本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# AWS 管理主控台 登入事件
CloudTrail 日誌會嘗試登入 AWS 管理主控台、 AWS 開發論壇和 AWS 支援中心。所有 IAM 使用者和根使用者登入事件,以及所有聯合身分使用者登入事件,會在 CloudTrail 日誌檔案中產生記錄。如需有關尋找與檢視日誌的資訊,請參閱 [尋找 CloudTrail 日誌檔案](get-and-view-cloudtrail-log-files.md#cloudtrail-find-log-files) 和 [下載 CloudTrail 日誌檔案](cloudtrail-read-log-files.md)。
您可以使用 [AWS 使用者通知](https://docs.aws.amazon.com/notifications/latest/userguide/what-is.html) 來設定交付管道,以取得 AWS CloudTrail 事件的通知。當事件符合您指定的規則時,便會收到通知。您可以透過多個管道接收事件通知,包括電子郵件、[聊天應用程式中的 Amazon Q Developer](https://docs.aws.amazon.com/chatbot/latest/adminguide/what-is.html) 聊天通知或 [AWS Console Mobile Application](https://docs.aws.amazon.com/consolemobileapp/latest/userguide/what-is-consolemobileapp.html) 推送通知。您也可在 [Console Notifications Center](https://console.aws.amazon.com/notifications/) 中看到通知。 使用者通知 支援彙總,可減少您在特定事件期間收到的通知數目。
**注意**
`ConsoleLogin` 事件中記錄的區域會根據使用者類型以及您是否使用全域或區域端點登入而有所不同。
如果您以根使用者身分登入,CloudTrail 會在 us-east-1 中記錄事件。
如果您使用 IAM 使用者登入並使用全域端點,CloudTrail 會記錄`ConsoleLogin`事件的區域,如下所示:
如果瀏覽器中存在帳戶別名 Cookie,CloudTrail 會在下列其中一個區域中記錄`ConsoleLogin`事件:us-east-2、eu-north-1 或 ap-southeast-2。這是因為主控台代理會根據來自使用者登入位置的延遲來重新導向使用者。
如果瀏覽器中沒有帳戶別名 Cookie,CloudTrail 會在 us-east-1 中記錄`ConsoleLogin`事件。這是因為主控台代理會重新導向回全域登入。
如果您使用 IAM 使用者登入並使用[區域端點](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints),CloudTrail 會將`ConsoleLogin`事件記錄在端點的適當區域中。如需 AWS 登入 端點的詳細資訊,請參閱[AWS 登入 端點和配額](https://docs.aws.amazon.com/general/latest/gr/signin-service.html)。
**Topics**
+ [IAM 使用者的範例事件記錄](#cloudtrail-event-reference-aws-console-sign-in-events-iam-user)
+ [根使用者的範例事件紀錄](#cloudtrail-event-reference-aws-console-sign-in-events-root)
+ [聯合身分使用者的範例事件紀錄](#cloudtrail-event-reference-aws-console-sign-in-events-federated-user)
## IAM 使用者的範例事件記錄
下列範例顯示數個 IAM 使用者登入案例的事件記錄。
**Topics**
+ [IAM 使用者,在沒有 MFA 的情況下成功登入](#cloudtrail-aws-console-sign-in-events-iam-user-success)
+ [IAM 使用者,在使用 MFA 的情況下成功登入](#cloudtrail-aws-console-sign-in-events-iam-user-mfa)
+ [IAM 使用者,登入失敗](#cloudtrail-aws-console-sign-in-events-iam-user-failure)
+ [IAM 使用者,登入程序檢查 MFA (單一 MFA 裝置類型)](#cloudtrail-aws-console-sign-in-requires-mfa)
+ [IAM 使用者,登入程序檢查 MFA (多個 MFA 裝置類型)](#cloudtrail-aws-console-sign-in-requires-mfa-multiple)
### IAM 使用者,在沒有 MFA 的情況下成功登入
下列記錄顯示名為 的使用者`Anaya`已成功登入 , AWS 管理主控台 而無需使用多重要素驗證 (MFA)。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EXAMPLE6E4XEGITWATV6R",
"arn": "arn:aws:iam::999999999999:user/Anaya",
"accountId": "999999999999",
"userName": "Anaya"
},
"eventTime": "2023-07-19T21:44:40Z",
"eventSource": "signin.amazonaws.com",
"eventName": "ConsoleLogin",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
"requestParameters": null,
"responseElements": {
"ConsoleLogin": "Success"
},
"additionalEventData": {
"LoginTo": "https://console.aws.amazon.com/console/home?hashArgs=%23&isauthcode=true&state=hashArgsFromTB_us-east-1_examplee9aba7f8",
"MobileVersion": "No",
"MFAUsed": "No"
},
"eventID": "e1bf1000-86a4-4a78-81d7-EXAMPLE83102",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "999999999999",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com"
}
}
```
### IAM 使用者,在使用 MFA 的情況下成功登入
下列記錄顯示名為 的 IAM 使用者`Anaya`已成功 AWS 管理主控台 使用多重要素驗證 (MFA) 登入 。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EXAMPLE6E4XEGITWATV6R",
"arn": "arn:aws:iam::999999999999:user/Anaya",
"accountId": "999999999999",
"userName": "Anaya"
},
"eventTime": "2023-07-19T22:01:30Z",
"eventSource": "signin.amazonaws.com",
"eventName": "ConsoleLogin",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
"requestParameters": null,
"responseElements": {
"ConsoleLogin": "Success"
},
"additionalEventData": {
"LoginTo": "https://console.aws.amazon.com/console/home?hashArgs=%23&isauthcode=true&state=hashArgsFromTB_us-east-1_examplebde32f3c9",
"MobileVersion": "No",
"MFAIdentifier": "arn:aws:iam::999999999999:mfa/mfa-device",
"MFAUsed": "Yes"
},
"eventID": "e1f76697-5beb-46e8-9cfc-EXAMPLEbde31",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "999999999999",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com"
}
}
```
### IAM 使用者,登入失敗
下列記錄顯示名為 `Paulo` 的 IAM 使用者的失敗登入嘗試。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EXAMPLE6E4XEGITWATV6R",
"accountId": "123456789012",
"accessKeyId": "",
"userName": "Paulo"
},
"eventTime": "2023-07-19T22:01:20Z",
"eventSource": "signin.amazonaws.com",
"eventName": "ConsoleLogin",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
"errorMessage": "Failed authentication",
"requestParameters": null,
"responseElements": {
"ConsoleLogin": "Failure"
},
"additionalEventData": {
"LoginTo": "https://console.aws.amazon.com/console/home?hashArgs=%23&isauthcode=true&state=hashArgsFromTB_us-east-1_examplebde32f3c9",
"MobileVersion": "No",
"MFAUsed": "Yes"
},
"eventID": "66c97220-2b7d-43b6-a7a0-EXAMPLEbae9c",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com"
}
}
```
### IAM 使用者,登入程序檢查 MFA (單一 MFA 裝置類型)
以下顯示登入程序檢查 IAM 使用者登入時是否需要多重要素驗證 (MFA)。在此範例中,`mfaType` 值為 `U2F MFA`,表示 IAM 使用者已啟用單一 MFA 裝置或多台相同類型的 MFA 裝置 (`U2F MFA`)。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EXAMPLE6E4XEGITWATV6R",
"accountId": "123456789012",
"accessKeyId": "",
"userName": "Alice"
},
"eventTime": "2023-07-19T22:01:26Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CheckMfa",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
"requestParameters": null,
"responseElements": {
"CheckMfa": "Success"
},
"additionalEventData": {
"MfaType": "Virtual MFA"
},
"eventID": "7d8a0746-b2e7-44f5-9917-EXAMPLEfb77c",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com"
}
}
```
### IAM 使用者,登入程序檢查 MFA (多個 MFA 裝置類型)
以下顯示登入程序檢查 IAM 使用者登入時是否需要多重要素驗證 (MFA)。在此範例中,`mfaType` 值為 `Multiple MFA Devices`,表示 IAM 使用者已啟用多個 MFA 裝置類型。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EXAMPLE6E4XEGITWATV6R",
"accountId": "123456789012",
"accessKeyId": "",
"userName": "Mary"
},
"eventTime": "2023-07-19T23:10:09Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CheckMfa",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
"requestParameters": null,
"responseElements": {
"CheckMfa": "Success"
},
"additionalEventData": {
"MfaType": "Multiple MFA Devices"
},
"eventID": "19bd1a1c-76b1-4806-9d8f-EXAMPLE02a96",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "signin.aws.amazon.com"
}
}
```
## 根使用者的範例事件紀錄
下列範例顯示多種 `root` 使用者登入案例的事件記錄。當您以根使用者身分登入時,CloudTrail 會在 us-east-1 中記錄 `ConsoleLogin` 事件。
**Topics**
+ [根使用者,在沒有 MFA 的情況下成功登入](#cloudtrail-signin-root)
+ [根使用者,在使用 MFA 的情況下成功登入](#cloudtrail-signin-root-mfa)
+ [根使用者,登入失敗](#cloudtrail-unsuccessful-signin-root)
+ [根使用者,MFA 已變更](#cloudtrail-signin-mfa-changed-root)
+ [根使用者,密碼已變更](#cloudtrail-root-password-changed)
### 根使用者,在沒有 MFA 的情況下成功登入
以下顯示根使用者的成功登入事件並未使用多重要素驗證 (MFA)。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Root",
"principalId": "111122223333",
"arn": "arn:aws:iam::111122223333:root",
"accountId": "111122223333",
"accessKeyId": ""
},
"eventTime": "2023-07-12T13:35:31Z",
"eventSource": "signin.amazonaws.com",
"eventName": "ConsoleLogin",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"requestParameters": null,
"responseElements": {
"ConsoleLogin": "Success"
},
"additionalEventData": {
"LoginTo": "https://console.aws.amazon.com/console/home?hashArgs=%23&isauthcode=true&nc2=h_ct&src=header-signin&state=hashArgsFromTB_ap-southeast-2_example80afacd389",
"MobileVersion": "No",
"MFAUsed": "No"
},
"eventID": "4217cc13-7328-4820-a90c-EXAMPLE8002e6",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "signin.aws.amazon.com"
}
}
```
### 根使用者,在使用 MFA 的情況下成功登入
以下顯示根使用者的成功登入事件使用了多重要素驗證 (MFA)。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Root",
"principalId": "444455556666",
"arn": "arn:aws:iam::444455556666:root",
"accountId": "444455556666",
"accessKeyId": ""
},
"eventTime": "2023-07-13T03:04:43Z",
"eventSource": "signin.amazonaws.com",
"eventName": "ConsoleLogin",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"requestParameters": null,
"responseElements": {
"ConsoleLogin": "Success"
},
"additionalEventData": {
"LoginTo": "https://ap-southeast-1.console.aws.amazon.com/ec2/home?region=ap-southeast-1&state=hashArgs%23Instances%3Av%3D3%3B%24case%3Dtags%3Atrue%255C%2Cclient%3Afalse%3B%24regex%3Dtags%3Afalse%255C%2Cclient%3Afalse&isauthcode=true",
"MobileVersion": "No",
"MFAIdentifier": "arn:aws:iam::444455556666:mfa/root-account-mfa-device",
"MFAUsed": "Yes"
},
"eventID": "e0176723-ea76-4275-83a3-EXAMPLEf03fb",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "444455556666",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "signin.aws.amazon.com"
}
}
```
### 根使用者,登入失敗
以下顯示根使用者的登入失敗事件並未使用 MFA。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Root",
"principalId": "123456789012",
"arn": "arn:aws:iam::123456789012:root",
"accountId": "123456789012",
"accessKeyId": ""
},
"eventTime": "2023-07-16T04:33:40Z",
"eventSource": "signin.amazonaws.com",
"eventName": "ConsoleLogin",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36",
"errorMessage": "Failed authentication",
"requestParameters": null,
"responseElements": {
"ConsoleLogin": "Failure"
},
"additionalEventData": {
"LoginTo": "https://us-east-1.console.aws.amazon.com/billing/home?region=us-east-1&state=hashArgs%23%2Faccount&isauthcode=true",
"MobileVersion": "No",
"MFAUsed": "No"
},
"eventID": "f28d4329-5050-480b-8de0-EXAMPLE07329",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "signin.aws.amazon.com"
}
}
```
### 根使用者,MFA 已變更
下列顯示根使用者變更多重要素驗證 (MFA) 設定的範例事件。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Root",
"principalId": "111122223333",
"arn": "arn:aws:iam::111122223333:root",
"accountId": "111122223333",
"accessKeyId": "EXAMPLE4XX3IEV4PFQTH",
"userName": "AWS ROOT USER",
"sessionContext": {
"sessionIssuer": {},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-07-15T03:51:12Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-07-15T04:37:08Z",
"eventSource": "iam.amazonaws.com",
"eventName": "EnableMFADevice",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36",
"requestParameters": {
"userName": "AWS ROOT USER",
"serialNumber": "arn:aws:iam::111122223333:mfa/root-account-mfa-device"
},
"responseElements": null,
"requestID": "9b45cd4c-a598-41e7-9170-EXAMPLE535f0",
"eventID": "b4f18d55-d36f-49a0-afcb-EXAMPLEc026b",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management",
"sessionCredentialFromConsole": "true"
}
```
### 根使用者,密碼已變更
下列顯示根使用者變更其密碼的範例事件。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Root",
"principalId": "444455556666",
"arn": "arn:aws:iam::444455556666:root",
"accountId": "444455556666",
"accessKeyId": "EXAMPLEAOTKEG44KPW5P",
"sessionContext": {
"sessionIssuer": {},
"webIdFederationData": {},
"attributes": {
"creationDate": "2022-11-25T13:01:14Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2022-11-25T13:01:14Z",
"eventSource": "iam.amazonaws.com",
"eventName": "ChangePassword",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"requestID": "c64254c2-e4ff-49c0-900e-EXAMPLE9e6d2",
"eventID": "d059176c-4f4d-4a9e-b8d7-EXAMPLE2b7b3",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "444455556666",
"eventCategory": "Management"
}
```
## 聯合身分使用者的範例事件紀錄
下列範例顯示聯合身分使用者的事件記錄。聯合身分使用者會獲得臨時安全登入資料,以透過 [https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html)請求存取 AWS 資源。
下列顯示聯合身分加密請求的範例事件。原始存取金鑰 ID 會在 `userIdentity` 元素的 `accessKeyId` 欄位中提供。如果請求的 `sessionDuration` 在加密請求中傳遞,則 `responseElements` 中的 `accessKeyId` 欄位將包含一個新的存取金鑰 ID,否則它將包含原始存取金鑰 ID 的值。
**注意**
在此範例中, `mfaAuthenticated`值為 `false`, `MFAUsed`值為 ,`No`因為該請求是由聯合身分使用者提出。只有在 IAM 使用者或根使用者使用 MFA 提出請求時,這些欄位才會設為 true。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLEUU4MH7OYK5ZCOA:JohnDoe",
"arn": "arn:aws:sts::123456789012:assumed-role/roleName/JohnDoe",
"accountId": "123456789012",
"accessKeyId": "originalAccessKeyID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EXAMPLEUU4MH7OYK5ZCOA",
"arn": "arn:aws:iam::123456789012:role/roleName",
"accountId": "123456789012",
"userName": "roleName"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-09-25T21:30:39Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-09-25T21:30:39Z",
"eventSource": "signin.amazonaws.com",
"eventName": "GetSigninToken",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Java/1.8.0_382",
"requestParameters": null,
"responseElements": {
"credentials": {
"accessKeyId": "accessKeyID"
},
"GetSigninToken": "Success"
},
"additionalEventData": {
"MobileVersion": "No",
"MFAUsed": "No"
},
"eventID": "1d66615b-a417-40da-a38e-EXAMPLE8c89b",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com"
}
}
```
以下顯示聯合身分使用者未使用多重要素驗證 (MFA) 而成功登入的事件。
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLEPHCNW7ZCASLJOH:JohnDoe",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleName/JohnDoe",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "EXAMPLEPHCNW7ZCASLJOH",
"arn": "arn:aws:iam::123456789012:role/RoleName",
"accountId": "123456789012",
"userName": "RoleName"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-09-22T16:15:47Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-09-22T16:15:47Z",
"eventSource": "signin.amazonaws.com",
"eventName": "ConsoleLogin",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36",
"requestParameters": null,
"responseElements": {
"ConsoleLogin": "Success"
},
"additionalEventData": {
"MobileVersion": "No",
"MFAUsed": "No"
},
"eventID": "b73f1ec6-c064-4cd3-ba83-EXAMPLE441d7",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "123456789012",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "us-east-1.signin.aws.amazon.com"
}
}
```