操作审计支持查询阿里云内容分发网络CDN(Content Delivery Network)相关事件。您可以快速查询CDN事件并获取事件发生的时间、地域、域名等信息。本文为您举例说明CDN相关事件。

阿里云账号通过控制台添加CDN加速域名

以下示例表示,在北京时间2021年08月05日14:10:01,阿里云账号调用AddCdnDomain接口通过CDN控制台添加了CDN加速域名example.com

{
  "eventId": "3F44719F-9858-5016-AC54-794BBEE449C3",
  "eventVersion": 1,
  "responseElements": {
    "RequestId": "3F44719F-9858-5016-AC54-794BBEE449C3"
  },
  "eventSource": "cdn-share.aliyuncs.com",
  "requestParameters": {
    "charset": "UTF-8",
    "AcsHost": "cdn-share.aliyuncs.com",
    "AcsProduct": "Cdn",
    "RequestId": "3F44719F-9858-5016-AC54-794BBEE449C3",
    "ResourceGroupId": "rg-acfmxl27ech****",
    "Scope": "domestic",
    "DomainName": "example.com",
    "AcceptLanguage": "zh-CN",
    "CdnType": "web",
    "HostId": "cdn-share.aliyuncs.com",
    "Sources": [
      {
        "Type": "oss",
        "Content": "hao-nan.oss-cn-shanghai.aliyuncs.com",
        "Priority": "20",
        "Port": 80,
        "index": 0,
        "Weight": "10"
      }
    ]
  },
  "sourceIpAddress": "192.168.XX.XX",
  "userAgent": "cdnnext.console.aliyun.com",
  "eventType": "ApiCall",
  "referencedResources": {
    "ACS::CDN::Domain": [
      "cdns.example.com"
    ]
  },
  "userIdentity": {
    "sessionContext": {
      "attributes": {
        "mfaAuthenticated": "false",
        "creationDate": "2021-08-05T06:10:01Z"
      }
    },
    "accountId": "128022060925****",
    "principalId": "128022060925****",
    "type": "root-account",
    "userName": "root"
  },
  "serviceName": "Cdn",
  "additionalEventData": {
    "Scheme": "http",
    "CallerBid": "26842"
  },
  "apiVersion": "2018-05-10",
  "requestId": "3F44719F-9858-5016-AC54-794BBEE449C3",
  "eventTime": "2021-08-05T06:10:01Z",
  "isGlobal": true,
  "acsRegion": "cn-shanghai",
  "eventName": "AddCdnDomain"
}

示例中关键字段含义如下:

  • userIdentity.type:请求者的身份类型。取值为root-account,表示阿里云账号。
  • serviceName:事件相关的阿里云服务名称。取值为Cdn,表示CDN。
  • eventName:事件名称。取值为AddCdnDomain,表示添加CDN加速域名。
  • referencedResources:相关资源列表。取值为{"ACS::CDN::Domain": ["example.com"},表示CDN加速域名example.com
  • eventTime:事件发生的时间(UTC格式)。取值为2021-08-05T06:10:01Z,表示北京时间2021年08月05日14:10:01。

RAM用户通过控制台添加CDN加速域名

以下示例表示,在北京时间2021年08月05日13:54:39,RAM用户dev调用AddCdnDomain接口通过CDN控制台添加了CDN加速域名example.com

{
  "eventId": "93DA5CD8-7D32-51E1-ACC5-7EFE0E1AD93E",
  "eventVersion": 1,
  "responseElements": {
    "RequestId": "93DA5CD8-7D32-51E1-ACC5-7EFE0E1AD93E",
  },
  "eventSource": "cdn-share.aliyuncs.com",
  "requestParameters": {
    "charset": "UTF-8",
    "AcsHost": "cdn-share.aliyuncs.com",
    "AcsProduct": "Cdn",
    "RequestId": "93DA5CD8-7D32-51E1-ACC5-7EFE0E1AD93E",
    "Scope": "domestic",
    "DomainName": "example.com",
    "AcceptLanguage": "zh-CN",
    "CdnType": "web",
    "HostId": "cdn-share.aliyuncs.com",
    "Sources": [
      {
        "Type": "oss",
        "Content": "lxhy-h5-****.oss-cn-chengdu.aliyuncs.com",
        "Priority": "20",
        "Port": 80,
        "index": 0,
        "Weight": "10"
      }
    ]
  },
  "errorCode": "DomainAlreadyExist",
  "sourceIpAddress": "192.168.XX.XX",
  "userAgent": "cdn.console.aliyun.com",
  "eventType": "ApiCall",
  "referencedResources": {
    "ACS::CDN::Domain": [
      "example.com"
    ]
  },
  "userIdentity": {
    "sessionContext": {
      "attributes": {
        "mfaAuthenticated": "false",
        "creationDate": "2021-08-05T05:54:39Z"
      }
    },
    "accountId": "159702607145****",
    "principalId": "24749552624582****",
    "type": "ram-user",
    "userName": "dev"
  },
  "serviceName": "Cdn",
  "additionalEventData": {
    "Scheme": "http",
    "CallerBid": "26842"
  },
  "apiVersion": "2018-05-10",
  "requestId": "93DA5CD8-7D32-51E1-ACC5-7EFE0E1AD93E",
  "eventTime": "2021-08-05T05:54:39Z",
  "isGlobal": true,
  "acsRegion": "cn-shanghai",
  "eventName": "AddCdnDomain"
}

示例中关键字段含义如下:

  • userIdentity.type:请求者的身份类型。取值为ram-user,表示RAM用户。
  • userIdentity.userName:请求者的RAM用户名称。
  • serviceName:事件相关的阿里云服务名称。取值为Cdn,表示CDN。
  • eventName:事件名称。取值为AddCdnDomain,表示添加CDN加速域名。
  • referencedResources:相关资源列表。取值为{"ACS::CDN::Domain": ["example.com"]},表示CDN实例example.com
  • eventTime:事件发生的时间(UTC格式)。取值为2021-08-05T05:54:39Z,表示北京时间2021年08月05日13:54:39。

RAM用户通过AK调用API添加CDN加速域名

以下示例表示,在北京时间2021年08月04日19:07:28,RAM用户Alice通过AK LTAI4GHbFgwYxAHRqcsr****调用AddCdnDomain接口添加了CDN加速域名example.com

{
  "eventId": "2FB7E0AD-F3E1-5164-BBDA-8A1D846F9176",
  "eventVersion": 1,
  "responseElements": {
    "RequestId": "2FB7E0AD-F3E1-5164-BBDA-8A1D846F9176",
    "Message": "Owner verification of the root domain failed.",
    "Recommend": "https://error-center.aliyun.com/status/search?Keyword=DomainOwnerVerifyFail&source=PopGw",
    "HostId": "cdn.aliyuncs.com",
    "Code": "DomainOwnerVerifyFail"
  },
  "errorMessage": "Owner verification of the root domain failed.",
  "eventSource": "cdn.aliyuncs.com",
  "requestParameters": {
    "q": 0.9,
    "AcsHost": "cdn.aliyuncs.com",
    "AcsProduct": "Cdn",
    "RequestId": "2FB7E0AD-F3E1-5164-BBDA-8A1D846F9176",
    "DomainName": "example.com",
    "v": "b3",
    "CdnType": "web",
    "HostId": "cdn.aliyuncs.com",
    "Sources": [
      {
        "type": "domain",
        "content": "aliyundoc.com"
      }
    ]
  },
  "errorCode": "DomainOwnerVerifyFail",
  "sourceIpAddress": "192.168.XX.XX",
  "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36 SE 2.X MetaSr 1.0",
  "eventType": "ApiCall",
  "referencedResources": {
    "ACS::CDN::Domain": [
      "example.com"
    ]
  },
  "userIdentity": {
    "accessKeyId": "LTAI4GHbFgwYxAHRqcsr****",
    "sessionContext": {
      "attributes": {
        "mfaAuthenticated": "false",
        "creationDate": "2021-08-04T11:06:44Z"
      }
    },
    "accountId": "166878994059****",
    "principalId": "20223100810693****",
    "type": "ram-user",
    "userName": "Alice"
  },
  "serviceName": "Cdn",
  "additionalEventData": {
    "Scheme": "https",
    "CallerBid": "26842"
  },
  "apiVersion": "2018-05-10",
  "requestId": "2FB7E0AD-F3E1-5164-BBDA-8A1D846F9176",
  "eventTime": "2021-08-04T11:07:28Z",
  "isGlobal": true,
  "acsRegion": "cn-shanghai",
  "eventName": "AddCdnDomain"
}

示例中关键字段含义如下:

  • userIdentity.accessKeyId:发起API调用的AccessKey ID。取值为LTAI4GHbFgwYxAHRqcsr****
  • userIdentity.principalId:AK所属的账号ID。取值为20223100810693****
  • userIdentity.type:请求者的身份类型。取值为ram-user,表示RAM用户。
  • serviceName:事件相关的阿里云服务名称。取值为Cdn,表示CDN。
  • eventName:事件名称。取值为AddCdnDomain,表示添加CDN加速域名。
  • referencedResources:相关资源列表。取值为{"ACS::CDN::Domain": ["example.com"]},表示CDN加速域名example.com
  • eventTime:事件发生的时间(UTC格式)。取值为2021-08-04T11:07:28Z,表示北京时间2021年08月04日19:07:28。

RAM用户通过角色扮演添加CDN加速域名

以下示例表示,在北京时间2021年08月02日14:15:46,阿里云账号111526800165****中的RAM用户通过扮演阿里云账号147048327155****下的RAM角色aliyunid-ag-ram-role-admin,添加了CDN加速域名example.com

{
  "eventId": "79229ED7-C2B6-45C5-B665-23AF88783660",
  "eventVersion": 1,
  "responseElements": {
    "RequestId": "79229ED7-C2B6-45C5-B665-23AF88783660",
    "Message": "Owner verification of the root domain failed.",
    "Recommend": "https://error-center.aliyun.com/status/search?Keyword=DomainOwnerVerifyFail&source=PopGw",
    "HostId": "cdn.aliyuncs.com",
    "Code": "DomainOwnerVerifyFail"
  },
  "errorMessage": "Owner verification of the root domain failed.",
  "eventSource": "cdn.aliyuncs.com",
  "requestParameters": {
    "stsTokenPrincipalName": "aliyunid-ag-ram-role-admin/BASEMENT",
    "AcsHost": "cdn.aliyuncs.com",
    "AcsProduct": "Cdn",
    "RequestId": "79229ED7-C2B6-45C5-B665-23AF88783660",
    "DomainName": "example.com",
    "CdnType": "web",
    "RegionId": "cn-zhangjiakou",
    "HostId": "cdn.aliyuncs.com",
    "stsTokenPlayerUid": 111526800165****,
    "Sources": [
      {
        "port": 443,
        "type": "domain",
        "content": "aliyundoc.com"
      }
    ]
  },
  "errorCode": "DomainOwnerVerifyFail",
  "sourceIpAddress": "192.168.XX.XX",
  "userAgent": "AlibabaCloud (Linux; amd64) Java/1.8.0_252-b09 Core/4.5.19 HTTPClient/ApacheHttpClient",
  "eventType": "ApiCall",
  "referencedResources": {
    "ACS::CDN::Domain": [
      "example.com"
    ]
  },
  "userIdentity": {
    "accessKeyId": "STS.NSrwtDuh5hbwR1gtWwZhS****",
    "sessionContext": {
      "attributes": {
        "mfaAuthenticated": "false",
        "creationDate": "2021-07-25T02:40:34Z"
      }
    },
    "accountId": "147048327155****",
    "principalId": "30304522804117****:BASEMENT",
    "type": "assumed-role",
    "userName": "aliyunid-ag-ram-role-admin:BASEMENT"
  },
  "serviceName": "Cdn",
  "additionalEventData": {
    "Scheme": "http",
    "CallerBid": "26842"
  },
  "apiVersion": "2018-05-10",
  "requestId": "79229ED7-C2B6-45C5-B665-23AF88783660",
  "eventTime": "2021-08-02T06:15:46Z",
  "isGlobal": true,
  "acsRegion": "cn-shanghai",
  "eventName": "AddCdnDomain"
}

示例中关键字段含义如下:

  • userIdentity.type:请求者的身份类型。取值为assumed-role,表示RAM角色。
  • userIdentity.userName:请求者的用户名。格式为{roleName}:{sessionName}roleName表示被扮演的角色名称,sessionName表示进行角色扮演时指定的名称。取值为aliyunid-ag-ram-role-admin:BASEMENT,表示被扮演的RAM角色名称是aliyunid-ag-ram-role-admin,进行角色扮演时指定的名称为BASEMENT
  • requestParameters.stsTokenPlayerUid:扮演者的阿里云账号ID。取值为111526800165****
  • referencedResources:相关资源列表。取值为{"ACS::CDN::Domain": ["example.com"]},表示CDN加速域名example.com
  • serviceName:事件相关的阿里云服务名称。取值为Cdn,表示CDN。
  • eventName:事件名称。取值为AddCdnDomain,表示添加CDN加速域名。
  • eventTime:事件发生的时间(UTC格式)。取值为2021-08-02T06:15:46Z,表示北京时间2021年08月02日14:15:46。