1 個回答
- 最新
- 最多得票
- 最多評論
0
You can usually infer the resource from the contents of requestParameters
or in the responseElements
, but the contents will vary widely depending on the API call. There is no single attribute in the CloudTrail output that always indicates which resource(s) are related.
相關內容
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 8 個月前
Inferring from your answer, do we have to manually map the attribute for different type of events. For example:
CreateBucket: requestParameters.bucketName (name will be obtained and not an ARN)
GetBucketAcl "requestParameters": { "bucketName": "aws-cloudtrail-logs-21748-f0b24d76", "Host": "aws-cloudtrail-logs-21748-f0b24d76.s3.us-east-1.amazonaws.com", "acl": "" }, "responseElements": null,
requestParameters.bucketName (name will be obtained and not an ARN)
AttachRolePolicy "requestParameters": { "roleName": "s3crr_role_for_poc-s3_3", "policyArn": "arn:aws:iam::40385534:policy/service-role/s3crr_for_poc-s3_a3a10f" }, "responseElements": null,
requestParameters.policyArn will be obtained but (roleName will be obtained and not an ARN of role)
Is there any way to get exact arn of resources??