本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # 教程:确定用户资源分配 您可以使用 AWS Service Catalog 控制台识别配置了产品和与该产品关联的资源的用户。本教程将帮助您将该示例转换为您自己的特定预配置产品。 要管理账户的所有预配置产品,您需要具备 `AWSServiceCatalogAdminFullAccess` 或对预配置产品的同等写入访问权限。有关更多信息,请参阅*《AWS Service Catalog 用户指南》*中的[身份和访问权限管理](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/controlling_access.html)。 **确定预配置产品的用户和关联的资源** 1. 打开 [https://console.aws.amazon.com/servic](https://console.aws.amazon.com/servicecatalog) eCatalog。 1. 从左侧的导航菜单中选择**预配置产品**。 1. 在**访问筛选条件**下拉菜单中,选择**账户**。 ![\[Provisioned products interface with search bar, access filter dropdown, and table columns.\]](http://docs.aws.amazon.com/zh_cn/servicecatalog/latest/adminguide/images/access-filter-dropdown.png) 1. 在**账户**视图中,选择并打开预配置产品以显示其详细信息。 ![\[Provisioned products table showing one S3 bucket product with its creation date and status.\]](http://docs.aws.amazon.com/zh_cn/servicecatalog/latest/adminguide/images/account-view.png) 您可以查看预配置产品详细信息。 ![\[Provisioned product details page showing status, ID, name, creation date, and other information.\]](http://docs.aws.amazon.com/zh_cn/servicecatalog/latest/adminguide/images/details-pp.png) 1. 向下滚动到**事件**部分。请注意 `Provisioned product ID` 和 `CloudformationStackARN` 的值。 ![\[Events section showing UPDATE_PROVISIONED_PRODUCT with CloudFormationStackARN details.\]](http://docs.aws.amazon.com/zh_cn/servicecatalog/latest/adminguide/images/events-container.png) 1. 使用预配置的产品 ID 来识别与本次发布相对应的 AWS CloudTrail 记录并识别请求用户(通常,您在联合身份验证期间输入电子邮件地址)。在本示例中,请求用户为“steve”。 ``` { "eventVersion":"1.03","userIdentity": { "type":"AssumedRole", "principalId":"[id]:steve", "arn":"arn:aws:sts::[account number]:assumed-role/SC-usertest/steve", "accountId":[account number], "accessKeyId":[access key], "sessionContext": { "attributes": { "mfaAuthenticated":[boolean], "creationDate":[timestamp] }, "sessionIssuer": { "type":"Role", "principalId":"AROAJEXAMPLELH3QXY", "arn":"arn:aws:iam::[account number]:role/[name]", "accountId":[account number], "userName":[username] } } }, "eventTime":"2016-08-17T19:20:58Z","eventSource":"servicecatalog.amazonaws.com", "eventName":"ProvisionProduct", "awsRegion":"us-west-2", "sourceIPAddress":[ip address], "userAgent":"Coral/Netty", "requestParameters": { "provisioningArtifactId":[id], "productId":[id], "provisioningParameters":[Shows all the parameters that the end user entered], "provisionToken":[token], "pathId":[id], "provisionedProductName":[name], "tags":[], "notificationArns":[] }, "responseElements": { "recordDetail": { "provisioningArtifactId":[id], "status":"IN_PROGRESS", "recordId":[id], "createdTime":"Aug 17, 2016 7:20:58 PM", "recordTags":[], "recordType":"PROVISION_PRODUCT", "provisionedProductType":"CFN_STACK", "pathId":[id], "productId":[id], "provisionedProductName":"testSCproduct", "recordErrors":[], "provisionedProductId":[id] } }, "requestID":[id], "eventID":[id], "eventType":"AwsApiCall", "recipientAccountId":[account number] } ``` 1. 使用该`CloudformationStackARN`值来识别 CloudFormation 事件,以查找有关已创建资源的信息。您也可以使用 CloudFormation API 来获取此信息。有关更多信息,请参阅 [AWS CloudFormation API 参考](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/)。 您可以使用 AWS Service Catalog API 或执行步骤 1 到 4 AWS CLI。有关更多信息,请参阅[AWS Service Catalog 《开发人员指南》](https://docs.aws.amazon.com/servicecatalog/latest/dg/what-is-service-catalog.html)中的[AWS Service Catalog 命令行参考](https://docs.aws.amazon.com/cli/latest/reference/servicecatalog/)。