STS
操作審計支持查詢阿里云STS(Security Token Service)相關(guān)事件。您可以快速查詢STS事件并獲取事件發(fā)生的時間、地域、臨時身份等信息。本文為您舉例說明STS相關(guān)事件。
RAM用戶通過控制臺調(diào)用STS切換角色身份
以下示例表示,在北京時間2021年08月05日15:59:47,RAM用戶Alice
調(diào)用AssumeRole接口通過扮演阿里云賬號127812487797****
下的cna-manager-test-role
角色獲取了一個臨時身份。
{
"eventId": "FC410992-13D4-5D33-89A7-D8F4100CEE6B",
"eventVersion": 1,
"responseElements": {
"RequestId": "FC410992-13D4-5D33-89A7-D8F4100CEE6B",
"AssumedRoleUser": {
"Arn": "acs:ram::127812487797****:role/cna-manager-test-role/169074",
"AssumedRoleId": "33618118978621****:169074"
},
"Credentials": {
"AccessKeyId": "STS.NUQ79dzjpMPxYesi1YY5U****",
"AccessKeySecret": "gS09k8a8fDwwgR0ey9IeCFuNfr****",
"Expiration": "2021-08-05T08:59:47Z"
}
},
"eventSource": "sts.aliyuncs.com",
"requestParameters": {
"AcsHost": "sts.aliyuncs.com",
"AcsProduct": "Sts",
"RequestId": "FC410992-13D4-5D33-89A7-D8F4100CEE6B",
"RoleSessionName": 169074,
"RegionId": "cn-hangzhou",
"HostId": "sts.aliyuncs.com",
"RoleArn": "acs:ram::127812487797****:role/cna-manager-test-role"
},
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "AlibabaCloud (Linux; amd64) Java/1.8.0_152-b187 Core/4.5.17 HTTPClient/ApacheHttpClient",
"eventType": "ApiCall",
"referencedResources": {
"ACS::RAM::AccessKey": [
"STS.NUQ79dzjpMPxYesi1YY5U****"
]
},
"userIdentity": {
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-08-05T07:59:46Z"
}
},
"accountId": "146411043369****",
"principalId": "21336811218169****",
"type": "ram-user",
"userName": "Alice"
},
"serviceName": "Sts",
"additionalEventData": {
"Scheme": "https",
"CallerBid": "26842"
},
"apiVersion": "2015-04-01",
"requestId": "FC410992-13D4-5D33-89A7-D8F4100CEE6B",
"eventTime": "2021-08-05T07:59:47Z",
"isGlobal": false,
"acsRegion": "cn-hangzhou",
"eventName": "AssumeRole"
}
示例中關(guān)鍵字段含義如下:
userIdentity.type
:請求者的身份類型。取值為ram-user
,表示RAM用戶。userIdentity.userName
:請求者的RAM用戶名稱。serviceName
:事件相關(guān)的阿里云服務(wù)名稱。取值為Sts
,表示STS。eventName
:事件名稱。取值為AssumeRole
,表示獲取一個扮演該角色的臨時身份,此處RAM用戶扮演的是受信實體為阿里云賬號類型的RAM角色。requestParameters.RoleArn
:扮演角色的ARN信息。取值為acs:ram::127812487797****:role/cna-manager-test-role
,127812487797****
表示角色所屬的阿里云賬號ID,cna-manager-test-role
表示角色名稱。referencedResources
:事件影響的資源列表。取值為{"ACS::RAM::AccessKey": ["STS.NUQ79dzjpMPxYesi1YY5U****"]}
,表示扮演角色獲取的臨時身份憑證STS.NUQ79dzjpMPxYesi1YY5U****
。eventTime
:事件發(fā)生的時間(UTC格式)。取值為2021-08-05T07:59:47Z
,表示北京時間2021年08月05日15:59:47。
RAM用戶通過調(diào)用SDK獲取臨時訪問令牌
以下示例表示,在北京時間2021年08月05日16:03:31,RAM用戶Alice
調(diào)用AssumeRole接口通過扮演阿里云賬號193875730500****
下的aliyunosstokengeneratorrole
角色獲取了一個臨時身份。
{
"eventId": "B936D2EE-05DC-5AC1-9163-48F0DE28B963",
"eventVersion": 1,
"responseElements": {
"RequestId": "B936D2EE-05DC-5AC1-9163-48F0DE28B963",
"AssumedRoleUser": {
"Arn": "acs:ram::193875730500****:role/aliyunosstokengeneratorrole/X5wpmS6EgkM080aE0Kym****",
"AssumedRoleId": "30815480203992****:X5wpmS6EgkM080aE0Kym****"
},
"Credentials": {
"AccessKeyId": "STS.NTobFuYYn6EBxAVhC18ta****",
"AccessKeySecret": "gS09k8a8fDwwgR0ey9IeCFuNfr****",
"Expiration": "2021-08-05T09:03:31Z"
}
},
"eventSource": "sts.cn-hangzhou.aliyuncs.com",
"requestParameters": {
"Policy": {
"Version": "1",
"Statement": [
{
"Condition": {},
"Action": [
"oss:PutObject"
],
"Resource": [
"acs:oss:*:*:taowo/image/disucss/2021/8/5/xNodqHMtGkX9arNrAkrz4d****/*",
"acs:oss:*:*:taowo/video/disucss/2021/8/5/xNodqHMtGkX9arNrAkrz4d****/*",
"acs:oss:*:*:taowo/sound/disucss/2021/8/5/xNodqHMtGkX9arNrAkrz4d****/*"
],
"Effect": "Allow"
}
]
},
"AcsHost": "sts.cn-hangzhou.aliyuncs.com",
"AcsProduct": "Sts",
"RequestId": "B936D2EE-05DC-5AC1-9163-48F0DE28B963",
"RoleSessionName": "X5wpmS6EgkM080aE0Kym****",
"Region": "cn-hangzhou",
"SignatureType": "",
"RegionId": "cn-hangzhou",
"HostId": "sts.cn-hangzhou.aliyuncs.com",
"RoleArn": "acs:ram::193875730500****:role/aliyunosstokengeneratorrole"
},
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "AlibabaCloud (Linux 3.10.0-1127.19.1.el7.x86_64;x86_64) Python/3.8.8 Core/2.13.32 python-requests/2.18.3",
"eventType": "ApiCall",
"referencedResources": {
"ACS::RAM::AccessKey": [
"STS.NTobFuYYn6EBxAVhC18ta****"
]
},
"userIdentity": {
"accessKeyId": "LTAI2jP0BF0f****",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-08-05T08:03:31Z"
}
},
"accountId": "193875730500****",
"principalId": "21365465900895****",
"type": "ram-user",
"userName": "Alice"
},
"serviceName": "Sts",
"additionalEventData": {
"Scheme": "https",
"CallerBid": "26842"
},
"apiVersion": "2015-04-01",
"requestId": "B936D2EE-05DC-5AC1-9163-48F0DE28B963",
"eventTime": "2021-08-05T08:03:31Z",
"isGlobal": false,
"acsRegion": "cn-hangzhou",
"eventName": "AssumeRole"
}
示例中關(guān)鍵字段含義如下:
userIdentity.accessKeyId
:發(fā)起API調(diào)用的AccessKey ID。取值為LTAI2jP0BF0f****
。userIdentity.principalId
:AK所屬的賬號ID。取值為21365465900895****
。userIdentity.type
:請求者的身份類型。取值為ram-user
,表示RAM用戶。serviceName
:事件相關(guān)的阿里云服務(wù)名稱。取值為Sts
,表示STS。eventName
:事件名稱。取值為AssumeRole
,表示獲取一個扮演該角色的臨時身份,此處RAM用戶扮演的是受信實體為阿里云賬號類型的RAM角色。requestParameters.RoleArn
:扮演角色的ARN信息。取值為acs:ram::193875730500****:role/aliyunosstokengeneratorrole
,193875730500****
表示角色所屬的阿里云賬號ID,aliyunosstokengeneratorrole
表示角色名稱。referencedResources
:事件影響的資源列表。取值為{"ACS::RAM::AccessKey": ["STS.NTobFuYYn6EBxAVhC18ta****"]}
,表示扮演角色獲取的臨時身份憑證為test@example.onaliyun.com
。eventTime
:事件發(fā)生的時間(UTC格式)。取值為2021-08-05T08:03:31Z
,表示北京時間2021年08月05日16:03:31。
企業(yè)用戶通過角色SSO獲取阿里云角色身份
以下示例表示,在北京時間2021年08月05日16:04:56,企業(yè)用戶Alice
調(diào)用AssumeRoleWithSAML接口通過角色SSO扮演189186630579****
賬號下的cruisetestrole
角色獲取了一個臨時身份。
{
"eventId": "66FDD0F9-3546-567A-8964-2BD734198356",
"eventVersion": 1,
"responseElements": {
"RequestId": "66FDD0F9-3546-567A-8964-2BD734198356",
"SAMLAssertionInfo": {
"SubjectType": "transient",
"Issuer": "https://testidp/saml",
"Recipient": "https://signin.aliyun.com/saml-role/sso",
"Subject": "Alice"
},
"AssumedRoleUser": {
"Arn": "acs:ram::189186630579****:role/cruisetestrole/cruisetest",
"AssumedRoleId": "37924473051351****:cruisetest"
},
"Credentials": {
"AccessKeyId": "STS.NUTNKhGR8BR3QL9sJkSHp****",
"AccessKeySecret": "gS09k8a8fDwwgR0ey9IeCFuNfr****",
"Expiration": "2021-08-05T09:04:56Z"
}
},
"eventSource": "sts.aliyuncs.com",
"requestParameters": {
"AcsHost": "sts.aliyuncs.com",
"SAMLAssertion": "***",
"AcsProduct": "Sts",
"RequestId": "66FDD0F9-3546-567A-8964-2BD734198356",
"DurationSeconds": 3600,
"HostId": "sts.aliyuncs.com",
"SAMLProviderArn": "acs:ram::189186630579****:saml-provider/mockedIdp",
"RoleArn": "acs:ram::189186630579****:role/cruisetestrole"
},
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "Jakarta Commons-HttpClient/3.1",
"eventType": "ApiCall",
"referencedResources": {
"ACS::RAM::AccessKey": [
"STS.NUTNKhGR8BR3QL9sJkSHp****"
]
},
"userIdentity": {
"accountId": "189186630579****",
"samlProviderName": "mockedIdp",
"type": "saml-user",
"userName": "Alice",
"samlIssuer": "https://testidp/saml"
},
"serviceName": "Sts",
"additionalEventData": {
"Scheme": "https",
"CallerBid": "26842"
},
"apiVersion": "2015-04-01",
"requestId": "66FDD0F9-3546-567A-8964-2BD734198356",
"eventTime": "2021-08-05T08:04:56Z",
"isGlobal": false,
"acsRegion": "cn-shanghai",
"eventName": "AssumeRoleWithSAML"
}
示例中關(guān)鍵字段含義如下:
userIdentity.type
:請求者的身份類型。取值為saml-user
,表示企業(yè)自有身份的用戶。userIdentity.userName
:發(fā)起角色SSO的企業(yè)用戶的用戶名。requestParameters.RoleArn
:扮演角色的ARN信息。取值為cs:ram::189186630579****:role/cruisetestrole
,189186630579****
表示角色所屬的阿里云賬號ID,cruisetestrole
表示角色名稱。referencedResources
:事件影響的資源列表。取值為{"ACS::RAM::AccessKey": ["STS.NUTNKhGR8BR3QL9sJkSHp****"]}
,表示扮演角色獲取的臨時身份憑證為STS.NUTNKhGR8BR3QL9sJkSHp****
。serviceName
:事件相關(guān)的阿里云服務(wù)名稱。取值為Sts
,表示STS。eventName
:事件名稱。取值為AssumeRoleWithSAML
,表示通過角色SSO獲取阿里云角色身份。eventTime
:事件發(fā)生的時間(UTC格式)。取值為2021-08-05T08:04:56Z
,表示北京時間2021年08月05日16:04:56。