本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 了解智慧卡使用者的 AWS 登入事件
AWS CloudTrail 會記錄智慧卡使用者成功和失敗的登入事件。這包括每次提示使用者解決特定憑證挑戰或要素時擷取的登入事件,以及該特定憑證驗證請求的狀態。使用者只會在完成所有必要的憑證挑戰後才會登入,這會導致 `UserAuthentication` 事件被記錄。
下表擷取每個登入 CloudTrail 事件名稱及其目的。
| 事件名稱 | 事件目的 |
| --- | --- |
| `CredentialChallenge` | 通知 AWS 登入已請求使用者解決特定的登入資料挑戰`CredentialType`,並指定必要的 (例如,SMARTCARD)。 |
| `CredentialVerification` | 通知使用者已嘗試解決特定 `CredentialChallenge` 請求,並指定該憑證是成功還是失敗。 |
| `UserAuthentication` | 通知使用者遭到挑戰的所有驗證需求都已成功完成,且使用者已成功登入。當使用者無法順利完成所需的憑證挑戰時,不會記錄任何 `UserAuthentication` 事件。 |
下表擷取特定登入 CloudTrail 事件中包含的其他實用事件資料欄位。
| 事件名稱 | 事件目的 | 登入事件適用性 | 範例值 |
| --- | --- | --- | --- |
| `AuthWorkflowID` | 使整個登入序列中發出的所有事件產生關聯。對於每次使用者登入, AWS 登入可以發出多個事件。 | `CredentialChallenge`, `CredentialVerification`, `UserAuthentication` | "AuthWorkflowID": "9de74b32-8362-4a01-a524-de21df59fd83" |
| `CredentialType` | 通知使用者已嘗試解決特定 `CredentialChallenge` 請求,並指定該憑證是成功還是失敗。 | `CredentialChallenge`, `CredentialVerification`, `UserAuthentication` | CredentialType": "SMARTCARD" (現今可能的值:SMARTCARD) |
| `LoginTo` | 通知使用者遭到挑戰的所有驗證需求都已成功完成,且使用者已成功登入。當使用者無法順利完成所需的憑證挑戰時,不會記錄任何 `UserAuthentication` 事件。 | `UserAuthentication` | "LoginTo": "https://skylight.local“ |
## AWS 登入案例的範例事件
下列範例顯示不同登入案例中 CloudTrail 事件的預期序列。
**Topics**
+ [使用智慧卡驗證時登入成功](#successful-signin)
+ [僅使用智慧卡驗證時登入失敗](#failed-signin)
### 使用智慧卡驗證時登入成功
下列事件序列會擷取智慧卡登入成功的範例。
**CredentialChallenge**
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "509318101470",
"arn": "",
"accountId": "509318101470",
"accessKeyId": ""
},
"eventTime": "2021-07-30T17:23:29Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CredentialChallenge",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e",
"CredentialType": "SMARTCARD"
},
"requestID": "65551a6d-654a-4be8-90b5-bbfef7187d3a",
"eventID": "fb603838-f119-4304-9fdc-c0f947a82116",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"eventCategory": "Management",
"recipientAccountId": "509318101470",
"serviceEventDetails": {
CredentialChallenge": "Success"
}
}
```
**成功的 CredentialVerification**
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "509318101470",
"arn": "",
"accountId": "509318101470",
"accessKeyId": ""
},
"eventTime": "2021-07-30T17:23:39Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CredentialVerification",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e",
"CredentialType": "SMARTCARD"
},
"requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5",
"eventID": "84c0a2ff-413f-4d0f-9108-f72c90a41b6c",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"eventCategory": "Management",
"recipientAccountId": "509318101470",
"serviceEventDetails": {
CredentialVerification": "Success"
}
}
```
**成功的 UserAuthentication**
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "509318101470",
"arn": "",
"accountId": "509318101470",
"accessKeyId": ""
},
"eventTime": "2021-07-30T17:23:39Z",
"eventSource": "signin.amazonaws.com",
"eventName": "UserAuthentication",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "6602f256-3b76-4977-96dc-306a7283269e",
"LoginTo": "https://skylight.local",
"CredentialType": "SMARTCARD"
},
"requestID": "81869203-1404-4bf2-a1a4-3d30aa08d8d5",
"eventID": "acc0dba8-8e8b-414b-a52d-6b7cd51d38f6",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"eventCategory": "Management",
"recipientAccountId": "509318101470",
"serviceEventDetails": {
UserAuthentication": "Success"
}
}
```
### 僅使用智慧卡驗證時登入失敗
下列事件序列會擷取智慧卡登入失敗的範例。
**CredentialChallenge**
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "509318101470",
"arn": "",
"accountId": "509318101470",
"accessKeyId": ""
},
"eventTime": "2021-07-30T17:23:06Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CredentialChallenge",
"awaRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb",
"CredentialType": "SMARTCARD"
},
"requestID": "73eb499d-91a8-4c18-9c5d-281fd45ab50a",
"eventID": "f30a50ec-71cf-415a-a5ab-e287edc800da",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"eventCategory": "Management",
"recipientAccountId": "509318101470",
"serviceEventDetails": {
CredentialChallenge": "Success"
}
}
```
**失敗的 CredentialVerification**
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "509318101470",
"arn": "",
"accountId": "509318101470",
"accessKeyId": ""
},
"eventTime": "2021-07-30T17:23:13Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CredentialVerification",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "73dfd26b-f812-4bd2-82e9-0b2abb358cdb",
"CredentialType": "SMARTCARD"
},
"requestID": "051ca316-0b0d-4d38-940b-5fe5794fda03",
"eventID": "4e6fbfc7-0479-48da-b7dc-e875155a8177",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"eventCategory": "Management",
"recipientAccountId": "509318101470",
"serviceEventDetails": {
CredentialVerification": "Failure"
}
}
```