Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
# CloudTrail exemples de fichiers journaux pour les compartiments de répertoires
Un fichier CloudTrail journal contient des informations sur l'opération d'API demandée, la date et l'heure de l'opération, les paramètres de la demande, etc. Cette rubrique contient des exemples d'événements de CloudTrail données et d'événements de gestion pour les compartiments d'annuaire.
**Topics**
+ [CloudTrail exemples de fichiers journaux d'événements de données pour les compartiments de répertoires](#example-ct-log-s3express)
## CloudTrail exemples de fichiers journaux d'événements de données pour les compartiments de répertoires
L'exemple suivant montre un exemple de fichier CloudTrail journal qui illustre [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html).
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "{{AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName}}",
"arn": "arn:aws:sts::{{111122223333assumed-role/RoleToBeAssumed/MySessionName}}",
"accountId": "{{111122223333}}",
"accessKeyId": "{{AKIAIOSFODNN7EXAMPLE}}",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "{{AROAIDPPEZS35WEXAMPLE}}",
"arn": "arn:aws:iam::{{111122223333:role/RoleToBeAssumed}}",
"accountId": "{{111122223333}}",
"userName":"{{RoleToBeAssumed}}
},
"attributes": {
"creationDate": "2024-07-02T00:21:16Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-07-02T00:22:11Z",
"eventSource": "s3express.amazonaws.com",
"eventName": "CreateSession",
"awsRegion": "{{us-west-2}}",
"sourceIPAddress": "72.21.198.68",
"userAgent": "aws-sdk-java/2.20.160-SNAPSHOT Linux/5.10.216-225.855.amzn2.x86_64 OpenJDK_64-Bit_Server_VM/11.0.23+9-LTS Java/11.0.23 vendor/Amazon.com_Inc. md/internal exec-env/AWS_Lambda_java11 io/sync http/Apache cfg/retry-mode/standard",
"requestParameters": {
"bucketName": {{"bucket-base-name--usw2-az1}}--x-s3".
"host": {{"bucket-base-name--usw2-az1}}--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com",
"x-amz-create-session-mode": "ReadWrite"
},
"responseElements": {
"credentials": {
"accessKeyId": "AKIAI44QH8DHBEXAMPLE"
"expiration": ""Mar 20, 2024, 11:16:09 PM",
"sessionToken": ""
},
},
"additionalEventData": {
"SignatureVersion": "SigV4",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"bytesTransferredIn": 0,
"AuthenticationMethod": "AuthHeader",
"xAmzId2": "q6xhNJYmhg",
"bytesTransferredOut": 1815,
"availabilityZone": "usw2-az1"
},
"requestID": "28d2faaf-3319-4649-998d-EXAMPLE72818",
"eventID": "694d604a-d190-4470-8dd1-EXAMPLEe20c1",
"readOnly": true,
"resources": [
{
"type": "AWS::S3Express::Object",
"ARNPrefix": "arn:aws:s3express:{{us-west-2:111122223333:bucket-base-name--usw2-az1}}--x-s3"
},
{
"accountId": "111122223333"
"type": "AWS::S3Express::DirectoryBucket",
"ARN": "arn:aws:s3express:{{us-west-2:111122223333:bucket-base-name--usw2-az1}}--x-s3"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "111122223333",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bucket-base-name--usw2-az1--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com"
}
}
```
Pour utiliser les opérations d’API de point de terminaison zonal (opérations de niveau objet ou plan de données), optez pour l’opération d’API `CreateSession` pour créer et gérer des sessions optimisées afin d’autoriser les demandes de données à faible latence. Vous pouvez également utiliser `CreateSession` pour réduire le volume de journalisation. Pour identifier les opérations d’API zonales effectuées au cours d’une session, vous pouvez faire correspondre l’`accessKeyId` sous `responseElements` dans votre fichier journal `CreateSession` à l’`accessKeyId` dans le fichier journal des autres opérations d’API zonales. Pour plus d’informations, consultez [Autorisation `CreateSession`](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-create-session.html).
L'exemple suivant montre un exemple de fichier CloudTrail journal qui illustre l'opération d'[https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)API authentifiée par`CreateSession`.
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "{{AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName}}",
"arn": "arn:aws:sts::{{111122223333assumed-role/RoleToBeAssumed/MySessionName}}",
"accountId": "{{111122223333}}",
"accessKeyId": "AKIAI44QH8DHBEXAMPLE",
"sessionContext": {
"attributes": {
"creationDate": "2024-07-02T00:21:49Z"
}
}
},
"eventTime": "2024-07-02T00:22:01Z",
"eventSource": "s3express.amazonaws.com",
"eventName": "GetObject",
"awsRegion": "us-west-2",
"sourceIPAddress": "72.21.198.68",
"userAgent": "aws-sdk-java/2.25.66 Linux/5.10.216-225.855.amzn2.x86_64 OpenJDK_64-Bit_Server_VM/17.0.11+9-LTS Java/17.0.11 vendor/Amazon.com_Inc. md/internal exec-env/AWS_Lambda_java17 io/sync http/Apache cfg/retry-mode/legacy",
"requestParameters": {
"bucketName": {{"bucket-base-name--usw2-az1}}--x-s3",
"x-amz-checksum-mode": "ENABLED",
"Host": {{"bucket-base-name--usw2-az1}}--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com",
"key": "test-get-obj-with-checksum"
},
"responseElements": null,
"additionalEventData": {
"SignatureVersion": "Sigv4",
"CipherSuite": "TLS_AES_128_GCM_SHA256",
"bytesTransferredIn": 0,
"AuthenticationMethod": "AuthHeader",
"x-amz-id-2": "oOy6w8K7LFsyFN",
"bytesTransferredOut": 9,
"availabilityZone": "usw2-az1",
"sessionModeApplied": "ReadWrite"
},
"requestID": "28d2faaf-3319-4649-998d-EXAMPLE72818",
"eventID": "694d604a-d190-4470-8dd1-EXAMPLEe20c1",
"readOnly": true,
"resources": [
{
"type": "AWS::S3Express::Object",
"ARNPrefix": "arn:aws:s3express:{{us-west-2:111122223333:bucket-base-name--usw2-az1}}--x-s3"
},
{
"accountId": "111122223333",
"type": "AWS::S3Express::DirectoryBucket",
"ARN": "arn:aws:s3express:{{us-west-2:111122223333:bucket-base-name--usw2-az1}}--x-s3"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "111122223333",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bucket-base-name--usw2-az1--x-s3.s3express-usw2-az1.us-west-2.amazonaws.com"
}
}
```
Dans l'exemple de fichier `GetObject` journal ci-dessus, le `accessKeyId` (AKIAI44QH8DHBEXAMPLE) correspond `responseElements` à l'`accessKeyId`exemple de fichier CreateSession journal ci-dessous. La correspondance de l’`accessKeyId` indique la session au cours de laquelle l’opération `GetObject` a été effectuée.
L'exemple suivant montre une entrée de CloudTrail journal qui illustre une `DeleteObjects` action sur un compartiment de répertoire, invoqué par S3 Lifecycle. Pour de plus amples informations, veuillez consulter [https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html).
```
eventVersion:"1.09",
userIdentity:{
type:"AWSService",
invokedBy:"lifecycle.s3.amazonaws.com"
},
eventTime:"2024-09-11T00:55:54Z",
eventSource:"s3express.amazonaws.com",
eventName:"DeleteObjects",
awsRegion:"us-east-2",
sourceIPAddress:"lifecycle.s3.amazonaws.com",
userAgent:"gamma.lifecycle.s3.amazonaws.com",
requestParameters:{
bucketName:"amzn-s3-demo-bucket--use2-az2--x-s3",
'x-amz-expected-bucket-owner':"637423581905",
Host:"amzn-s3-demo-bucket--use2-az2--x-s3.gamma.use2-az2.express.s3.aws.dev",
delete:"",
'x-amz-sdk-checksum-algorithm':"CRC32C"
},
responseElements:null,
additionalEventData:{
SignatureVersion:"Sigv4",
CipherSuite:"TLS_AES_128_GCM_SHA256",
bytesTransferredIn:41903,
AuthenticationMethod:"AuthHeader",
'x-amz-id-2':"9H5YWZY0",
bytesTransferredOut:35316,
availabilityZone:"use2-az2",
sessionModeApplied:"ReadWrite"
},
requestID:"011eeadd04000191",
eventID:"d3d8b116-219d-4ee6-a072-5f9950733c74",
readOnly:false,
resources:[
{
type:"AWS::S3Express::Object",
ARNPrefix:"arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3/"
},
{
accountId:"637423581905",
type:"AWS::S3Express::DirectoryBucket",
ARN:"arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3"
}
],
eventType:"AwsApiCall",
managementEvent:false,
recipientAccountId:"637423581905",
sharedEventID:"59f877ac-1dd9-415d-b315-9bb8133289ce",
eventCategory:"Data"
}
```
L'exemple suivant montre une entrée de CloudTrail journal qui illustre une `Access Denied` demande concernant une `CreateSession` action invoquée par S3 Lifecycle. Pour de plus amples informations, veuillez consulter [https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html).
```
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AWSService",
"invokedBy": "gamma.lifecycle.s3.amazonaws.com"
},
"eventTime": "2024-09-11T18:13:08Z",
"eventSource": "s3express.amazonaws.com",
"eventName": "CreateSession",
"awsRegion": "us-east-2",
"sourceIPAddress": "gamma.lifecycle.s3.amazonaws.com",
"userAgent": "gamma.lifecycle.s3.amazonaws.com",
"errorCode": "AccessDenied",
"errorMessage": "Access Denied",
"requestParameters": {
"bucketName": "amzn-s3-demo-bucket--use2-az2--x-s3",
"Host": "amzn-s3-demo-bucket--use2-az2--x-s3.gamma.use2-az2.express.s3.aws.dev",
"x-amz-create-session-mode": "ReadWrite",
"x-amz-server-side-encryption": "AES256"
},
"responseElements": null,
"additionalEventData": {
"SignatureVersion": "Sigv4",
"CipherSuite": "TLS_AES_128_GCM_SHA256",
"bytesTransferredIn": 0,
"AuthenticationMethod": "AuthHeader",
"x-amz-id-2": "zuDDC1VNbC4LoNwUIc5",
"bytesTransferredOut": 210,
"availabilityZone": "use2-az2"
},
"requestID": "010932f174000191e24a0",
"eventID": "dce7cc46-4cd3-46c0-9a47-d1b8b70e301c",
"readOnly": true,
"resources": [{
"type": "AWS::S3Express::Object",
"ARNPrefix": "arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3/"
},
{
"accountId": "637423581905",
"type": "AWS::S3Express::DirectoryBucket",
"ARN": "arn:aws:s3express:us-east-2:637423581905:bucket/amzn-s3-demo-bucket--use2-az2--x-s3"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "637423581905",
"sharedEventID": "da96b5bd-6066-4a8d-ad8d-f7f427ca7d58",
"eventCategory": "Data"
}
```