
"AwsIamGroup": {
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/ExampleManagedAccess",
"PolicyName": "ExampleManagedAccess",
}
],
"CreateDate": "2020-04-28T14:08:37.000Z",
"GroupId": "AGPA4TPS3VLP7QEXAMPLE",
"GroupName": "Example_User_Group",
"GroupPolicyList": [
{
"PolicyName": "ExampleGroupPolicy"
}
],
"Path": "/"
}
```
## AwsIamPolicy
`AwsIamPolicy` 对象代表一个 IAM 权限策略。
以下示例显示了`AwsIamPolicy`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamPolicy` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamPolicyDetails.html)。
**示例**
```
"AwsIamPolicy": {
"AttachmentCount": 1,
"CreateDate": "2017-09-14T08:17:29.000Z",
"DefaultVersionId": "v1",
"Description": "Example IAM policy",
"IsAttachable": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 5,
"PolicyId": "ANPAJ2UCCR6DPCEXAMPLE",
"PolicyName": "EXAMPLE-MANAGED-POLICY",
"PolicyVersionList": [
{
"VersionId": "v1",
"IsDefaultVersion": true,
"CreateDate": "2017-09-14T08:17:29.000Z"
}
],
"UpdateDate": "2017-09-14T08:17:29.000Z"
}
```
## AwsIamRole
`AwsIamRole` 对象包含有关 IAM 角色的信息,包括该角色的所有策略。
以下示例显示了`AwsIamRole`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamRole` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamRoleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamRoleDetails.html)。
**示例**
```
"AwsIamRole": {
"AssumeRolePolicyDocument": "{'Version': '2012-10-17', 'Statement': [{'Effect': 'Allow','Action': 'sts:AssumeRole'}]}",
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/ExamplePolicy1",
"PolicyName": "Example policy 1"
},
{
"PolicyArn": "arn:aws:iam::444455556666:policy/ExamplePolicy2",
"PolicyName": "Example policy 2"
}
],
"CreateDate": "2020-03-14T07:19:14.000Z",
"InstanceProfileList": [
{
"Arn": "arn:aws:iam::333333333333:ExampleProfile",
"CreateDate": "2020-03-11T00:02:27Z",
"InstanceProfileId": "AIPAIXEU4NUHUPEXAMPLE",
"InstanceProfileName": "ExampleInstanceProfile",
"Path": "/",
"Roles": [
{
"Arn": "arn:aws:iam::444455556666:role/example-role",
"AssumeRolePolicyDocument": "",
"CreateDate": "2020-03-11T00:02:27Z",
"Path": "/",
"RoleId": "AROAJ52OTH4H7LEXAMPLE",
"RoleName": "example-role",
}
]
}
],
"MaxSessionDuration": 3600,
"Path": "/",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "arn:aws:iam::aws:policy/AdministratorAccess",
"PermissionsBoundaryType": "PermissionsBoundaryPolicy"
},
"RoleId": "AROA4TPS3VLEXAMPLE",
"RoleName": "BONESBootstrapHydra-OverbridgeOpsFunctionsLambda",
"RolePolicyList": [
{
"PolicyName": "Example role policy"
}
]
}
```
## AwsIamUser
`AwsIamUser` 对象提供有关用户的信息。
以下示例显示了`AwsIamUser`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamUser` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamUserDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamUserDetails.html)。
**示例**
```
"AwsIamUser": {
"AttachedManagedPolicies": [
{
"PolicyName": "ExamplePolicy",
"PolicyArn": "arn:aws:iam::aws:policy/ExampleAccess"
}
],
"CreateDate": "2018-01-26T23:50:05.000Z",
"GroupList": [],
"Path": "/",
"PermissionsBoundary" : {
"PermissionsBoundaryArn" : "arn:aws:iam::aws:policy/AdministratorAccess",
"PermissionsBoundaryType" : "PermissionsBoundaryPolicy"
},
"UserId": "AIDACKCEVSQ6C2EXAMPLE",
"UserName": "ExampleUser",
"UserPolicyList": [
{
"PolicyName": "InstancePolicy"
}
]
}
```