配置審計事件 -

本文介紹配置審計通過Action Trail和CloudMonitor接入，作為事件來源發布到事件匯流排EventBridge的事件類型。

背景資訊

配置審計支援作為以下雲產品的事件來源：

雲產品列表

雲產品類型	雲產品
計算	Elastic Compute Service Auto Scaling
資料庫	ApsaraDB for HBase 雲資料庫RDS 雲原生關係型資料庫PolarDB 雲資料庫 Tair（相容 Redis） ApsaraDB for MongoDB 時間序列資料庫TSDB
安全	存取控制 DDoS防護 Key Management Service Web Application Firewall
網路與CDN	負載平衡 CDN 雲企業網 Virtual Private Cloud 私網串連 VPN網關
容器	Container ServiceKubernetes版
中介軟體	訊息佇列RocketMQ版
遷移與營運管理	系統營運管理資源管理
開發工具	Resource Orchestration Service
巨量資料計算	Elasticsearch
儲存	Apsara File Storage NAS Object Storage Service
企業服務與雲通訊	Alibaba Cloud DNS

事件類型

配置審計支援發布到事件匯流排EventBridge的事件類型如下所示。

事件類型	type參數值
資源配置變更通知	config:Config:ConfigurationItemChangeNotification
資源評估不合規通知	config:Config:NonCompliantNotification
阿里雲平台對資源執行的操作事件	config:ActionTrail:AliyunServiceEvent
API調用	config:ActionTrail:ApiCall
控制台的操作事件	config:ActionTrail:ConsoleOperation
配置項變更	config:CloudMonitor:ConfigurationItemChangeNotification

CloudEvents規範中定義的參數解釋，請參見事件概述。

資源配置變更通知

資源配置變更時，事件匯流排EventBridge接收到的樣本事件如下所示。

{
    "datacontenttype": "application/json;charset=utf-8",
    "data": {
        "resourceId":"i-bp1b4ym5yh7ciz96****",
        "captureTime":"1637659288000",
        "configuration":"{\"ResourceGroupId\":\"\",\"Memory\":1024,\"InstanceChargeType\":\"PostPaid\",\"Cpu\":1,\"OSName\":\"CentOS  7.6 64位\",\"InstanceNetworkType\":\"vpc\",\"InnerIpAddress\":{\"IpAddress\":[]},\"ExpiredTime\":\"2099-12-31T15:59Z\",\"ImageId\":\"centos_7_06_64_20G_alibase_20190218.vhd\",\"EipAddress\":{\"AllocationId\":\"\",\"IpAddress\":\"\",\"InternetChargeType\":\"\"},\"Tags\":{\"Tag\":[{\"TagKey\":\"1\",\"TagValue\":\"2\"},{\"TagKey\":\"cost-center\",\"TagValue\":\"202012301217\"},{\"TagKey\":\"d\",\"TagValue\":\"d\"},{\"TagKey\":\"cost-center-haidong\",\"TagValue\":\"1\"},{\"TagKey\":\"05\",\"TagValue\":\"17\"},{\"TagKey\":\"nba\",\"TagValue\":\"yes\"},{\"TagKey\":\"V\",\"TagValue\":\"V\"},{\"TagKey\":\"fff1\",\"TagValue\":\"ff\"},{\"TagKey\":\"fff\",\"TagValue\":\"fff\"}]},\"VlanId\":\"\",\"HostName\":\"test-instance11111name\",\"Status\":\"Stopped\",\"HibernationOptions\":{\"Configured\":false},\"MetadataOptions\":{\"HttpTokens\":\"\",\"HttpEndpoint\":\"\"},\"InstanceId\":\"i-bp1b4ym5yh7ciz96****\",\"StoppedMode\":\"StopCharging\",\"CpuOptions\":{\"ThreadsPerCore\":1,\"Numa\":\"\",\"CoreCount\":1},\"StartTime\":\"2020-11-24T02:42Z\",\"DeletionProtection\":true,\"VpcAttributes\":{\"PrivateIpAddress\":{\"IpAddress\":[\"192.168.XX.XX\"]},\"VpcId\":\"vpc-bp162ot6s0yknn7qj****\",\"VSwitchId\":\"vsw-bp1tuojvtiteqlsh8****\",\"NatIpAddress\":\"\"},\"SecurityGroupIds\":{\"SecurityGroupId\":[\"sg-bp11m8p4hsmegc6d****\"]},\"InternetChargeType\":\"PayByBandwidth\",\"InstanceName\":\"test-instance666666\",\"DeploymentSetId\":\"\",\"InternetMaxBandwidthOut\":10,\"SerialNumber\":\"e8fbd14e-19cd-47c7-b664-b6e60dc30713\",\"OSType\":\"linux\",\"CreationTime\":\"2020-11-24T02:42Z\",\"AutoReleaseTime\":\"\",\"Description\":\"秒睡奧數\",\"InstanceTypeFamily\":\"ecs.xn4\",\"DedicatedInstanceAttribute\":{\"Tenancy\":\"\",\"Affinity\":\"\"},\"PublicIpAddress\":{\"IpAddress\":[]},\"GPUSpec\":\"\",\"NetworkInterfaces\":{\"NetworkInterface\":[{\"Type\":\"Primary\",\"PrimaryIpAddress\":\"192.168.XX.XX\",\"MacAddress\":\"00:16:3f:00:XX:XX\",\"NetworkInterfaceId\":\"eni-bp15hr53jws8jqza****\",\"PrivateIpSets\":{\"PrivateIpSet\":[{\"PrivateIpAddress\":\"192.168.XX.XX\",\"Primary\":true}]}}]},\"SpotPriceLimit\":0.0,\"SaleCycle\":\"\",\"DeviceAvailable\":true,\"InstanceType\":\"ecs.xn4.small\",\"OSNameEn\":\"CentOS  7.6 64 bit\",\"SpotStrategy\":\"NoSpot\",\"IoOptimized\":true,\"ZoneId\":\"cn-hangzhou-b\",\"ClusterId\":\"\",\"EcsCapacityReservation****\":{\"CapacityReservationPreference\":\"\",\"CapacityReservationId\":\"\"},\"DedicatedHostAttribute\":{\"DedicatedHostId\":\"\",\"DedicatedHostName\":\"\",\"DedicatedHostClusterId\":\"\"},\"GPUAmount\":0,\"OperationLocks\":{\"LockReason\":[]},\"InternetMaxBandwidthIn\":100,\"Recyclable\":false,\"RegionId\":\"cn-hangzhou\",\"CreditSpecification\":\"\"}",
        "availabilityZone":"cn-hangzhou-b",
        "requestId":"d641cac9-b079-4c68-bead-bd7d687e****",
        "resourceGroupId":"rg-acfmw3ty5y7****",
        "arn":"acs:ecs:cn-hangzhou:120886317861****:instance/i-bp1b4ym5yh7ciz96****",
        "relationship":"[{\"regionId\":\"cn-hangzhou\",\"relationType\":\"Contains\",\"resourceId\":\"eni-bp15hr53jws8jqza****\",\"resourceType\":\"ACS::ECS::NetworkInterface\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsAssociatedIn\",\"resourceId\":\"sg-bp11m8p4hsmegc6d****\",\"resourceType\":\"ACS::ECS::SecurityGroup\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsContained\",\"resourceId\":\"vpc-bp162ot6s0yknn7qj****\",\"resourceType\":\"ACS::VPC::VPC\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsContained\",\"resourceId\":\"vsw-bp1tuojvtiteqlsh8****\",\"resourceType\":\"ACS::VPC::VSwitch\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsAttachedTo\",\"resourceId\":\"d-bp1egkvbrif67h8n****\",\"resourceType\":\"ACS::ECS::Disk\"}]",
        "configurationDiff":"{\"InstanceName\":[\"test-instance222345\",\"test-instance666666\"]}",
        "resourceEventType":"MODIFY",
        "resourceCreateTime":"1606185720000",
        "dataType":"ConfigurationItemChangeNotification",
        "resourceName":"test-instance666666",
        "tags":"{\"1\":[\"2\"],\"d\":[\"d\"],\"fff1\":[\"ff\"],\"05\":[\"17\"],\"V\":[\"V\"],\"fff\":[\"fff\"],\"cost-center-haidong\":[\"1\"],\"nba\":[\"yes\"],\"cost-center\":[\"202012301217\"]}",
        "accountId":"120886317861****",
        "relationshipDiff":"{\"relationship_diff\":{\"relationship_add\":[],\"relationship_delete\":[]}}",
        "resourceStatus":"Stopped",
        "regionId":"cn-hangzhou",
        "configAggregators":"",
        "logtime":1637659293,
        "resourceType":"ACS::ECS::Instance"
    },
    "id": "45ef4dewdwe1-7c35-447a-bd93-fab****",
    "source": "acs.config",
    "specversion": "1.0",
    "subject": "acs.config:cn-hangzhou:123456789098****:215672",
    "time": "2020-11-19T21:04:41+08:00",
    "type": "config:Config:ConfigurationItemChangeNotification",
    "aliyunaccountid": "123456789098****",
    "aliyunpublishtime": "2020-11-19T21:04:42Z",
    "aliyuneventbusname": "default",
    "aliyunregionid": "cn-hangzhou",
    "aliyunpublishaddr": "172.25.XX.XX"
}

data欄位包含的參數解釋如下表所示。

參數	類型	樣本值	描述
resourceId	String	i-bp1b4ym5yh7ciz96****	資源ID。
captureTime	String	1637659288000	捕獲時間。
configuration	String	{\"ResourceGroupId\":\"\",\"Memory\":1024,\"InstanceChargeType\":\"PostPaid\",\"Cpu\":1,\"OSName\":\"CentOS 7.6 64位\",\"InstanceNetworkType\":\"vpc\",\"InnerIpAddress\":{\"IpAddress\":[]},\"ExpiredTime\":\"2099-12-31T15:59Z\",\"ImageId\":\"centos_7_06_64_20G_alibase_20190218.vhd\",\"EipAddress\":{\"AllocationId\":\"\",\"IpAddress\":\"\",\"InternetChargeType\":\"\"},\"Tags\":{\"Tag\":[{\"TagKey\":\"1\",\"TagValue\":\"2\"},{\"TagKey\":\"cost-center\",\"TagValue\":\"202012301217\"},{\"TagKey\":\"d\",\"TagValue\":\"d\"},{\"TagKey\":\"cost-center-haidong\",\"TagValue\":\"1\"},{\"TagKey\":\"05\",\"TagValue\":\"17\"},{\"TagKey\":\"nba\",\"TagValue\":\"yes\"},{\"TagKey\":\"V\",\"TagValue\":\"V\"},{\"TagKey\":\"fff1\",\"TagValue\":\"ff\"},{\"TagKey\":\"fff\",\"TagValue\":\"fff\"}]},\"VlanId\":\"\",\"HostName\":\"test-instance11111name\",\"Status\":\"Stopped\",\"HibernationOptions\":{\"Configured\":false},\"MetadataOptions\":{\"HttpTokens\":\"\",\"HttpEndpoint\":\"\"},\"InstanceId\":\"i-bp1b4ym5yh7ciz96**\",\"StoppedMode\":\"StopCharging\",\"CpuOptions\":{\"ThreadsPerCore\":1,\"Numa\":\"\",\"CoreCount\":1},\"StartTime\":\"2020-11-24T02:42Z\",\"DeletionProtection\":true,\"VpcAttributes\":{\"PrivateIpAddress\":{\"IpAddress\":[\"192.168.XX.XX\"]},\"VpcId\":\"vpc-bp162ot6s0yknn7qj\",\"VSwitchId\":\"vsw-bp1tuojvtiteqlsh8\",\"NatIpAddress\":\"\"},\"SecurityGroupIds\":{\"SecurityGroupId\":[\"sg-bp11m8p4hsmegc6d\"]},\"InternetChargeType\":\"PayByBandwidth\",\"InstanceName\":\"test-instance666666\",\"DeploymentSetId\":\"\",\"InternetMaxBandwidthOut\":10,\"SerialNumber\":\"e8fbd14e-19cd-47c7-b664-b6e60dc30713\",\"OSType\":\"linux\",\"CreationTime\":\"2020-11-24T02:42Z\",\"AutoReleaseTime\":\"\",\"Description\":\"秒睡奧數\",\"InstanceTypeFamily\":\"ecs.xn4\",\"DedicatedInstanceAttribute\":{\"Tenancy\":\"\",\"Affinity\":\"\"},\"PublicIpAddress\":{\"IpAddress\":[]},\"GPUSpec\":\"\",\"NetworkInterfaces\":{\"NetworkInterface\":[{\"Type\":\"Primary\",\"PrimaryIpAddress\":\"192.168.XX.XX\",\"MacAddress\":\"00:16:3f:00:XX:XX\",\"NetworkInterfaceId\":\"eni-bp15hr53jws8jqza\",\"PrivateIpSets\":{\"PrivateIpSet\":[{\"PrivateIpAddress\":\"192.168.XX.XX\",\"Primary\":true}]}}]},\"SpotPriceLimit\":0.0,\"SaleCycle\":\"\",\"DeviceAvailable\":true,\"InstanceType\":\"ecs.xn4.small\",\"OSNameEn\":\"CentOS 7.6 64 bit\",\"SpotStrategy\":\"NoSpot\",\"IoOptimized\":true,\"ZoneId\":\"cn-hangzhou-b\",\"ClusterId\":\"\",\"EcsCapacityReservation**\":{\"CapacityReservationPreference\":\"\",\"CapacityReservationId\":\"\"},\"DedicatedHostAttribute\":{\"DedicatedHostId\":\"\",\"DedicatedHostName\":\"\",\"DedicatedHostClusterId\":\"\"},\"GPUAmount\":0,\"OperationLocks\":{\"LockReason\":[]},\"InternetMaxBandwidthIn\":100,\"Recyclable\":false,\"RegionId\":\"cn-hangzhou\",\"CreditSpecification\":\"\"}"	配置（JSON字串）。
availabilityZone	String	cn-hangzhou-b	阿里雲可用性區域。
requestId	String	d641cac9-b079-4c68-bead-bd7d687e****	請求ID。
resourceGroupId	String	rg-acfmw3ty5y7****	資源群組ID。
arn	String	acs:ecs:cn-hangzhou:120886317861**:instance/i-bp1b4ym5yh7ciz96**	阿里雲資源群組名稱。
relationship	String	"relationship":"[{\"regionId\":\"cn-hangzhou\",\"relationType\":\"Contains\",\"resourceId\":\"eni-bp15hr53jws8jqza**\",\"resourceType\":\"ACS::ECS::NetworkInterface\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsAssociatedIn\",\"resourceId\":\"sg-bp11m8p4hsmegc6d\",\"resourceType\":\"ACS::ECS::SecurityGroup\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsContained\",\"resourceId\":\"vpc-bp162ot6s0yknn7qj\",\"resourceType\":\"ACS::VPC::VPC\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsContained\",\"resourceId\":\"vsw-bp1tuojvtiteqlsh8\",\"resourceType\":\"ACS::VPC::VSwitch\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsAttachedTo\",\"resourceId\":\"d-bp1egkvbrif67h8n**\",\"resourceType\":\"ACS::ECS::Disk\"}]"	關係（JSON字串）。
configurationDiff	String	`{\"InstanceName\":[\"test-instance222345\",\"test-instance666666\"]}`	配置差異（JSON字串）。
resourceEventType	String	MODIFY	資源事件類型。
resourceCreateTime	String	1606185720000	資源建立時間。
dataType	String	ConfigurationItemChangeNotification	資料類型。
resourceName	String	test-instance666666	資源名稱。
tags	String	`{\"1\":[\"2\"],\"d\":[\"d\"],\"fff1\":[\"ff\"],\"05\":[\"17\"],\"V\":[\"V\"],\"fff\":[\"fff\"],\"cost-center-haidong\":[\"1\"],\"nba\":[\"yes\"],\"cost-center\":[\"202012301217\"]}`	標籤（JSON字串）。
accountId	String	120886317861****	阿里雲帳號ID。
relationshipDiff	String	{\"relationship_diff\":{\"relationship_add\":[],\"relationship_delete\":[]}}	關係差異（JSON字串）。
resourceStatus	String	Stopped	資源狀態。
regionId	String	cn-hangzhou	阿里雲地區。
configAggregators	String	無	配置彙總。
logtime	Number	1637659293	日誌時間。
resourceType	String	ACS::ECS::Instance	資源類型。

資源評估不合規通知

資源評估不合規時，事件匯流排EventBridge接收到的樣本事件如下所示。

{
    "datacontenttype": "application/json;charset=utf-8",
    "data": {
        "annotation":"{\"configuration\":\"[{\\\"Type\\\":\\\"ecs\\\",\\\"ServerId\\\":\\\"i-bp18fnpdsieogla2****\\\",\\\"Port\\\":443,\\\"Weight\\\":0}]\",\"operator\":\"IsEmpty\",\"property\":\"$.data[?(@.Weight==0)]\"}",
        "riskLevel":"Critical",
        "dataType":"NonCompliantNotification",
        "evaluationResultIdentifier":"{\"orderingTimestamp\":1637657187979,\"evaluationResultQualifier\":{\"resourceId\":\"lb-bp1pcf5uglae1016r****\",\"configRuleName\":\"slb_backendserver_weight_check\",\"configRuleId\":\"cr-aa5e626622af00c5****\",\"captureTime\":1637657187979,\"resourceName\":\"lb-bp1pcf5uglae1016raewv\",\"configRuleArn\":\"acs:config::100931896542****:rule/cr-aa5e626622af00c5bc65\",\"regionId\":\"cn-hangzhou\",\"resourceOwnerId\":100931896542****,\"resourceType\":\"ACS::SLB::LoadBalancer\"}}"
        "eventType":"ResourceCompliance",
        "invokingEventMessageType":"Manual",
        "configRuleInvokedTimestamp":1637657187979,
        "complianceType":"NON_COMPLIANT",
        "accountId":100931896542****,
        "requestId":"96dc838e-708d-4429-aa1b-121d1fee****",
        "resultRecordedTimestamp":1637658505230,
        "eventName":"NonCompliant",
        "notificationCreationTime":1637658505710
    },
    "id": "45ef4dewdwe1-7c35-447a-bd93-fab****",
    "source": "acs.config",
    "specversion": "1.0",
    "subject": "acs.config:cn-hangzhou:123456789098****:215672",
    "time": "2020-11-19T21:04:41+08:00",
    "type": "config:Config:NonCompliantNotification",
    "aliyunaccountid": "123456789098****",
    "aliyunpublishtime": "2020-11-19T21:04:42Z",
    "aliyuneventbusname": "default",
    "aliyunregionid": "cn-hangzhou",
    "aliyunpublishaddr": "172.25.XX.XX"
}

data欄位包含的參數解釋如下表所示。

參數	類型	樣本值	描述
annotation	String	`{\"configuration\":\"[{\\\"Type\\\":\\\"ecs\\\",\\\"ServerId\\\":\\\"i-bp18fnpdsieogla2****\\\",\\\"Port\\\":443,\\\"Weight\\\":0}]\",\"operator\":\"IsEmpty\",\"property\":\"$.data[?(@.Weight==0)]\"}`	註解（JSON字串）。
riskLevel	String	Critical	風險層級。
dataType	String	NonCompliantNotification	資料類型。
evaluationResultIdentifier	String	`{\"orderingTimestamp\":1637657187979,\"evaluationResultQualifier\":{\"resourceId\":\"lb-bp1pcf5uglae1016r**\",\"configRuleName\":\"slb_backendserver_weight_check\",\"configRuleId\":\"cr-aa5e626622af00c5\",\"captureTime\":1637657187979,\"resourceName\":\"lb-bp1pcf5uglae1016raewv\",\"configRuleArn\":\"acs:config::100931896542:rule/cr-aa5e626622af00c5bc65\",\"regionId\":\"cn-hangzhou\",\"resourceOwnerId\":100931896542**,\"resourceType\":\"ACS::SLB::LoadBalancer\"}}`	評估結果標識（JSON字串）。
eventType	String	ResourceCompliance	事件類型。
invokingEventMessageType	String	Manual	呼叫事件訊息類型。
configRuleInvokedTimestamp	Number	1637657187979	配置規則調用時間戳記。
complianceType	String	NON_COMPLIANT	合規類型。
accountId	String	100931896542****	阿里雲帳號ID。
requestId	String	96dc838e-708d-4429-aa1b-121d1fee****	請求ID。
resultRecordedTimestamp	Number	1637658505230	記錄結果的時間戳記。
eventName	String	NonCompliant	事件名稱。
notificationCreationTime	Number	1637658505710	通知事件建立時間。