AWS中是否有一项服务,可以显示由于错误配置而被拒绝的所有权限?

huangapple go评论65阅读模式
英文:

Is there a service in aws, that shows all permissions denied due to wrong configurations

问题

有没有一个AWS服务,可以显示每个服务的所有权限被拒绝的错误?

英文:

Is there a aws service, that shows all permissions denied errors for each service?

答案1

得分: 1

什么是AWS CloudTrail?

AWS CloudTrail是AWS的一个服务,帮助您启用AWS帐户的操作和风险审计、治理和合规性。用户、角色或AWS服务执行的操作会被记录为CloudTrail中的事件。事件包括在AWS管理控制台、AWS命令行界面以及AWS SDK和API中执行的操作。

创建AWS帐户时,CloudTrail会在您的AWS帐户上启用。当您的AWS帐户中发生活动时,该活动将记录在CloudTrail事件中。您可以通过转到事件历史来轻松查看最近的事件,以在CloudTrail控制台中查看。要持续记录AWS帐户中的活动和事件,可以创建事件数据存储或创建一个跟踪。

查看AWS帐户活动的可见性是安全和运营最佳实践的关键方面。您可以使用CloudTrail查看、搜索、下载、存档、分析和响应AWS基础架构中的帐户活动。您可以识别是谁或什么执行了哪些操作,哪些资源受到了影响,事件发生的时间以及其他详细信息,以帮助您分析和响应AWS帐户中的活动。可选地,您可以在跟踪上启用AWS CloudTrail Insights,以帮助您识别和响应异常活动。

所有对AWS服务的请求都是通过API调用进行的,包括从控制台、AWS CLI或编程API发送的请求。CloudTrail记录了请求的时间、请求、IP地址以及API调用是否成功。因此,它还包含了由于权限错误而被拒绝的请求列表。

请注意,默认的跟踪仅保留90天。如果您希望保留更长时间的跟踪记录,您需要配置自己的跟踪。

英文:

From What Is AWS CloudTrail?:

>AWS CloudTrail is an AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
>
>CloudTrail is enabled on your AWS account when you create it. When activity occurs in your AWS account, that activity is recorded in a CloudTrail event. You can easily view recent events in the CloudTrail console by going to Event history. For an ongoing record of activity and events in your AWS account, create an event data store or create a trail.
>
>Visibility into your AWS account activity is a key aspect of security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your AWS infrastructure. You can identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your AWS account. Optionally, you can enable AWS CloudTrail Insights on a trail to help you identify and respond to unusual activity.

All requests to AWS services are made via API calls, including requests sent from the console, AWS CLI or programmatic API. CloudTrail records the time, request, IP address and whether the API call was successful. It therefore also contains a list of requests that were denied due to permission errors.

Please note that the default Trail is only kept for 90 days. If you wish to retain the Trails for longer periods, you will need to configure your own Trail.

huangapple
  • 本文由 发表于 2023年5月21日 21:12:25
  • 转载请务必保留本文链接:https://go.coder-hub.com/76300066.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定