2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Am I correct that you followed the procedure in this document?
I believe you can also check the DeleteObjects record if you set this up.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-examples
I have masked some account IDs, etc., but the following DeleteObjects event is recorded in CloudWatch Logs in my environment.
However, object details are not displayed.
If you want to check the details of an object, it is better to set up an access log with an S3 bucket.
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "xxxxxxxxxxxxxxx",
"arn": "arn:aws:sts::xxxxxxxxxxxx:assumed-role/xxxxxxxxxx",
"accountId": "xxxxxxxxxxx",
"accessKeyId": "xxxxxxxxxxxxx",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "xxxxxxxxxxxxx",
"arn": "arn:aws:iam::xxxxxxxxxxxxx:role/xxxxxxxxxxxxxx",
"accountId": "xxxxxxxxxxxxxx",
"userName": "xxxxxxxxxxxxxx"
},
"attributes": {
"creationDate": "2023-07-10T00:41:25Z",
"mfaAuthenticated": "true"
}
}
},
"eventTime": "2023-07-10T00:56:26Z",
"eventSource": "s3.amazonaws.com",
"eventName": "DeleteObjects",
"awsRegion": "ap-northeast-1",
"sourceIPAddress": "xxxxxxxxxxxxxx",
"userAgent": "[S3Console/0.4, aws-internal/3 aws-sdk-java/1.12.488 Linux/5.4.247-169.350.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.372-b08 java/1.8.0_372 vendor/Oracle_Corporation cfg/retry-mode/standard]",
"requestParameters": {
"bucketName": "xxxxxxxxxxxxxxxx",
"Host": "s3.ap-northeast-1.amazonaws.com",
"delete": ""
},
"responseElements": null,
"additionalEventData": {
"SignatureVersion": "SigV4",
"CipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"bytesTransferredIn": 0,
"AuthenticationMethod": "AuthHeader",
"x-amz-id-2": "xxxxxxxxxxxxxxxxxxxxxxx",
"bytesTransferredOut": 0
},
"requestID": "xxxxxxxxxxxxxxx",
"eventID": "xxxxxxxxxxxxxx",
"readOnly": false,
"resources": [
{
"type": "AWS::S3::Object",
"ARNPrefix": "arn:aws:s3:::xxxxxxxxxxxxxxx/"
},
{
"accountId": "xxxxxxxxxxxxx",
"type": "AWS::S3::Bucket",
"ARN": "arn:aws:s3:::xxxxxxxxxxxxxxxx"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "xxxxxxxxxxx",
"vpcEndpointId": "xxxxxxxxxxxxx",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "s3.ap-northeast-1.amazonaws.com"
}
}
関連するコンテンツ
- AWS公式更新しました 3年前
- AWS公式更新しました 3年前