本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# CloudTrail 中的 IAM Identity Center 資訊
當您建立帳戶 AWS 帳戶 時,您的 上會啟用 CloudTrail。當活動在 IAM Identity Center 中發生時,該活動會與**事件歷史記錄**中的其他 AWS 服務事件一起記錄在 CloudTrail 事件中。您可以在 中檢視、搜尋和下載最近的事件 AWS 帳戶。如需詳細資訊,請參閱[使用 CloudTrail 事件歷史記錄檢視事件](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html)。
**注意**
如需有關使用者識別和追蹤 CloudTrail 事件中使用者動作如何演變的詳細資訊,請參閱 *AWS 安全部落格*中 [IAM Identity Center 的重要 CloudTrail 事件變更](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/)。
若要持續記錄 中的事件 AWS 帳戶,包括 IAM Identity Center 的事件,請建立追蹤。*線索*能讓 CloudTrail 將日誌檔案交付至 Amazon S3 儲存貯體。根據預設,當您在主控台建立線索時,線索會套用到所有 AWS 區域。線索會記錄 AWS 分割區中所有區域的事件,並將日誌檔案交付至您指定的 Amazon S3 儲存貯體。此外,您可以設定其他 AWS 服務,以進一步分析和處理 CloudTrail 日誌中所收集的事件資料。如需詳細資訊,請參閱 *AWS CloudTrail 使用者指南*中的以下主題:
+ [建立追蹤的概觀](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail 支援的服務和整合](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations)
+ [設定 CloudTrail 的 Amazon SNS 通知](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_notifications_top_level.html)
+ [接收多個區域的 CloudTrail 日誌檔案](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html)及[接收多個帳戶的 CloudTrail 日誌檔案](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)
當您的 中啟用 CloudTrail 記錄時 AWS 帳戶,日誌檔案中會追蹤對 IAM Identity Center 動作發出的 API 呼叫。IAM Identity Center 記錄會與日誌檔案中的其他 AWS 服務記錄一起寫入。CloudTrail 會根據期間與檔案大小,決定何時建立與寫入新檔案。
**支援 IAM Identity Center APIs CloudTrail 事件**
下列各節提供有關與 IAM Identity Center 支援的下列 APIs 相關聯的 CloudTrail 事件的資訊:
+ [IAM Identity Center API](#cloudtrail-events-iam-identity-center-operations)
+ [Identity Store API](#cloudtrail-events-identity-store-operations)
+ [OIDC API](#cloudtrail-events-oidc-operations)
+ [AWS 存取入口網站 API](#cloudtrail-events-access-portal-operations)
+ [SCIM API](#cloudtrail-events-scim-api-operations)
## IAM Identity Center API 操作的 CloudTrail 事件
下列清單包含公有 IAM Identity Center 操作隨事件來源發出的 CloudTrail `sso.amazonaws.com`事件。如需公有 IAM Identity Center API 操作的詳細資訊,請參閱 [IAM Identity Center API 參考](https://docs.aws.amazon.com/singlesignon/latest/APIReference/welcome.html)。
您可以在 CloudTrail 中找到主控台依賴的 IAM Identity Center 主控台 API 操作的其他事件。如需這些主控台 APIs的詳細資訊,請參閱[服務授權參考](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamidentitycenter.html)。
+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachCustomerManagedPolicyReferenceToPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachCustomerManagedPolicyReferenceToPermissionSet.html)
+ [
AttachManagedPolicyToPermissionSet](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachManagedPolicyToPermissionSet.html)
+ [
CreateAccountAssignment](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateAccountAssignment.html)
+ [CreateApplication
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplication.html)
+ [
CreateApplicationAssignment](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplicationAssignment.html)
+ [
CreateInstance
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstance.html)
+ [
CreateInstanceAccessControlAttributeConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstanceAccessControlAttributeConfiguration.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreatePermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreatePermissionSet.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateTrustedTokenIssuer.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateTrustedTokenIssuer.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteAccountAssignment.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteAccountAssignment.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplication.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplication.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAccessScope.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAccessScope.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAssignment.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAssignment.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAuthenticationMethod.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAuthenticationMethod.html)
+ [
DeleteApplicationGrant
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationGrant.html)
+ [
DeleteInlinePolicyFromPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInlinePolicyFromPermissionSet.html)
+ [
DeleteInstance
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstance.html)
+ [
DeleteInstanceAccessControlAttributeConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstanceAccessControlAttributeConfiguration.html)
+ [
DeletePermissionsBoundaryFromPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionsBoundaryFromPermissionSet.html)
+ [
DeletePermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionSet.html)
+ [
DeleteTrustedTokenIssuer
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteTrustedTokenIssuer.html)
+ [
DescribeAccountAssignmentCreationStatus
s](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentCreationStatus.html)
+ [
DescribeAccountAssignmentDeletionStatus
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentDeletionStatus.html)
+ [
DescribeApplication
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplication.html)
+ [
DescribeApplicationAssignment
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationAssignment.html)
+ [
DescribeApplicationProvider
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationProvider.html)
+ [
DescribeInstance
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstance.html)
+ [
DescribeInstanceAccessControlAttributeConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstanceAccessControlAttributeConfiguration.html)
+ [
DescribePermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSet.html)
+ [
DescribePermissionSetProvisioningStatus
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSetProvisioningStatus.html)
+ [
DescribeTrustedTokenIssuer
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeTrustedTokenIssuer.html)
+ [
DetachCustomerManagedPolicyReferenceFromPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachCustomerManagedPolicyReferenceFromPermissionSet.html)
+ [
DetachManagedPolicyFromPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachManagedPolicyFromPermissionSet.html)
+ [
GetApplicationAccessScope
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAccessScope.html)
+ [
GetApplicationAssignmentConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAssignmentConfiguration.html)
+ [
GetApplicationAuthenticationMethod
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAuthenticationMethod.html)
+ [
GetApplicationGrant
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationGrant.html)
+ [
GetInlinePolicyForPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetInlinePolicyForPermissionSet.html)
+ [
GetPermissionsBoundaryForPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetPermissionsBoundaryForPermissionSet.html)
+ [
ListAccountAssignmentCreationStatus
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentCreationStatus.html)
+ [
ListAccountAssignmentDeletionStatus
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentDeletionStatus.html)
+ [
ListAccountAssignments
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignments.html)
+ [
ListAccountAssignmentsForPrincipal
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentsForPrincipal.html)
+ [
ListAccountsForProvisionedPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountsForProvisionedPermissionSet.html)
+ [
ListApplicationAccessScopes
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAccessScopes.html)
+ [
ListApplicationAssignments
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignments.html)
+ [
ListApplicationAssignmentsForPrincipal
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignmentsForPrincipal.html)
+ [
ListApplicationAuthenticationMethods
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAuthenticationMethods.html)
+ [
ListApplicationGrants
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationGrants.html)
+ [
ListApplicationProviders
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationProviders.html)
+ [
ListApplications
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplications.html)
+ [
ListCustomerManagedPolicyReferencesInPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListCustomerManagedPolicyReferencesInPermissionSet.html)
+ [
ListInstances
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html)
+ [
ListManagedPoliciesInPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListManagedPoliciesInPermissionSet.html)
+ [
ListPermissionSetProvisioningStatus
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetProvisioningStatus.html)
+ [
ListPermissionSets
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSets.html)
+ [
ListPermissionSetsProvisionedToAccount
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetsProvisionedToAccount.html)
+ [
ListTagsForResource
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTagsForResource.html)
+ [
ListTrustedTokenIssuers
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTrustedTokenIssuers.html)
+ [
ProvisionPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html)
+ [
PutApplicationAccessScope
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAccessScope.html)
+ [
PutApplicationAssignmentConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAssignmentConfiguration.html)
+ [
PutApplicationAuthenticationMethod
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAuthenticationMethod.html)
+ [
PutApplicationGrant
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationGrant.html)
+ [
PutInlinePolicyToPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutInlinePolicyToPermissionSet.html)
+ [
PutPermissionsBoundaryToPermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutPermissionsBoundaryToPermissionSet.html)
+ [
TagResource
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_TagResource.html)
+ [
UntagResource
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UntagResource.html)
+ [
UpdateApplication
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateApplication.html)
+ [
UpdateInstance
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateInstance.html)
+ [
UpdateInstanceAccessControlAttributeConfiguration
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateInstanceAccessControlAttributeConfiguration.html)
+ [
UpdatePermissionSet
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdatePermissionSet.html)
+ [
UpdateTrustedTokenIssuer
](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateTrustedTokenIssuer.html)
## Identity Store API 操作的 CloudTrail 事件
下列清單包含公有 Identity Store 操作隨事件來源發出的 CloudTrail `identitystore.amazonaws.com`事件。如需公有 Identity Store API 操作的詳細資訊,請參閱 [Identity Store API 參考](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/welcome.html)。
您可以在 CloudTrail 中找到具有事件來源的 Identity Store 主控台 API 操作的其他`sso-directory.amazonaws.com`事件。這些 APIs支援 主控台和 AWS 存取入口網站。如果您需要偵測特定操作的發生,例如將成員新增至群組,建議您同時考慮公有和主控台 API 操作。如需這些主控台 APIs的詳細資訊,請參閱[服務授權參考](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentitystore.html)。
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroup.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroup.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroupMembership.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateGroupMembership.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroup.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroup.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroupMembership.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteGroupMembership.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteUser.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DeleteUser.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroupMembership.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroupMembership.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeUser.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_DescribeUser.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupId.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupId.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupMembershipId.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetGroupMembershipId.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetUserId.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_GetUserId.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_IsMemberInGroups.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_IsMemberInGroups.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMembershipsForMember.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMembershipsForMember.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroups.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroups.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_UpdateGroup.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_UpdateGroup.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_UpdateUser.html](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_UpdateUser.html)
## OIDC API 操作的 CloudTrail 事件
下列清單包含公有 OIDC 操作發出的 CloudTrail 事件。如需公有 OIDC API 操作的詳細資訊,請參閱 [OIDC API 參考](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)。
+ [https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) (事件來源 `sso.amazonaws.com`)
+ [https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.html](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.html) (事件來源 `sso-oauth.amazonaws.com`)
## AWS 存取入口網站 API 操作的 CloudTrail 事件
下列清單包含 AWS 存取入口網站 API 操作隨事件來源發出的 CloudTrail `sso.amazonaws.com`事件。標記為在公有 API 中無法使用的 API 操作支援 AWS 存取入口網站的操作。使用 AWS CLI 可能會導致公有 AWS 存取入口網站 API 操作和公有 API 中無法使用的 CloudTrail 事件同時發出。如需公開 AWS 存取入口網站 API 操作的詳細資訊,請參閱[AWS 存取入口網站 API 參考](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/Welcome.html)。
+ Authenticate (不適用於公有 API。 提供 AWS 存取入口網站的登入。)
+ Federate (不適用於公有 API。 為應用程式提供聯合。)
+ [https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_ListAccountRoles.html](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_ListAccountRoles.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_ListAccounts.html](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_ListAccounts.html)
+ ListApplications (不適用於公有 API。 提供使用者指派的資源,以在 AWS 存取入口網站中顯示。)
+ ListProfilesForApplication (不適用於公有 API。 提供應用程式中繼資料以在 AWS 存取入口網站中顯示。)
+ [https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
+ [https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_Logout.html](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_Logout.html)
## SCIM API 操作的 CloudTrail 事件
如需公有 SCIM API 操作的資訊,請參閱[AWS 存取入口網站 API 參考](scim-logging-using-cloudtrail.md)。
## IAM Identity Center CloudTrail 事件中的身分資訊
每一筆事件或日誌專案都會包含產生請求者的資訊。身分資訊可協助您判斷下列事項:
+ 請求是使用根使用者還是 AWS Identity and Access Management (IAM) 使用者登入資料提出。
+ 提出該請求時,是否使用了特定角色或聯合身分使用者的暫時安全憑證。
+ 請求是否由其他 AWS 服務提出。
+ 請求是否由 IAM Identity Center 使用者提出。若是如此,CloudTrail 事件中會提供 `userId`和 `identityStoreArn` 欄位,以識別啟動請求的 IAM Identity Center 使用者。如需詳細資訊,請參閱[在 IAM Identity Center 使用者起始的 CloudTrail 事件中識別使用者](sso-cloudtrail-use-cases.md#user-session-iam-identity-center)。
如需詳細資訊,請參閱 [CloudTrail userIdentity 元素](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html)。
**注意**
目前,IAM Identity Center 不會發出 CloudTrail 事件,讓使用者使用 [OIDC API](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) 登入 AWS 受管 Web 應用程式 (例如 Amazon SageMaker AI Studio)。這些 Web 應用程式是一組更廣泛的 子集[AWS 受管應用程式](awsapps.md),其中也包含非 Web 應用程式,例如 Amazon Athena SQL 和 Amazon S3 Access Grants。
# 了解 IAM Identity Center 的 CloudTrail 事件
追蹤是一種組態,能讓事件交付到您指定的 Amazon S3 儲存貯體。一個事件為任何來源提出的單一請求,並包含請求動作、請求的日期和時間、請求參數等資訊。CloudTrail 事件不是公有 API 呼叫的排序堆疊追蹤,因此不會以任何特定順序顯示。請參閱 [ CloudTrail 使用者指南,了解 CloudTrail 記錄的內容](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html)。 *CloudTrail *
此範例示範 CloudTrail 日誌項目,擷取與 IAM Identity Center 互動的 IAM 使用者 (samadams) 所執行`DescribePermissionsPolicies`的動作:
```
{
"Records":[
{
"eventVersion":"1.05",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDAJAIENLMexample",
"arn":"arn:aws:iam::08966example:user/samadams",
"accountId":"111122223333",
"accessKeyId":"AKIAIIJM2K4example",
"userName":"samadams"
},
"eventTime":"2017-11-29T22:39:43Z",
"eventSource":"sso.amazonaws.com",
"eventName":"DescribePermissionsPolicies",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36",
"requestParameters":{
"permissionSetId":"ps-79a0dde74b95ed05"
},
"responseElements":null,
"requestID":"319ac6a1-d556-11e7-a34f-69a333106015",
"eventID":"a93a952b-13dd-4ae5-a156-d3ad6220b071",
"readOnly":true,
"resources":[
],
"eventType":"AwsApiCall",
"recipientAccountId":"111122223333"
}
]
}
```
此範例示範 CloudTrail 日誌項目,擷取 AWS 存取入口網站內 IAM Identity Center 使用者執行`ListApplications`的動作:
```
{
"Records":[
{
"eventVersion":"1.05",
"userIdentity":{
"type":"IdentityCenterUser",
"accountId":"111122223333",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84775435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "cdee2490-82ed-43b3-96ee-b75fbf0b97a5"
},
"eventTime":"2017-11-29T18:48:28Z",
"eventSource":"sso.amazonaws.com",
"eventName":"ListApplications",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"requestID":"de6c0435-ce4b-49c7-9bcc-bc5ed631ce04",
"eventID":"e6e1f3df-9528-4c6d-a877-6b2b895d1f91",
"eventType":"AwsApiCall",
"recipientAccountId":"111122223333"
}
]
}
```
此範例示範 CloudTrail 日誌項目,擷取由使用 IAM Identity Center OIDC 服務進行驗證的 IAM Identity Center 使用者所執行`CreateToken`的動作:
```
{
"eventVersion": "1.05",
"userIdentity": {
"type": "IdentityCenterUser",
"accountId": "111122223333",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84775435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "cdee2490-82ed-43b3-96ee-b75fbf0b97a5"
},
"eventTime": "2020-06-16T01:31:15Z",
"eventSource": "sso.amazonaws.com",
"eventName": "CreateToken",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.0",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36",
"requestParameters": {
"clientId": "clientid1234example",
"clientSecret": "HIDDEN_DUE_TO_SECURITY_REASONS",
"grantType": "urn:ietf:params:oauth:grant-type:device_code",
"deviceCode": "devicecode1234example"
},
"responseElements": {
"accessToken": "HIDDEN_DUE_TO_SECURITY_REASONS",
"tokenType": "Bearer",
"expiresIn": 28800,
"refreshToken": "HIDDEN_DUE_TO_SECURITY_REASONS",
"idToken": "HIDDEN_DUE_TO_SECURITY_REASONS"
},
"eventID": "09a6e1a9-50e5-45c0-9f08-e6ef5089b262",
"readOnly": false,
"resources": [
{
"accountId": "111122223333",
"type": "IdentityStoreId",
"ARN": "d-1234567890"
}
],
"eventType": "AwsApiCall",
"recipientAccountId": "111122223333"
}
```
# 了解 IAM Identity Center 登入事件
AWS CloudTrail 會記錄所有 IAM Identity Center 身分來源的成功和失敗登入事件。IAM Identity Center 和 Active Directory (AD Connector 和 AWS Managed Microsoft AD) 來源身分包括每次提示使用者解決特定登入資料挑戰或因素時所擷取的其他登入事件,以及該特定登入資料驗證請求的狀態。只有在使用者完成所有必要的登入資料挑戰後,才會登入使用者,這將導致記錄`UserAuthentication`事件。
下表擷取每個 IAM Identity Center 登入 CloudTrail 事件名稱、其目的和對不同身分來源的適用性。
| 事件名稱 | 事件目的 | 身分來源適用性 |
| --- | --- | --- |
| CredentialChallenge | 用來通知 IAM Identity Center 已請求使用者解決特定登入資料挑戰CredentialType,並指定必要的 (例如 PASSWORD 或 TOTP)。 | 原生 IAM Identity Center 使用者、AD Connector 和 AWS Managed Microsoft AD |
| CredentialVerification | 用來通知使用者已嘗試解決特定CredentialChallenge請求,並指定該登入資料是否成功或失敗。 | 原生 IAM Identity Center 使用者、AD Connector 和 AWS Managed Microsoft AD |
| UserAuthentication | 用來通知使用者遭挑戰的所有身分驗證要求都已成功完成,而且使用者已成功登入。使用者若未成功完成所需的登入資料挑戰,將不會記錄任何UserAuthentication事件。 | 所有身分來源 |
下表擷取特定登入 CloudTrail 事件中包含的其他實用事件資料欄位。
| 欄位 | 事件目的 | 登入事件適用性 | 範例值 |
| --- | --- | --- | --- |
| AuthWorkflowID | 用來關聯在整個登入序列中發出的所有事件。對於每個使用者登入,IAM Identity Center 可能會發出多個事件。 | CredentialChallenge, CredentialVerification, UserAuthentication | "AuthWorkflowID": "9de74b32-8362-4a01-a524-de21df59fd83" |
| CredentialType | 用來指定受到挑戰的登入資料或因素。 UserAuthentication事件將包含跨使用者登入序列成功驗證的所有CredentialType值。 | CredentialChallenge, CredentialVerification, UserAuthentication | CredentialType": "PASSWORD" 或 "CredentialType": "PASSWORD,TOTP" (可能的值包括:PASSWORD、TOTP、WEBAUTHN、EXTERNAL\$1IDP、RESYNC\$1TOTP、EMAIL\$1OTP) |
| DeviceEnrollmentRequired | 用來指定使用者在登入期間需要註冊 MFA 裝置,且使用者已成功完成該請求。 | UserAuthentication | "DeviceEnrollmentRequired": "true" |
| LoginTo | 用來指定成功登入序列之後的重新導向位置。 | UserAuthentication | "LoginTo": "https://mydirectory.awsapps.com/start/...." |
**IAM Identity Center 登入流程中的 CloudTrail 事件**
下圖說明登入流程和登入發出的 CloudTrail 事件。
![\[登入流程和登入發出的 CloudTrail 事件。\]](http://docs.aws.amazon.com/zh_tw/singlesignon/latest/userguide/images/cloudtrail-events-in-iam-identity-center-sign-in-flows.png)
圖表顯示**密碼登入**流程和**聯合登入**流程。
**密碼登入**流程由步驟 1–8 組成,示範使用者名稱和密碼登入程序期間的步驟。IAM Identity Center `userIdentity.additionalEventData.CredentialType`設定為 "`PASSWORD`",IAM Identity Center 會經歷登入資料挑戰回應週期,並視需要重試。
步驟數目取決於[登入類型和是否存在多重要素驗證 (MFA)](enable-mfa.md)。初始程序會產生三或五個 CloudTrail `UserAuthentication` 事件,並結束序列以成功進行身分驗證。密碼身分驗證嘗試不成功會導致額外的 CloudTrail 事件,因為 IAM Identity Center `CredentialChallenge`會針對一般或啟用 MFA 身分驗證重新發出。
密碼登入流程也涵蓋使用 `CreateUser` API 呼叫新建立的 IAM Identity Center 使用者使用一次性密碼 (OTP) 登入的情況。在此案例中,登入資料類型為「`EMAIL_OTP`」。
**聯合登入**流程由步驟 1a、2a 和 8 組成,示範聯合身分驗證程序期間的主要步驟,其中 [SAML 聲明由身分提供者提供](scim-profile-saml.md)、由 IAM Identity Center 驗證,如果成功,則會導致 `UserAuthentication`。IAM Identity Center 不會在步驟 3 – 7 中叫用內部 MFA 身分驗證序列,因為外部聯合身分提供者負責所有使用者憑證驗證。
# 登入 CloudTrail 事件中的使用者名稱
每次成功登入 IAM Identity Center 使用者時,IAM Identity Center 會在 `additionalEventData`元素下發出 `UserName` 欄位一次。以下清單說明範圍內的兩個登入事件,以及這些事件發生的條件。當使用者登入時,只有其中一個條件是 true。
+ `CredentialChallenge`
+ 當 `CredentialType`為 "`PASSWORD`" – 適用於使用 Directory Service 或 進行密碼驗證 IAM Identity Center 目錄。
+ 當 `CredentialType`為「`EMAIL_OTP`」 – 僅適用於使用 `CreateUser` API 呼叫建立 IAM Identity Center 目錄 的使用者第一次嘗試登入時,使用者會收到一次性密碼,以使用該密碼登入一次。
+ `UserAuthentication`
+ 當 `CredentialType`為 "`EXTERNAL_IDP`" – 適用於使用外部 IdP 的身分驗證。
成功驗證`UserName`的 值如下所示:
+ 當身分來源是外部 IdP 時,該值等於傳入 SAML 聲明中的`nameID`值。此值等於 中的 `UserName` 欄位 IAM Identity Center 目錄。
+ 當身分來源為 時 IAM Identity Center 目錄,發出的值等於此目錄中的 `UserName` 欄位。
+ 當身分來源為 時 Directory Service,發出的值等於使用者在身分驗證期間輸入的使用者名稱。例如,具有使用者名稱 `anyuser@company.com`的使用者可以使用 `anyuser`、 `anyuser@company.com`或 進行身分驗證`company.com/anyuser`,而且在每種情況下,輸入的值都會分別在 CloudTrail 中發出。
**不正確使用者名稱嘗試的安全遮罩**
當記錄的事件是由不正確的使用者名稱輸入所造成的主控台登入失敗時,`UserName` 欄位會包含字串 `HIDDEN_DUE_TO_SECURITY_REASONS`。在這種情況下,CloudTrail 不會記錄內容,因為文字可能包含敏感資訊,如下列範例所述:
+ 使用者不小心在使用者名稱欄位中輸入密碼。
+ 使用者不小心輸入個人電子郵件帳戶的帳戶名稱、銀行登入識別符或其他一些私有 ID。
**提示**
我們建議您使用 `userId`和 `identityStoreArn` 來識別 IAM Identity Center CloudTrail 事件後方的使用者。如果您需要使用 `userName` 欄位,您可以在每次成功登入發出一次的 `additionalEventData`元素`userName`下使用 。
如需如何使用 `UserName` 欄位的其他資訊,請參閱 [關聯相同使用者工作階段中的使用者事件在 IAM Identity Center 和外部目錄之間關聯使用者](sso-cloudtrail-use-cases.md#correlating-users)。
# IAM Identity Center 登入案例的範例事件
下列範例說明各種 AWS 登入案例期間產生的典型 CloudTrail 事件序列。這些範例可做為參考模式,協助您解譯身分驗證日誌、識別安全問題,以及驗證身分驗證政策是否正常運作。
**Topics**
+ [僅使用密碼進行身分驗證時成功登入](#sign-in-events-examples-1)
+ [向外部身分提供者進行身分驗證時成功登入](#sign-in-events-examples-2)
+ [使用密碼和以時間為基礎的一次性密碼 (TOTP) 驗證器應用程式進行身分驗證時成功登入](#sign-in-events-examples-3)
+ [使用密碼進行身分驗證和強制 MFA 註冊時,登入成功](#sign-in-events-examples-4)
+ [由於密碼身分驗證不正確,登入失敗](#sign-in-events-examples-5)
## 僅使用密碼進行身分驗證時成功登入
下列事件序列會擷取僅成功登入密碼的範例。
**CredentialChallenge (密碼)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-07T20:33:58Z",
"eventSource":"signin.amazonaws.com",
"eventName":"CredentialChallenge",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"9de74b32-8362-4a01-a524-de21df59fd83",
"UserName":"bobsmith@example.com",
"CredentialType":"PASSWORD"
},
"requestID":"5be44ffb-6946-4f47-acaf-1adebd4afead",
"eventID":"27ea7725-c1fd-4355-bdba-d0e628e0e604",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"serviceEventDetails":{
"CredentialChallenge":"Success"
}
}
```
**CredentialVerification 成功 (密碼)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-07T20:34:09Z",
"eventSource":"signin.amazonaws.com",
"eventName":"CredentialVerification",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"9de74b32-8362-4a01-a524-de21df59fd83",
"CredentialType":"PASSWORD"
},
"requestID":"f3cf52ad-fd3d-4889-8c15-f18d1a7c7393",
"eventID":"c49640f6-0c8a-43d3-a6e0-900e3bb188d4",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"CredentialVerification":"Success"
}
}
```
**成功的 UserAuthentication (僅限密碼)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-07T20:34:09Z",
"eventSource":"signin.amazonaws.com",
"eventName":"UserAuthentication",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"9de74b32-8362-4a01-a524-de21df59fd83",
"LoginTo":"https://d-1234567890.awsapps.com/start/?state=QVlBQmVGMHFiS0wzWlp1SFgrR25BRnFobU5nQUlnQUJBQk5FWVhSaFVHeGhibVZUZEdGMFpWQmhjbUZ0QUFsUVpYSmxaM0pwYm1VQUFRQUhZWGR6TFd0dGN3QkxZWEp1T21GM2N6cHJiWE02ZFhNdFpXRnpkQzB4T2pjNE9ETTJNVFUxTWpnM056cHJaWGt2TjJOa056Um1PR1l0TnpNME5TMDBabUUxTFdFeU5Ea3RZV0kwTVRreE9UTmhOakkxQUxnQkFnRUFlTDJaOW85cm0xUHNKME05RjZtemdJSXczVU81a0trQy8yZktUWHNUbkx4b0FldytIdzFCK1NuM2NVWitsbncxdGdBQUFBQitNSHdHQ1NxR1NJYjNEUUVIQnFCdk1HMENBUUF3YUFZSktvWklodmNOQVFjQk1CNEdDV0NHU0FGbEF3UUJMakFSQkF5TFJxUDNsUUR6b0txUmlKQUNBUkNBTzRhalR4UUM3cUMvUG1ZUHBJWnRLS2ZlQkRHdmVsNXVJS1REdTkvekRNd2JxRFcxcVBTMDRkZUxST2NGYk96K2xzeGdTdUlKZTVYdiswZWdBZ0FBQUFBTUFBQVFBQUFBQUFBQUFBQUFBQUFBQVB5NEdEdUtWYnBzZWRTYTgvL3MrdEQvLy8vL0FBQUFBUUFBQUFBQUFBQUFBQUFBQVFBQUFGTXNzY3Q2V1QrZjg4N3AvbnlXQUNuQzFweGZaVGZvSjNSVWdhREJOKzNjK2F2NEI5WENxRDM2NkxmcTBzaDIrM3RDQ2J0N2VzMmw0Y1lDcXhwRFM3Y1JnRUxxMjQrVGdZSndvZXZkWW83eFV1bG9sVkJkTWFhcVBSenFyb2ZzNGpFR1FjUT0%3D&auth_code=11OawSqh1qmg4ePRn3DGfmBkWhJ5kYC4t6eFTprUDe8A_h_E75G3iwMNuAvLOs73v5vOaP_xA_PYJikGpt9UJ8kX92vRBCZPubpGegAoz__1fHKwL207gI6MVYEQvMKb2xfMf4qCKedRe0i-BshlIc5OBAA6ftz73M6LsfLWDlfOxviO2K3wet946lC30f_iWdilx-zv__4pSHf7mcUIs&wdc_csrf_token=srAzW1jK4GPYYoR452ruZ38DxEsDY9x81q1tVRSnno5pUjISvP7TqziOLiBLBUSxEjOmQk2XoLlcYolXjOMdiaBoVVBL482Q6iShpDgQcm271KWlODotVsoVADe1tixLr694N70foOPUAuIdi6RxxBSteidgAU7SBZDdfAxeJdqTg45kc4XpnCTKlQiIsrdFShisDnocFsj6EQRDTtEggww2MCXuJBByhpCfUIwg14znJwpR4F9wBw76xyTBBQOv&organization=d-9067230c03®ion=us-east-1",
"CredentialType":"PASSWORD"
},
"requestID":"f3cf52ad-fd3d-4889-8c15-f18d1a7c7393",
"eventID":"e959a95a-2b33-478d-906c-4fe303e8a9f1",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"UserAuthentication":"Success"
}
}
```
## 向外部身分提供者進行身分驗證時成功登入
下列事件序列會擷取使用外部身分提供者透過 SAML 通訊協定進行身分驗證時成功登入的範例。
**成功的 UserAuthentication (外部身分提供者)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-07T20:34:09Z",
"eventSource":"signin.amazonaws.com",
"eventName":"UserAuthentication",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"9de74b32-8362-4a01-a524-de21df59fd83",
"LoginTo":"https://d-1234567890.awsapps.com/start/?state=QVlBQmVGMHFiS0wzWlp1SFgrR25BRnFobU5nQUlnQUJBQk5FWVhSaFVHeGhibVZUZEdGMFpWQmhjbUZ0QUFsUVpYSmxaM0pwYm1VQUFRQUhZWGR6TFd0dGN3QkxZWEp1T21GM2N6cHJiWE02ZFhNdFpXRnpkQzB4T2pjNE9ETTJNVFUxTWpnM056cHJaWGt2TjJOa056Um1PR1l0TnpNME5TMDBabUUxTFdFeU5Ea3RZV0kwTVRreE9UTmhOakkxQUxnQkFnRUFlTDJaOW85cm0xUHNKME05RjZtemdJSXczVU81a0trQy8yZktUWHNUbkx4b0FldytIdzFCK1NuM2NVWitsbncxdGdBQUFBQitNSHdHQ1NxR1NJYjNEUUVIQnFCdk1HMENBUUF3YUFZSktvWklodmNOQVFjQk1CNEdDV0NHU0FGbEF3UUJMakFSQkF5TFJxUDNsUUR6b0txUmlKQUNBUkNBTzRhalR4UUM3cUMvUG1ZUHBJWnRLS2ZlQkRHdmVsNXVJS1REdTkvekRNd2JxRFcxcVBTMDRkZUxST2NGYk96K2xzeGdTdUlKZTVYdiswZWdBZ0FBQUFBTUFBQVFBQUFBQUFBQUFBQUFBQUFBQVB5NEdEdUtWYnBzZWRTYTgvL3MrdEQvLy8vL0FBQUFBUUFBQUFBQUFBQUFBQUFBQVFBQUFGTXNzY3Q2V1QrZjg4N3AvbnlXQUNuQzFweGZaVGZvSjNSVWdhREJOKzNjK2F2NEI5WENxRDM2NkxmcTBzaDIrM3RDQ2J0N2VzMmw0Y1lDcXhwRFM3Y1JnRUxxMjQrVGdZSndvZXZkWW83eFV1bG9sVkJkTWFhcVBSenFyb2ZzNGpFR1FjUT0%3D&auth_code=11OawSqh1qmg4ePRn3DGfmBkWhJ5kYC4t6eFTprUDe8A_h_E75G3iwMNuAvLOs73v5vOaP_xA_PYJikGpt9UJ8kX92vRBCZPubpGegAoz__1fHKwL207gI6MVYEQvMKb2xfMf4qCKedRe0i-BshlIc5OBAA6ftz73M6LsfLWDlfOxviO2K3wet946lC30f_iWdilx-zv__4pSHf7mcUIs&wdc_csrf_token=srAzW1jK4GPYYoR452ruZ38DxEsDY9x81q1tVRSnno5pUjISvP7TqziOLiBLBUSxEjOmQk2XoLlcYolXjOMdiaBoVVBL482Q6iShpDgQcm271KWlODotVsoVADe1tixLr694N70foOPUAuIdi6RxxBSteidgAU7SBZDdfAxeJdqTg45kc4XpnCTKlQiIsrdFShisDnocFsj6EQRDTtEggww2MCXuJBByhpCfUIwg14znJwpR4F9wBw76xyTBBQOv&organization=d-9067230c03®ion=us-east-1",
"CredentialType":"EXTERNAL_IDP",
"UserName":"bobsmith@example.com"
},
"requestID":"f3cf52ad-fd3d-4889-8c15-f18d1a7c7393",
"eventID":"e959a95a-2b33-478d-906c-4fe303e8a9f1",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"UserAuthentication":"Success"
}
}
```
## 使用密碼和以時間為基礎的一次性密碼 (TOTP) 驗證器應用程式進行身分驗證時成功登入
下列事件序列會擷取範例,其中在登入期間需要多重要素驗證,且使用者已成功使用密碼和 TOTP 驗證器應用程式登入。
**CredentialChallenge (密碼)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-08T20:40:13Z",
"eventSource":"signin.amazonaws.com",
"eventName":"CredentialChallenge",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"303486b5-fce1-4d59-ba1d-eb3acb790729",
"CredentialType":"PASSWORD",
"UserName":"bobsmith@example.com"
},
"requestID":"e454ea66-1027-4d00-9912-09c0589649e1",
"eventID":"d89cc0b5-a23a-4b88-843a-89329aeaef2e",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"CredentialChallenge":"Success"
}
}
```
**成功的 CredentialVerification (密碼)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-08T20:40:20Z",
"eventSource":"signin.amazonaws.com",
"eventName":"CredentialVerification",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"303486b5-fce1-4d59-ba1d-eb3acb790729",
"CredentialType":"PASSWORD"
},
"requestID":"92c4ac90-0d9b-452d-95d5-728487612f5e",
"eventID":"4533fd49-6669-4d0b-b272-a0b2139309a8",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"CredentialVerification":"Success"
}
}
```
**CredentialChallenge (TOTP)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-08T20:40:20Z",
"eventSource":"signin.amazonaws.com",
"eventName":"CredentialChallenge",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"303486b5-fce1-4d59-ba1d-eb3acb790729",
"CredentialType":"TOTP"
},
"requestID":"92c4ac90-0d9b-452d-95d5-728487612f5e",
"eventID":"29202f08-f240-40cc-b789-c0cea8a27847",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"CredentialChallenge":"Success"
}
}
```
**成功 CredentialVerification (TOTP)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-08T20:40:27Z",
"eventSource":"signin.amazonaws.com",
"eventName":"CredentialVerification",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"303486b5-fce1-4d59-ba1d-eb3acb790729",
"CredentialType":"TOTP"
},
"requestID":"c40a691f-eeb1-4352-b286-5e909f96f318",
"eventID":"e889ff1d-fcaf-454f-805d-7132cf2362a4",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"CredentialVerification":"Success"
}
}
```
**成功的 UserAuthentication (密碼 \$1 TOTP)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-08T20:40:27Z",
"eventSource":"signin.amazonaws.com",
"eventName":"UserAuthentication",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"303486b5-fce1-4d59-ba1d-eb3acb790729",
"LoginTo":"https://d-1234567890.awsapps.com/start/?state\u003dQVlBQmVLeFhWeDRmZFJmMmxHcWYwdzhZck5RQUlnQUJBQk5FWVhSaFVHeGhibVZUZEdGMFpWQmhjbUZ0QUFsUVpYSmxaM0pwYm1VQUFRQUhZWGR6TFd0dGN3QkxZWEp1T21GM2N6cHJiWE02ZFhNdFpXRnpkQzB4T2pjNE9ETTJNVFUxTWpnM056cHJaWGt2TjJOa056Um1PR1l0TnpNME5TMDBabUUxTFdFeU5Ea3RZV0kwTVRreE9UTmhOakkxQUxnQkFnRUFlTDJaOW85cm0xUHNKME05RjZtemdJSXczVU81a0trQy8yZktUWHNUbkx4b0FjT3lLZ2RQUFBTRzN6d2l0WmJOSFVRQUFBQitNSHdHQ1NxR1NJYjNEUUVIQnFCdk1HMENBUUF3YUFZSktvWklodmNOQVFjQk1CNEdDV0NHU0FGbEF3UUJMakFSQkF3aHFPL1ZoaFU4bmJFaEoxZ0NBUkNBTzJYZ0xpem12MlJoM3lnRGJaQ2dUcUZlbk5iWGN2ZWVzUjV6WmpLeXZUVnBwTjk2ZGVUZ3plcURod3hRMmNTR1pkTnBVd1RWWWFxbGp2akRBZ0FBQUFBTUFBQVFBQUFBQUFBQUFBQUFBQUFBQUxhZjZTVnRvMlFKWWt0Q0crWjd6NnIvLy8vL0FBQUFBUUFBQUFBQUFBQUFBQUFBQVFBQUFGUFhUR3dad0NheXAwUlZBQjJOelZsZnJ1aEdEOUNPeDNqMENBakdseU9DSWxFejlnZWRqcUZxUHZnUzIrN1ltZE84R1BvN21FQ0sybnBqdm13enozWEdBdnJFcVNzZ2RVQVBReXFpcS9oWTdFaUxhZHBYclhYZDlKeUkxZGJ4K3k3Wk80WT0%3D\u0026auth_code\u003d11Fir1mCVJ-4Y5UY6RI10UCXvRePCHd6195xvYg1rwo1Pj7B-7UGIGlYUUVe31Nkzd7ihxKn6DMdnFfO01O8qc3RFR8FUd1w8Z91Txh_4i9y47-Sx-pjBXKG_jUcvBk_UILdGytV4o1u97h42B-TA_6uwdmJiw1dcCz_Rv44d_BS0PkulW-5LVJy1oeP1H0FPPMeheyuk5Uy48d5of9-c\u0026wdc_csrf_token\u003dNMlui44guoVnxRd0qu2tYJIdyyFPX6SDRNTspIScfMM0AgFbho1nvvCaxPTghHbgHCRIXdffFtzH0sL1ow419BobnmqBsnJNx17h3kujsGzt9DJFaJCgbZQOF7pSbr1pHVMGg1MOOvniFekN6YmJ2CB1FeKUBbfNAz2bGZYnXrXQe6bTenIh5f0Pu9lhZJZ5KDQVka7afWFqOaQCzLEFwgATcJ44N6YcmmZBJbKHx3gyEDMzkwRuNJrwjoVpkmDH\u0026organization\u003dd-9067230c03\u0026region\u003dus-east-1",
"CredentialType":"PASSWORD,TOTP"
},
"requestID":"c40a691f-eeb1-4352-b286-5e909f96f318",
"eventID":"7a8c8725-db2f-488d-a43e-788dc6c73a4a",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"UserAuthentication":"Success"
}
}
```
## 使用密碼進行身分驗證和強制 MFA 註冊時,登入成功
以下一系列事件示範成功的密碼身分驗證,其中使用者必須先註冊並成功完成多重要素身分驗證 (MFA),才能完成其登入程序。
**CredentialChallenge (密碼)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-09T01:24:02Z",
"eventSource":"signin.amazonaws.com",
"eventName":"CredentialChallenge",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"76d8a26d-ad9c-41a4-90c3-d607cdd7155c",
"CredentialType":"PASSWORD",
"UserName":"bobsmith@example.com"
},
"requestID":"321f4b13-42b5-4005-a0f7-826cad26d159",
"eventID":"8c707b0f-e45a-4a9c-bee2-ff68638d2f1b",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"CredentialChallenge":"Success"
}
}
```
**成功的 CredentialVerification (密碼)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-09T01:24:09Z",
"eventSource":"signin.amazonaws.com",
"eventName":"CredentialVerification",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"76d8a26d-ad9c-41a4-90c3-d607cdd7155c",
"CredentialType":"PASSWORD"
},
"requestID":"12b57efa-0a92-4479-91a3-5b6641817c21",
"eventID":"783b0c89-7142-4942-8b84-6ee0de1b992e",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"CredentialVerification":"Success"
}
}
```
**成功的 UserAuthentication (需要密碼 \$1 MFA 註冊)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"IdentityCenterUser",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
"onBehalfOf": {
"userId": "94d00cd8-e9e6-4810-b177-b08e84725435",
"identityStoreArn": "arn:aws:identitystore::111122223333:identitystore/d-1234567890"
},
"credentialId" : "8f761cae-883d-4a3d-af67-3abf46488f71"
},
"eventTime":"2020-12-09T01:24:14Z",
"eventSource":"signin.amazonaws.com",
"eventName":"UserAuthentication",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"76d8a26d-ad9c-41a4-90c3-d607cdd7155c",
"LoginTo":"https://d-1234567890.awsapps.com/start/?state\u003dQVlBQmVGQ3VqdHF5aW9CUDdrNXRTVTJUaWNnQUlnQUJBQk5FWVhSaFVHeGhibVZUZEdGMFpWQmhjbUZ0QUFsUVpYSmxaM0pwYm1VQUFRQUhZWGR6TFd0dGN3QkxZWEp1T21GM2N6cHJiWE02ZFhNdFpXRnpkQzB4T2pjNE9ETTJNVFUxTWpnM056cHJaWGt2TjJOa056Um1PR1l0TnpNME5TMDBabUUxTFdFeU5Ea3RZV0kwTVRreE9UTmhOakkxQUxnQkFnRUFlTDJaOW85cm0xUHNKME05RjZtemdJSXczVU81a0trQy8yZktUWHNUbkx4b0FSOVdDcXQ5bUxQeUJ2dFhJNTNFaGhvQUFBQitNSHdHQ1NxR1NJYjNEUUVIQnFCdk1HMENBUUF3YUFZSktvWklodmNOQVFjQk1CNEdDV0NHU0FGbEF3UUJMakFSQkF6Y0FYakw5TE1mdjh5a3owc0NBUkNBT3p5cTd4TXdzTFh3WnJ4dFNvVUF0MXVEU3J1WVBPWGc0UGFhNTNZQWxqamI2VFVyOGRYNjhpRDVoRCs3VVIrWVZUck1YOThsRGJCMmNHNHpBZ0FBQUFBTUFBQVFBQUFBQUFBQUFBQUFBQUFBQU03N1hhMlp4R1MzRUppT2xSY3ZRUnYvLy8vL0FBQUFBUUFBQUFBQUFBQUFBQUFBQVFBQUFGTVNpc3RSRGR6c0FmZmgwbHhsYks2RjZSNTg1NmdOZTRsaWxsT2x1QmVKZVRSRGtrVkVJRVl0Y0t4eFliRDJoV0JsUG9VbElCb01UYy9XbVNyRE1WU2JzcEl0ZXFMMVdxN2MrT2RRUXZFWEdHRUdkRXFpNHFpdmlmQmJhU2V1bGtmSERBOD0%3D\u0026auth_code\u003d11eZ80S_maUsZ7ABETjeQhyWfvIHYz52rgR28sYAKN1oEk2G07czrwzXvE9HLlN2K9De8LyBEV83SFeDQfrWpkwXfaBc2kNR125q_9JkiAeID3_5NkgvDEastjRV_mpFk0sf__0jRcr8vRm-FJyJqkoGrt_w6rm_MpAn0uyrVq8udY EgU3fhOL3QWvWiquYnDPMyPmmy_qkZgR9rz__BI\u0026wdc_csrf_token\u003dJih9U62o5LQDtYLNqCK8a6xj0gJg5BRWq2tbl75y8vAmwZhAqrgrgbxXat2M646UZGp93krw7WYQdHIgi5OYI9QSckf4aovh0maPetDfTj5twOa6FcUKKzMSMBkhJEwiMKgQ1ncaZTPRhdV8o53cyzTYPtZNp0KgrmxlLyZVscVnECUKogJxllWy67XU7po8K68iFqOCq5IGuAbv6zdblbQpaIR2OjgdHZgCjrPNFTUhaabhpOFtXdQNPDArJna1\u0026organization\u003dd-9067230c03\u0026region\u003dus-east-1",
"CredentialType":"PASSWORD",
"DeviceEnrollmentRequired":"true"
},
"requestID":"74d24604-a365-4237-8c4a-350795494b92",
"eventID":"a15bf257-7f37-46c0-b67c-fea5fa6166be",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"UserAuthentication":"Success"
}
}
```
## 由於密碼身分驗證不正確,登入失敗
以下一系列事件示範身分驗證嘗試,其中使用者成功輸入使用者名稱,但密碼驗證步驟失敗,導致登入失敗。
**CredentialChallenge (密碼)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"Unknown",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
},
"eventTime":"2020-12-08T18:56:15Z",
"eventSource":"signin.amazonaws.com",
"eventName":"CredentialChallenge",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"adbf67c4-8188-4e2b-8527-fe539e328fa7",
"CredentialType":"PASSWORD",
"UserName":"bobsmith@example.com"
},
"requestID":"f54848ea-b1aa-402f-bf0d-a54561a2ffcc",
"eventID":"d96f1d6c-dbd9-4a0b-9a45-6a2b66078c78",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"CredentialChallenge":"Success"
}
}
```
**CredentialVerification失敗 (密碼)**
```
{
"eventVersion":"1.08",
"userIdentity":{
"type":"Unknown",
"arn":"",
"accountId":"111122223333",
"accessKeyId":"",
},
"eventTime":"2020-12-08T18:56:21Z",
"eventSource":"signin.amazonaws.com",
"eventName":"CredentialVerification",
"awsRegion":"us-east-1",
"sourceIPAddress":"203.0.113.0",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36",
"requestParameters":null,
"responseElements":null,
"additionalEventData":{
"AuthWorkflowID":"adbf67c4-8188-4e2b-8527-fe539e328fa7",
"CredentialType":"PASSWORD"
},
"requestID":"04528c82-a678-4a1f-a56d-ea2c6445a72a",
"eventID":"9160fe06-fc2a-474f-9b78-000ee067a09d",
"readOnly":false,
"eventType":"AwsServiceEvent",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"111122223333",
"serviceEventDetails":{
"CredentialVerification":"Failure"
}
}
```