如果您设置了资源快照投递功能,配置审计将资源变更历史快照或资源定时配置快照以指定格式投递到对象存储OSS。通过本文您可以了解资源变更历史快照和资源定时配置快照的代码示例和主要参数说明。
资源变更历史快照
资源变更历史快照的主要参数说明如下表所示。
| 参数 | 说明 |
|---|---|
| accountId | 资源所属阿里云账号ID。 |
| arn | 资源ARN。各云服务资源类型对应的ARN格式,请参见ARN格式。 |
| regionId | 资源所在地域ID。 |
| configuration | 资源的详细配置。 |
| configurationDiff | 资源配置变更的具体变更项及变更前后信息。 |
| captureTime | 配置审计发现资源变更事件并生成日志的时间戳。时间戳转换方法,请参见Unix时间戳。 |
| resourceCreateTime | 创建资源的时间戳。时间戳转换方法,请参见Unix时间戳。 |
| resourceId | 资源ID。 |
| resourceName | 资源名称。 |
| resourceType | 资源类型。支持的资源类型请参见支持配置审计的云服务。 |
| tags | 资源标签。 |
| resourceEventType | 资源变更事件的类型。取值:
|
新建、更新和删除资源的代码示例如下:
- 新建资源
阿里云账号在对象存储OSS的上海地域新建存储桶(Bucket) test123,在configurationDiff中显示变更前信息(null)和变更后信息。
{ "configurationItems":[ { "accountId":1208863178****, "arn":"acs:oss:cn-shanghai:120886317****:test123", "regionId":"cn-shanghai", "configuration":"{"AccessControlList":{"Grant":"private"},"ServerSideEncryptionRule":{"SSEAlgorithm":"None"},"Comment":"","CreationDate":"2020-11-16T06:50:36.000Z","Owner":{"DisplayName":"1208863178****","ID":"1208863178****"},"StorageClass":"Standard","DataRedundancyType":"LRS","AllowEmptyReferer":"true","Name":"test123","BucketPolicy":{"LogPrefix":"","LogBucket":""},"ExtranetEndpoint":"oss-cn-shanghai.aliyuncs.com","IntranetEndpoint":"oss-cn-shanghai-internal.aliyuncs.com","Location":"oss-cn-shanghai"}", "configurationDiff":"{"AccessControlList":[null,{"Grant":"private"}],"ServerSideEncryptionRule":[null,{"SSEAlgorithm":"None"}],"CreationDate":[null,"2020-11-16T06:50:36.000Z"],"Owner":[null,{"DisplayName":"1208863178****","ID":"1208863178****"}],"BucketPolicy":[null,{"LogPrefix":"","LogBucket":""}],"StorageClass":[null,"Standard"],"ExtranetEndpoint":[null,"oss-cn-shanghai.aliyuncs.com"],"DataRedundancyType":[null,"LRS"],"AllowEmptyReferer":[null,"true"],"IntranetEndpoint":[null,"oss-cn-shanghai-internal.aliyuncs.com"],"Name":[null,"test123"],"Location":[null,"oss-cn-shanghai"]}", "captureTime":1605509680560, "resourceCreateTime":1605509436000, "resourceId":"test123", "resourceName":"test123", "resourceType":"ACS::OSS::Bucket", "tags":"{}", "resourceEventType":"DISCOVERED" } ], "fileVersion":"1.0" } - 更新资源
阿里云账号在对象存储OSS的上海地域更新存储桶test666的Referer白名单,在configurationDiff中显示变更前信息(允许开启空Referer)和变更后信息(不允许开启空Referer)。
{ "configurationItems":[ { "accountId":1208863178****, "arn":"acs:oss:cn-shanghai:1208863178****:test666", "regionId":"cn-shanghai", "configuration":"{"AccessControlList":{"Grant":"private"},"ServerSideEncryptionRule":{"SSEAlgorithm":"AES256"},"Comment":"","CreationDate":"2020-03-16T08:34:49.000Z","Owner":{"DisplayName":"1208863178****","ID":"1208863178****"},"StorageClass":"Standard","DataRedundancyType":"LRS","RefererList":{"Referer":["https://www.*****.com"]},"AllowEmptyReferer":"false","Name":"testoss111","BucketPolicy":{"LogPrefix":"","LogBucket":""},"TagSet":{"Tag":[{"Value":"1","Key":"1"},{"Value":"2","Key":"2"},{"Value":"001","Key":"526"},{"Value":"612","Key":"612"},{"Value":"prod2","Key":"env"},{"Value":"v0","Key":"k0"}]},"ExtranetEndpoint":"oss-cn-shanghai.aliyuncs.com","Region":"cn-shanghai","IntranetEndpoint":"oss-cn-shanghai-internal.aliyuncs.com","Location":"oss-cn-shanghai"}", "configurationDiff":"{"AllowEmptyReferer":["true","false"]}", "captureTime":1605508188495, "resourceCreateTime":1584347689000, "resourceId":"test666", "resourceName":"test666", "resourceType":"ACS::OSS::Bucket", "tags":"", "resourceEventType":"MODIFY" } ], "fileVersion":"1.0" } - 删除资源
阿里云账号在对象存储OSS的上海地域删除存储桶test666,在configurationDiff中显示变更前信息和变更后信息(null)。
{ "configurationItems":[ { "accountId":1208863178****, "arn":"acs:oss:cn-shanghai:120886317****:"test666", "regionId":"cn-shanghai", "configuration":"{"AccessControlList":{"Grant":"private"},"ServerSideEncryptionRule":{"SSEAlgorithm":"None"},"Comment":"","CreationDate":"2020-11-16T06:50:36.000Z","Owner":{"DisplayName":"1208863178****","ID":"1208863178****"},"StorageClass":"Standard","DataRedundancyType":"LRS","AllowEmptyReferer":"true","Name":"test666","BucketPolicy":{"LogPrefix":"","LogBucket":""},"ExtranetEndpoint":"oss-cn-shanghai.aliyuncs.com","IntranetEndpoint":"oss-cn-shanghai-internal.aliyuncs.com","Location":"oss-cn-shanghai"}", "configurationDiff":"{"AccessControlList":[{"Grant":"private"},null],"ServerSideEncryptionRule":[{ "SSEAlgorithm":"None"},null],"CreationDate":["2020-11-16T06:50:36.000Z",null],"Owner":[ {"DisplayName":"1208863178****","ID":"1208863178****"},null],"BucketPolicy":[{ "LogPrefix":"","LogBucket":""},null],"StorageClass":["Standard",null], "ExtranetEndpoint":["oss-cn-shanghai.aliyuncs.com",null],"DataRedundancyType":["LRS",null],"AllowEmptyReferer":[ "true",null],"IntranetEndpoint":["oss-cn-shanghai-internal.aliyuncs.com",null],"Name":[ "test666",null],"Location":["oss-cn-shanghai",null]}", "captureTime":1605509680560, "resourceCreateTime":1605509436000, "resourceId":"test666", "resourceName":"test666", "resourceType":"ACS::OSS::Bucket", "tags":"{}", "resourceEventType":"REMOVE" } ], "fileVersion":"1.0" }
资源定时配置快照
资源定时配置快照的参数说明如下表所示。
| 参数 | 说明 |
|---|---|
| accountId | 资源所属阿里云账号ID。 |
| availabilityZone | 资源可用区。 |
| regionId | 资源所在地域。 |
| configuration | 资源的详细配置。 |
| resourceCreateTime | 创建资源的时间戳。时间戳转换方法,请参见Unix时间戳。 |
| resourceId | 资源ID。 |
| resourceName | 资源名称。 |
| resourceType | 资源类型。支持的资源类型请参见支持配置审计的云服务。 |
| tags | 资源的标签。 |
阿里云账号将对象存储OSS上海地域的存储桶test123的定时配置快照投递到您指定的存储桶中。代码示例如下:
{
"configurationItems":[
{
"accountId":12088631786*****,
"availabilityZone":"",
"regionId":"cn-shanghai",
"configuration":"{"AccessControlList":{"Grant":"private"},"ServerSideEncryptionRule":{"SSEAlgorithm":"AES256"},"Comment":"","CreationDate":"2019-08-29T06:02:59.000Z","Owner":{"DisplayName":"12088631786*****","ID":"12088631786*****"},"StorageClass":"Standard","DataRedundancyType":"LRS","RefererList":{"Referer":["https://www.******.com"]},"AllowEmptyReferer":"false","Name":"test123","BucketPolicy":{"LogPrefix":"","LogBucket":""},"ExtranetEndpoint":"oss-cn-shanghai.aliyuncs.com","TagSet":{"Tag":[{"Value":"1","Key":"1"},{"Value":"2","Key":"2"},{"Value":"001","Key":"526"},{"Value":"612","Key":"612"},{"Value":"prod2","Key":"env"},{"Value":"v0","Key":"k0"}]},"Region":"cn-shanghai","IntranetEndpoint":"oss-cn-shanghai-internal.aliyuncs.com","Location":"oss-cn-shanghai"}",
"resourceCreateTime":1567058579000,
"resourceId":"test123",
"resourceName":"test123",
"resourceType":"ACS::OSS::Bucket",
"tags":""
}
],
"fileVersion":"1.0"
}
在文档使用中是否遇到以下问题
更多建议
匿名提交