2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Am I correct that you followed the procedure in this document?
I believe you can also check the DeleteObjects record if you set this up.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-examples
I have masked some account IDs, etc., but the following DeleteObjects event is recorded in CloudWatch Logs in my environment.
However, object details are not displayed.
If you want to check the details of an object, it is better to set up an access log with an S3 bucket.
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "xxxxxxxxxxxxxxx",
"arn": "arn:aws:sts::xxxxxxxxxxxx:assumed-role/xxxxxxxxxx",
"accountId": "xxxxxxxxxxx",
"accessKeyId": "xxxxxxxxxxxxx",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "xxxxxxxxxxxxx",
"arn": "arn:aws:iam::xxxxxxxxxxxxx:role/xxxxxxxxxxxxxx",
"accountId": "xxxxxxxxxxxxxx",
"userName": "xxxxxxxxxxxxxx"
},
"attributes": {
"creationDate": "2023-07-10T00:41:25Z",
"mfaAuthenticated": "true"
}
}
},
"eventTime": "2023-07-10T00:56:26Z",
"eventSource": "s3.amazonaws.com",
"eventName": "DeleteObjects",
"awsRegion": "ap-northeast-1",
"sourceIPAddress": "xxxxxxxxxxxxxx",
"userAgent": "[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.4.247-169.350.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]",
"requestParameters": {
"bucketName": "xxxxxxxxxxxxxxxx",
"Host": "s3.ap-northeast-1.amazonaws.com",
"delete": ""
},
"responseElements": null,
"additionalEventData": {
"SignatureVersion": "SigV4",
"CipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"bytesTransferredIn": 0,
"AuthenticationMethod": "AuthHeader",
"x-amz-id-2": "xxxxxxxxxxxxxxxxxxxxxxx",
"bytesTransferredOut": 0
},
"requestID": "xxxxxxxxxxxxxxx",
"eventID": "xxxxxxxxxxxxxx",
"readOnly": false,
"resources": [
{
"type": "AWS::S3::Object",
"ARNPrefix": "arn:aws:s3:::xxxxxxxxxxxxxxx/"
},
{
"accountId": "xxxxxxxxxxxxx",
"type": "AWS::S3::Bucket",
"ARN": "arn:aws:s3:::xxxxxxxxxxxxxxxx"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "xxxxxxxxxxx",
"vpcEndpointId": "xxxxxxxxxxxxx",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "s3.ap-northeast-1.amazonaws.com"
}
}
Contenuto pertinente
- AWS UFFICIALEAggiornata 4 mesi fa
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 3 anni fa