操作审计支持查询负载均衡SLB(Server Load Balancer)相关事件。当SLB操作出现异常时,您可以快速查询事件并获取事件发生的时间、地域、SLB实例等信息。本文为您举例说明SLB相关事件。
阿里云账号通过控制台删除SLB实例
以下示例表示,在北京时间2021年08月03日20:21:55,阿里云账号调用DeleteLoadBalancer接口删除了杭州地域ID为lb-bp1b3iffgeccmaww3****的SLB实例。
{
"eventId": "51D55867-8194-5C55-8F33-4385D7C37D99",
"eventVersion": 1,
"responseElements": {
"RequestId": "51D55867-8194-5C55-8F33-4385D7C37D99"
},
"eventSource": "slb-pop.aliyuncs.com",
"requestParameters": {
"AcsHost": "slb-pop.aliyuncs.com",
"AcsProduct": "Slb",
"RequestId": "51D55867-8194-5C55-8F33-4385D7C37D99",
"LoadBalancerId": "lb-bp1b3iffgeccmaww3****",
"SlbApi__domiain": "slb-pop.aliyuncs.com",
"https": "False",
"HostId": "slb-pop.aliyuncs.com"
},
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "ros.console.aliyun.com",
"eventType": "ApiCall",
"referencedResources": {
"ACS::SLB::LoadBalancer": [
"lb-bp1b3iffgeccmaww3****"
]
},
"userIdentity": {
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-08-03T12:21:55Z"
}
},
"accountId": "162728028114****",
"principalId": "162728028114****",
"type": "root-account",
"userName": "root"
},
"serviceName": "Slb",
"additionalEventData": {
"Scheme": "http",
"CallerBid": "26842"
},
"apiVersion": "2014-05-15",
"requestId": "51D55867-8194-5C55-8F33-4385D7C37D99",
"eventTime": "2021-08-03T12:21:55Z",
"isGlobal": false,
"acsRegion": "cn-hangzhou",
"eventName": "DeleteLoadBalancer"
}示例中关键字段含义如下:
userIdentity.type:请求者的身份类型。取值为root-account,表示阿里云账号。serviceName:事件相关的阿里云服务名称。取值为Slb,表示SLB。eventName:事件名称。取值为DeleteLoadBalancer,表示删除SLB实例。referencedResources:事件影响的资源列表。取值为{"ACS::SLB::LoadBalancer": ["lb-bp1b3iffgeccmaww3****"]},表示SLB实例lb-bp1b3iffgeccmaww3****。acsRegion:事件发生的地域。取值为cn-hangzhou,表示杭州地域。eventTime:事件发生的时间(UTC格式)。取值为2021-08-03T12:21:55Z,表示北京时间2021年08月03日20:21:55。
RAM用户通过控制台删除SLB实例
以下示例表示,在北京时间2021年08月05日11:21:50,RAM用户Alice调用DeleteLoadBalancer接口删除了杭州地域ID为lb-bp160ovcr2iicm8y4****的SLB实例。
{
"eventId": "458F7AFB-53D5-561E-979A-20B2FC1476CF",
"eventVersion": 1,
"responseElements": {
"RequestId": "458F7AFB-53D5-561E-979A-20B2FC1476CF"
},
"eventSource": "slb-openapi-share.aliyuncs.com",
"requestParameters": {
"charset": "UTF-8",
"AcsHost": "slb-openapi-share.aliyuncs.com",
"AcsProduct": "Slb",
"RequestId": "458F7AFB-53D5-561E-979A-20B2FC1476CF",
"AcceptLanguage": "zh-CN",
"LoadBalancerId": "lb-bp160ovcr2iicm8y4****",
"RegionId": "cn-hangzhou",
"HostId": "slb-openapi-share.aliyuncs.com"
},
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "slb.console.aliyun.com",
"eventType": "ApiCall",
"referencedResources": {
"ACS::SLB::LoadBalancer": [
"lb-bp160ovcr2iicm8y4****"
]
},
"userIdentity": {
"sessionContext": {
"attributes": {
"mfaAuthenticated": "true",
"creationDate": "2021-08-05T03:21:50Z"
}
},
"accountId": "173376625463****",
"principalId": "20804860793058****",
"type": "ram-user",
"userName": "Alice"
},
"serviceName": "Slb",
"additionalEventData": {
"Scheme": "http",
"CallerBid": "26842"
},
"apiVersion": "2014-05-15",
"requestId": "458F7AFB-53D5-561E-979A-20B2FC1476CF",
"eventTime": "2021-08-05T03:21:50Z",
"isGlobal": false,
"acsRegion": "cn-hangzhou",
"eventName": "DeleteLoadBalancer"
}示例中关键字段含义如下:
userIdentity.type:请求者的身份类型。取值为ram-user,表示RAM用户。userIdentity.userName:请求者的RAM用户名称。serviceName:事件相关的阿里云服务名称。取值为Slb,表示SLB。eventName:事件名称。取值为DeleteLoadBalancer,表示删除SLB实例。referencedResources:事件影响的资源列表。取值为{"ACS::SLB::LoadBalancer": ["lb-bp160ovcr2iicm8y4****"]},表示SLB实例lb-bp160ovcr2iicm8y4****。acsRegion:事件发生的地域。取值为cn-hangzhou,表示杭州地域。eventTime:事件发生的时间(UTC格式)。取值为2021-08-05T03:21:50Z,表示北京时间2021年08月05日11:21:50。
阿里云账号通过AK调用API删除SLB实例
以下示例表示,在北京时间2021年08月05日11:31:19,阿里云账号通过AK LTAI4GAhAbUyrykxM3mY****调用DeleteLoadBalancer接口删除了杭州地域ID为lb-bp19gskmju1h6tm3v****的SLB实例。
{
"eventId": "89E7EA51-53A0-5C85-9D3C-3838F9CEA99D",
"eventVersion": 1,
"responseElements": {
"RequestId": "89E7EA51-53A0-5C85-9D3C-3838F9CEA99D"
},
"eventSource": "slb.aliyuncs.com",
"requestParameters": {
"AcsHost": "slb.aliyuncs.com",
"AcsProduct": "Slb",
"RequestId": "89E7EA51-53A0-5C85-9D3C-3838F9CEA99D",
"LoadBalancerId": "lb-bp19gskmju1h6tm3v****",
"SignatureType": "",
"RegionId": "cn-hangzhou",
"HostId": "slb.aliyuncs.com"
},
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "AlibabaCloud (linux; amd64) Golang/1.12.9 Core/0.0.1 HashiCorp-Terraform/0.12.1-1.55.4",
"eventType": "ApiCall",
"referencedResources": {
"ACS::SLB::LoadBalancer": [
"lb-bp19gskmju1h6tm3v****"
]
},
"userIdentity": {
"accessKeyId": "LTAI4GAhAbUyrykxM3mY****",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-08-05T03:31:19Z"
}
},
"accountId": "152239434953****",
"principalId": "152239434953****",
"type": "root-account",
"userName": "root"
},
"serviceName": "Slb",
"additionalEventData": {
"Scheme": "https",
"CallerBid": "26842"
},
"apiVersion": "2014-05-15",
"requestId": "89E7EA51-53A0-5C85-9D3C-3838F9CEA99D",
"eventTime": "2021-08-05T03:31:19Z",
"isGlobal": false,
"acsRegion": "cn-hangzhou",
"eventName": "DeleteLoadBalancer"
}示例中关键字段含义如下:
userIdentity.accessKeyId:发起API调用的AccessKey ID。取值为LTAI4GAhAbUyrykxM3mY****。userIdentity.principalId:AK所属的账号ID。取值为152239434953****。serviceName:事件相关的阿里云服务名称。取值为Slb,表示SLB。eventName:事件名称。取值为DeleteLoadBalancer,表示删除SLB实例。referencedResources:事件影响的资源列表。取值为{"ACS::SLB::LoadBalancer": ["lb-bp19gskmju1h6tm3v****"]},表示SLB实例lb-bp19gskmju1h6tm3v****。acsRegion:事件发生的地域。取值为cn-hangzhou,表示杭州地域。eventTime:事件发生的时间(UTC格式)。取值为2021-08-05T03:31:19Z,表示北京时间2021年08月05日11:31:19。
RAM角色通过角色扮演删除SLB实例
以下示例表示,在北京时间2021年08月05日09:10:13,容器服务ACK通过扮演角色aliyuncsdefaultrole,删除了杭州地域ID为lb-bp1bqozygmlt8wohe****的SLB实例。
{
"eventId": "379F4611-D4C0-5DE7-A152-DDEA715A5E79",
"eventVersion": 1,
"responseElements": {
"RequestId": "379F4611-D4C0-5DE7-A152-DDEA715A5E79"
},
"eventSource": "slb-pop.aliyuncs.com",
"requestParameters": {
"stsTokenPrincipalName": "aliyuncsdefaultrole/cs-provision-role-1628125309",
"AcsHost": "slb-pop.aliyuncs.com",
"AcsProduct": "Slb",
"RequestId": "379F4611-D4C0-5DE7-A152-DDEA715A5E79",
"LoadBalancerId": "lb-bp1bqozygmlt8wohe****",
"SlbApi__domiain": "slb-pop.aliyuncs.com",
"https": "False",
"HostId": "slb-pop.aliyuncs.com",
"stsTokenPlayerUid": 175434791765****
},
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "ros",
"eventType": "ApiCall",
"referencedResources": {
"ACS::SLB::LoadBalancer": [
"lb-bp1bqozygmlt8wohe****"
]
},
"userIdentity": {
"accessKeyId": "STS.9huAj27vmkaWKAoJytpctKRapi8sUSJerq7GFAAs9Lb9twgPzg****",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-08-05T01:10:13Z"
}
},
"accountId": "190885984155****",
"principalId": "33370898817881****:cs-provision-role-1628125309",
"type": "assumed-role",
"userName": "aliyuncsdefaultrole:cs-provision-role-1628125309"
},
"serviceName": "Slb",
"additionalEventData": {
"Scheme": "http",
"CallerBid": "26842"
},
"apiVersion": "2014-05-15",
"requestId": "379F4611-D4C0-5DE7-A152-DDEA715A5E79",
"eventTime": "2021-08-05T01:10:13Z",
"isGlobal": false,
"acsRegion": "cn-hangzhou",
"eventName": "DeleteLoadBalancer"
}示例中关键字段含义如下:
userIdentity.type:请求者的身份类型。取值为assumed-role,表示RAM角色。userIdentity.userName:请求者的用户名。格式为{roleName}:{sessionName},roleName表示被扮演的角色名称,sessionName表示进行角色扮演时指定的名称。取值为aliyuncsdefaultrole:cs-provision-role-1628125309,表示被扮演的RAM角色名称是aliyuncsdefaultrole,进行角色扮演时指定的名称为cs-provision-role-1628125309。说明容器服务ACK在集群操作时默认使用
aliyuncsdefaultrole角色来访问您在其他云服务中的资源。requestParameters.stsTokenPlayerUid:扮演者的阿里云账号ID。取值为175434791765****。referencedResources:事件影响的资源列表。取值为{"ACS::SLB::LoadBalancer": ["lb-bp1bqozygmlt8wohe****"]},表示SLB实例lb-bp1bqozygmlt8wohe****。serviceName:事件相关的阿里云服务名称。取值为SLB,表示SLB。eventName:事件名称。取值为DeleteLoadBalancer,表示删除SLB实例。acsRegion:事件发生的地域。取值为cn-hangzhou,表示杭州地域。eventTime:事件发生的时间(UTC格式)。取值为2021-08-05T01:10:13Z,表示北京时间2021年08月05日09:10:13。