本文介紹配置審計通過Action Trail和CloudMonitor接入,作為事件來源發布到事件匯流排EventBridge的事件類型。
背景資訊
配置審計支援作為以下雲產品的事件來源:
-
Apsara File Storage NAS負載平衡CDNElasticsearch雲企業網ApsaraDB for HBase雲資料庫RDSContainer ServiceKubernetes版雲端服務器雲原生資料庫PolarDB MySQLResource Orchestration ServiceVirtual Private CloudObject Storage Service存取控制Auto Scaling營運編排服務DDoS防護Alibaba Cloud DNSKey Management ServiceKVStore for RedisApsaraDB for MongoDB私網串連VPN網關Web Application Firewall訊息佇列RocketMQ版資源管理時間序列資料庫TSDB
事件類型
配置審計支援發布到事件匯流排EventBridge的事件類型如下所示。
事件類型 | type參數值 |
config:Config:ConfigurationItemChangeNotification | |
config:Config:NonCompliantNotification | |
阿里雲平台對資源執行的操作事件 | config:ActionTrail:AliyunServiceEvent |
API調用 | config:ActionTrail:ApiCall |
控制台的操作事件 | config:ActionTrail:ConsoleOperation |
配置項變更 | config:CloudMonitor:ConfigurationItemChangeNotification |
CloudEvents規範中定義的參數解釋,請參見事件概述。
資源配置變更通知
資源配置變更時,事件匯流排EventBridge接收到的樣本事件如下所示。
{
"datacontenttype": "application/json;charset=utf-8",
"data": {
"resourceId":"i-bp1b4ym5yh7ciz96****",
"captureTime":"1637659288000",
"configuration":"{\"ResourceGroupId\":\"\",\"Memory\":1024,\"InstanceChargeType\":\"PostPaid\",\"Cpu\":1,\"OSName\":\"CentOS 7.6 64位\",\"InstanceNetworkType\":\"vpc\",\"InnerIpAddress\":{\"IpAddress\":[]},\"ExpiredTime\":\"2099-12-31T15:59Z\",\"ImageId\":\"centos_7_06_64_20G_alibase_20190218.vhd\",\"EipAddress\":{\"AllocationId\":\"\",\"IpAddress\":\"\",\"InternetChargeType\":\"\"},\"Tags\":{\"Tag\":[{\"TagKey\":\"1\",\"TagValue\":\"2\"},{\"TagKey\":\"cost-center\",\"TagValue\":\"202012301217\"},{\"TagKey\":\"d\",\"TagValue\":\"d\"},{\"TagKey\":\"cost-center-haidong\",\"TagValue\":\"1\"},{\"TagKey\":\"05\",\"TagValue\":\"17\"},{\"TagKey\":\"nba\",\"TagValue\":\"yes\"},{\"TagKey\":\"V\",\"TagValue\":\"V\"},{\"TagKey\":\"fff1\",\"TagValue\":\"ff\"},{\"TagKey\":\"fff\",\"TagValue\":\"fff\"}]},\"VlanId\":\"\",\"HostName\":\"test-instance11111name\",\"Status\":\"Stopped\",\"HibernationOptions\":{\"Configured\":false},\"MetadataOptions\":{\"HttpTokens\":\"\",\"HttpEndpoint\":\"\"},\"InstanceId\":\"i-bp1b4ym5yh7ciz96****\",\"StoppedMode\":\"StopCharging\",\"CpuOptions\":{\"ThreadsPerCore\":1,\"Numa\":\"\",\"CoreCount\":1},\"StartTime\":\"2020-11-24T02:42Z\",\"DeletionProtection\":true,\"VpcAttributes\":{\"PrivateIpAddress\":{\"IpAddress\":[\"192.168.XX.XX\"]},\"VpcId\":\"vpc-bp162ot6s0yknn7qj****\",\"VSwitchId\":\"vsw-bp1tuojvtiteqlsh8****\",\"NatIpAddress\":\"\"},\"SecurityGroupIds\":{\"SecurityGroupId\":[\"sg-bp11m8p4hsmegc6d****\"]},\"InternetChargeType\":\"PayByBandwidth\",\"InstanceName\":\"test-instance666666\",\"DeploymentSetId\":\"\",\"InternetMaxBandwidthOut\":10,\"SerialNumber\":\"e8fbd14e-19cd-47c7-b664-b6e60dc30713\",\"OSType\":\"linux\",\"CreationTime\":\"2020-11-24T02:42Z\",\"AutoReleaseTime\":\"\",\"Description\":\"秒睡奧數\",\"InstanceTypeFamily\":\"ecs.xn4\",\"DedicatedInstanceAttribute\":{\"Tenancy\":\"\",\"Affinity\":\"\"},\"PublicIpAddress\":{\"IpAddress\":[]},\"GPUSpec\":\"\",\"NetworkInterfaces\":{\"NetworkInterface\":[{\"Type\":\"Primary\",\"PrimaryIpAddress\":\"192.168.XX.XX\",\"MacAddress\":\"00:16:3f:00:XX:XX\",\"NetworkInterfaceId\":\"eni-bp15hr53jws8jqza****\",\"PrivateIpSets\":{\"PrivateIpSet\":[{\"PrivateIpAddress\":\"192.168.XX.XX\",\"Primary\":true}]}}]},\"SpotPriceLimit\":0.0,\"SaleCycle\":\"\",\"DeviceAvailable\":true,\"InstanceType\":\"ecs.xn4.small\",\"OSNameEn\":\"CentOS 7.6 64 bit\",\"SpotStrategy\":\"NoSpot\",\"IoOptimized\":true,\"ZoneId\":\"cn-hangzhou-b\",\"ClusterId\":\"\",\"EcsCapacityReservation****\":{\"CapacityReservationPreference\":\"\",\"CapacityReservationId\":\"\"},\"DedicatedHostAttribute\":{\"DedicatedHostId\":\"\",\"DedicatedHostName\":\"\",\"DedicatedHostClusterId\":\"\"},\"GPUAmount\":0,\"OperationLocks\":{\"LockReason\":[]},\"InternetMaxBandwidthIn\":100,\"Recyclable\":false,\"RegionId\":\"cn-hangzhou\",\"CreditSpecification\":\"\"}",
"availabilityZone":"cn-hangzhou-b",
"requestId":"d641cac9-b079-4c68-bead-bd7d687e****",
"resourceGroupId":"rg-acfmw3ty5y7****",
"arn":"acs:ecs:cn-hangzhou:120886317861****:instance/i-bp1b4ym5yh7ciz96****",
"relationship":"[{\"regionId\":\"cn-hangzhou\",\"relationType\":\"Contains\",\"resourceId\":\"eni-bp15hr53jws8jqza****\",\"resourceType\":\"ACS::ECS::NetworkInterface\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsAssociatedIn\",\"resourceId\":\"sg-bp11m8p4hsmegc6d****\",\"resourceType\":\"ACS::ECS::SecurityGroup\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsContained\",\"resourceId\":\"vpc-bp162ot6s0yknn7qj****\",\"resourceType\":\"ACS::VPC::VPC\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsContained\",\"resourceId\":\"vsw-bp1tuojvtiteqlsh8****\",\"resourceType\":\"ACS::VPC::VSwitch\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsAttachedTo\",\"resourceId\":\"d-bp1egkvbrif67h8n****\",\"resourceType\":\"ACS::ECS::Disk\"}]",
"configurationDiff":"{\"InstanceName\":[\"test-instance222345\",\"test-instance666666\"]}",
"resourceEventType":"MODIFY",
"resourceCreateTime":"1606185720000",
"dataType":"ConfigurationItemChangeNotification",
"resourceName":"test-instance666666",
"tags":"{\"1\":[\"2\"],\"d\":[\"d\"],\"fff1\":[\"ff\"],\"05\":[\"17\"],\"V\":[\"V\"],\"fff\":[\"fff\"],\"cost-center-haidong\":[\"1\"],\"nba\":[\"yes\"],\"cost-center\":[\"202012301217\"]}",
"accountId":"120886317861****",
"relationshipDiff":"{\"relationship_diff\":{\"relationship_add\":[],\"relationship_delete\":[]}}",
"resourceStatus":"Stopped",
"regionId":"cn-hangzhou",
"configAggregators":"",
"logtime":1637659293,
"resourceType":"ACS::ECS::Instance"
},
"id": "45ef4dewdwe1-7c35-447a-bd93-fab****",
"source": "acs.config",
"specversion": "1.0",
"subject": "acs.config:cn-hangzhou:123456789098****:215672",
"time": "2020-11-19T21:04:41+08:00",
"type": "config:Config:ConfigurationItemChangeNotification",
"aliyunaccountid": "123456789098****",
"aliyunpublishtime": "2020-11-19T21:04:42Z",
"aliyuneventbusname": "default",
"aliyunregionid": "cn-hangzhou",
"aliyunpublishaddr": "172.25.XX.XX"
}data欄位包含的參數解釋如下表所示。
參數 | 類型 | 樣本值 | 描述 |
resourceId | String | i-bp1b4ym5yh7ciz96**** | 資源ID。 |
captureTime | String | 1637659288000 | 捕獲時間。 |
configuration | String | | 配置(JSON字串)。 |
availabilityZone | String | cn-hangzhou-b | 阿里雲可用性區域。 |
requestId | String | d641cac9-b079-4c68-bead-bd7d687e**** | 請求ID。 |
resourceGroupId | String | rg-acfmw3ty5y7**** | 資源群組ID。 |
arn | String | acs:ecs:cn-hangzhou:120886317861****:instance/i-bp1b4ym5yh7ciz96**** | 阿里雲資源群組名稱。 |
relationship | String | | 關係(JSON字串)。 |
configurationDiff | String | | 配置差異(JSON字串)。 |
resourceEventType | String | MODIFY | 資源事件類型。 |
resourceCreateTime | String | 1606185720000 | 資源建立時間。 |
dataType | String | ConfigurationItemChangeNotification | 資料類型。 |
resourceName | String | test-instance666666 | 資源名稱。 |
tags | String | | 標籤(JSON字串)。 |
accountId | String | 120886317861**** | 阿里雲帳號ID。 |
relationshipDiff | String | {\"relationship_diff\":{\"relationship_add\":[],\"relationship_delete\":[]}} | 關係差異(JSON字串)。 |
resourceStatus | String | Stopped | 資源狀態。 |
regionId | String | cn-hangzhou | 阿里雲地區。 |
configAggregators | String | 無 | 配置彙總。 |
logtime | Number | 1637659293 | 日誌時間。 |
resourceType | String | ACS::ECS::Instance | 資源類型。 |
資源評估不合規通知
資源評估不合規時,事件匯流排EventBridge接收到的樣本事件如下所示。
{
"datacontenttype": "application/json;charset=utf-8",
"data": {
"annotation":"{\"configuration\":\"[{\\\"Type\\\":\\\"ecs\\\",\\\"ServerId\\\":\\\"i-bp18fnpdsieogla2****\\\",\\\"Port\\\":443,\\\"Weight\\\":0}]\",\"operator\":\"IsEmpty\",\"property\":\"$.data[?(@.Weight==0)]\"}",
"riskLevel":"Critical",
"dataType":"NonCompliantNotification",
"evaluationResultIdentifier":"{\"orderingTimestamp\":1637657187979,\"evaluationResultQualifier\":{\"resourceId\":\"lb-bp1pcf5uglae1016r****\",\"configRuleName\":\"slb_backendserver_weight_check\",\"configRuleId\":\"cr-aa5e626622af00c5****\",\"captureTime\":1637657187979,\"resourceName\":\"lb-bp1pcf5uglae1016raewv\",\"configRuleArn\":\"acs:config::100931896542****:rule/cr-aa5e626622af00c5bc65\",\"regionId\":\"cn-hangzhou\",\"resourceOwnerId\":100931896542****,\"resourceType\":\"ACS::SLB::LoadBalancer\"}}"
"eventType":"ResourceCompliance",
"invokingEventMessageType":"Manual",
"configRuleInvokedTimestamp":1637657187979,
"complianceType":"NON_COMPLIANT",
"accountId":100931896542****,
"requestId":"96dc838e-708d-4429-aa1b-121d1fee****",
"resultRecordedTimestamp":1637658505230,
"eventName":"NonCompliant",
"notificationCreationTime":1637658505710
},
"id": "45ef4dewdwe1-7c35-447a-bd93-fab****",
"source": "acs.config",
"specversion": "1.0",
"subject": "acs.config:cn-hangzhou:123456789098****:215672",
"time": "2020-11-19T21:04:41+08:00",
"type": "config:Config:NonCompliantNotification",
"aliyunaccountid": "123456789098****",
"aliyunpublishtime": "2020-11-19T21:04:42Z",
"aliyuneventbusname": "default",
"aliyunregionid": "cn-hangzhou",
"aliyunpublishaddr": "172.25.XX.XX"
}data欄位包含的參數解釋如下表所示。
參數 | 類型 | 樣本值 | 描述 |
annotation | String | | 註解(JSON字串)。 |
riskLevel | String | Critical | 風險層級。 |
dataType | String | NonCompliantNotification | 資料類型。 |
evaluationResultIdentifier | String | | 評估結果標識(JSON字串)。 |
eventType | String | ResourceCompliance | 事件類型。 |
invokingEventMessageType | String | Manual | 呼叫事件訊息類型。 |
configRuleInvokedTimestamp | Number | 1637657187979 | 配置規則調用時間戳記。 |
complianceType | String | NON_COMPLIANT | 合規類型。 |
accountId | String | 100931896542**** | 阿里雲帳號ID。 |
requestId | String | 96dc838e-708d-4429-aa1b-121d1fee**** | 請求ID。 |
resultRecordedTimestamp | Number | 1637658505230 | 記錄結果的時間戳記。 |
eventName | String | NonCompliant | 事件名稱。 |
notificationCreationTime | Number | 1637658505710 | 通知事件建立時間。 |