DynamoDB包含CloudTrail集成.它从帐户中捕获来自或用于DynamoDB的低级API请求,并将日志文件发送到指定的S3存储桶.它针对来自控制台或API的调用.您可以使用此数据来确定发出的请求及其来源,用户,时间戳等.
启用后,它会跟踪日志文件中的操作,其中包括其他服务记录.它支持八个动作和两个流 :
八个动作如下 :
CreateTable
DeleteTable
DescribeTable
ListTables
UpdateTable
DescribeReservedCapacity
DescribeReservedCapacityOfferings
PurchaseReservedCapacityOfferings
同时,两个流是 :
DescribeStream
ListStreams
所有日志都包含有关发出请求的帐户的信息.您可以确定详细信息,例如root用户或IAM用户是否发出了请求,或者是否使用临时凭证或联合.
日志文件在您指定的时间内保留在存储中,并具有归档设置和删除.默认创建加密日志.您可以为新日志设置警报.您还可以将跨区域和帐户的多个日志组织到一个存储桶中.
解释日志文件
每个文件包含一个或多个条目.每个条目都包含多个JSON格式事件.条目表示请求,并包括相关信息;不保证订单.
您可以查看以下示例日志文件 :
{"Records": [ { "eventVersion": "5.05", "userIdentity": { "type": "AssumedRole", "principalId": "AKTTIOSZODNN8SAMPLE:jane", "arn": "arn:aws:sts::155522255533:assumed-role/users/jane", "accountId": "155522255533", "accessKeyId": "AKTTIOSZODNN8SAMPLE", "sessionContext": { "attributes": { "mfaAuthenticated": "false", "creationDate": "2016-05-11T19:01:01Z" }, "sessionIssuer": { "type": "Role", "principalId": "AKTTI44ZZ6DHBSAMPLE", "arn": "arn:aws:iam::499955777666:role/admin-role", "accountId": "499955777666", "userName": "jill" } } }, "eventTime": "2016-05-11T14:33:20Z", "eventSource": "dynamodb.amazonaws.com", "eventName": "DeleteTable", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "console.aws.amazon.com", "requestParameters": {"tableName": "Tools"}, "responseElements": {"tableDescription": { "tableName": "Tools", "itemCount": 0, "provisionedThroughput": { "writeCapacityUnits": 25, "numberOfDecreasesToday": 0, "readCapacityUnits": 25 }, "tableStatus": "DELETING", "tableSizeBytes": 0 }}, "requestID": "4D89G7D98GF7G8A7DF78FG89AS7GFSO5AEMVJF66Q9ASUAAJG", "eventID": "a954451c-c2fc-4561-8aea-7a30ba1fdf52", "eventType": "AwsApiCall", "apiVersion": "2013-04-22", "recipientAccountId": "155522255533" } ]}