操作审计支持查询阿里云关系型数据库RDS(Relational Database Service)相关事件。您可以快速查询RDS事件并获取事件发生的时间、地域、RDS实例等信息。本文为您举例说明RDS相关事件。
阿里云账号通过控制台重启RDS实例
以下示例表示,在北京时间2021年08月04日15:34:58,阿里云账号调用RestartDBInstance接口重启了杭州地域ID为rm-bp18vn5itslhw****的RDS实例。
{
"eventId": "4EC856C0-A735-52D0-A7E6-E5CD09A5BCD4",
"eventVersion": 1,
"responseElements": {
"RequestId": "4EC856C0-A735-52D0-A7E6-E5CD09A5BCD4"
},
"eventSource": "rds-inc-share.aliyuncs.com",
"requestParameters": {
"charset": "UTF-8",
"AcsHost": "rds-inc-share.aliyuncs.com",
"AcsProduct": "Rds",
"RequestId": "4EC856C0-A735-52D0-A7E6-E5CD09A5BCD4",
"DBInstanceId": "rm-bp18vn5itslhw****",
"AcceptLanguage": "zh-CN",
"HostId": "rds-inc-share.aliyuncs.com"
},
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "rdsnext.console.aliyun.com",
"eventType": "ApiCall",
"referencedResources": {
"ACS::RDS::DBInstance": [
"rm-bp18vn5itslhw****"
]
},
"userIdentity": {
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-08-04T07:34:58Z"
}
},
"accountId": "147395807376****",
"principalId": "147395807376****",
"type": "root-account",
"userName": "root"
},
"serviceName": "Rds",
"additionalEventData": {
"Scheme": "http",
"CallerBid": "26842"
},
"apiVersion": "2014-08-15",
"requestId": "4EC856C0-A735-52D0-A7E6-E5CD09A5BCD4",
"eventTime": "2021-08-04T07:34:58Z",
"isGlobal": false,
"acsRegion": "cn-hangzhou",
"eventName": "RestartDBInstance"
}示例中关键字段含义如下:
userIdentity.type:请求者的身份类型。取值为root-account,表示阿里云账号。serviceName:事件相关的阿里云服务名称。取值为Rds,表示RDS。eventName:事件名称。取值为RestartDBInstance,表示重启实例。referencedResources:事件影响的资源列表。取值为{"ACS::RDS::DBInstance": ["rm-bp18vn5itslhw****"},表示RDS实例rm-bp18vn5itslhw****。acsRegion:事件发生的地域。取值为cn-hangzhou,表示杭州地域。eventTime:事件发生的时间(UTC格式)。取值为2021-08-04T07:34:58Z,表示北京时间2021年08月04日15:34:58。
RAM用户通过控制台重启RDS实例
以下示例表示,在北京时间2021年08月04日10:54:38,RAM用户Alice调用RestartDBInstance接口重启了杭州地域ID为rm-bp15hkr5tb57v****的RDS实例。
{
"apiVersion": "2014-08-15",
"requestId": "532F2CED-F931-57FC-B08E-5AF8FF443DD5",
"eventType": "ApiCall",
"userIdentity": {
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-08-04T02:54:38Z"
}
},
"accountId": "183080612160****",
"principalId": "20816241517167****",
"type": "ram-user",
"userName": "Alice"
},
"acsRegion": "cn-hangzhou",
"eventName": "RestartDBInstance",
"requestParameters": {
"charset": "UTF-8",
"AcsHost": "rds-inc-share.aliyuncs.com",
"AcsProduct": "Rds",
"RequestId": "532F2CED-F931-57FC-B08E-5AF8FF443DD5",
"DBInstanceId": "rm-bp15hkr5tb57v****",
"AcceptLanguage": "zh-CN",
"HostId": "rds-inc-share.aliyuncs.com"
},
"eventSource": "rds-inc-share.aliyuncs.com",
"serviceName": "Rds",
"eventTime": "2021-08-04T02:54:38Z",
"referencedResources": {
"DBInstance": [
"rm-bp15hkr5tb57v****"
],
"ACS::RDS::DBInstance": [
"rm-bp15hkr5tb57v****"
]
},
"userAgent": "rdsnext.console.aliyun.com",
"eventId": "532F2CED-F931-57FC-B08E-5AF8FF443DD5",
"additionalEventData": {
"Scheme": "http"
},
"responseElements": {
"RequestId": "532F2CED-F931-57FC-B08E-5AF8FF443DD5"
},
"errorCode": "",
"errorMessage": "",
"eventVersion": "1",
"sourceIpAddress": "192.168.XX.XX"
}示例中关键字段含义如下:
userIdentity.type:请求者的身份类型。取值为ram-user,表示RAM用户。userIdentity.userName:请求者的RAM用户名称。serviceName:事件相关的阿里云服务名称。取值为Rds,表示RDS。eventName:事件名称。取值为RestartDBInstance,表示重启实例。referencedResources:事件影响的资源列表。取值为{"DBInstance": ["rm-bp15hkr5tb57v****"],"ACS::RDS::DBInstance": ["rm-bp15hkr5tb57v****"]},表示RDS实例rm-bp15hkr5tb57v****。acsRegion:事件发生的地域。取值为cn-hangzhou,表示杭州地域。eventTime:事件发生的时间(UTC格式)。取值为2021-08-04T02:54:38Z,表示北京时间2021年08月04日10:54:38。
阿里云账号通过AK调用API重启RDS实例
以下示例表示,在北京时间2021年08月04日10:29:37,阿里云账号通过AK LTAI****************调用RestartDBInstance接口重启了上海地域ID为rm-1udt95gm98274****的RDS实例。
{
"eventId": "55149DB3-9B17-5F96-99D7-10BCEC5A669D",
"eventVersion": 1,
"responseElements": {
"RequestId": "55149DB3-9B17-5F96-99D7-10BCEC5A669D"
},
"eventSource": "rds.aliyuncs.com",
"requestParameters": {
"AcsHost": "rds.aliyuncs.com",
"AcsProduct": "Rds",
"RequestId": "55149DB3-9B17-5F96-99D7-10BCEC5A669D",
"DBInstanceId": "rm-1udt95gm98274****",
"HostId": "rds.aliyuncs.com",
"ClientToken": "4d31085d-8403-4f43-a600-41294335****"
},
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "Apache-HttpClient/4.5.2 (Java/1.8.0_191)",
"eventType": "ApiCall",
"referencedResources": {
"ACS::RDS::DBInstance": [
"rm-1udt95gm98274****"
]
},
"userIdentity": {
"accessKeyId": "LTAI****************",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-08-04T02:29:37Z"
}
},
"accountId": "514024858446****",
"principalId": "514024858446****",
"type": "root-account",
"userName": "root"
},
"serviceName": "Rds",
"additionalEventData": {
"Scheme": "https",
"CallerBid": "26888"
},
"apiVersion": "2014-08-15",
"requestId": "55149DB3-9B17-5F96-99D7-10BCEC5A669D",
"eventTime": "2021-08-04T02:29:37Z",
"isGlobal": false,
"acsRegion": "cn-shanghai",
"eventName": "RestartDBInstance"
}示例中关键字段含义如下:
userIdentity.accessKeyId:发起API调用的AccessKey ID。取值为LTAI****************。userIdentity.principalId:AK所属的账号ID。取值为514024858446****。userIdentity.type:请求者的身份类型。取值为root-account,表示阿里云账号。serviceName:事件相关的阿里云服务名称。取值为Rds,表示RDS。eventName:事件名称。取值为RestartDBInstance,表示重启实例。referencedResources:事件影响的资源列表。取值为{"ACS::RDS::DBInstance": ["rm-1udt95gm98274****"]},表示RDS实例rm-1udt95gm98274****。acsRegion:事件发生的地域。取值为cn-shanghai,表示上海地域。eventTime:事件发生的时间(UTC格式)。取值为2021-08-04T02:29:37Z,表示北京时间2021年08月04日10:29:37。
RAM用户通过角色扮演重启RDS实例
以下示例表示,在北京时间2021年08月02日14:15:46,阿里云账号165367888785****中的RAM用户通过扮演账号109052579984****下的RAM角色aliyunid-ag-ram-role-admin,重启了杭州地域ID为rm-bp1cw83fsi6j3****的RDS实例。
{
"eventId": "191D3EE5-82C7-48BC-B128-37A0BE30FF38",
"eventVersion": 1,
"responseElements": {
"RequestId": "191D3EE5-82C7-48BC-B128-37A0BE30FF38"
},
"eventSource": "rds-inc-share.aliyuncs.com",
"requestParameters": {
"stsTokenPrincipalName": "aliyunid-ag-ram-role-admin/default",
"charset": "UTF-8",
"AcsHost": "rds-inc-share.aliyuncs.com",
"AcsProduct": "Rds",
"RequestId": "191D3EE5-82C7-48BC-B128-37A0BE30FF38",
"DBInstanceId": "rm-bp1cw83fsi6j3****",
"AcceptLanguage": "zh-CN",
"HostId": "rds-inc-share.aliyuncs.com",
"stsTokenPlayerUid": 165367888785****
},
"sourceIpAddress": "Internal",
"userAgent": "rdsnext.console.aliyun.com",
"eventType": "ApiCall",
"referencedResources": {
"ACS::RDS::DBInstance": [
"rm-bp1cw83fsi6j3****"
]
},
"userIdentity": {
"accessKeyId": "STS.****************",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-08-02T06:15:46Z"
}
},
"accountId": "109052579984****",
"principalId": "36661865364550****:default",
"type": "assumed-role",
"userName": "aliyunid-ag-ram-role-admin:default"
},
"serviceName": "Rds",
"additionalEventData": {
"Scheme": "http",
"CallerBid": "26842"
},
"apiVersion": "2014-08-15",
"requestId": "191D3EE5-82C7-48BC-B128-37A0BE30FF38",
"eventTime": "2021-08-02T06:15:46Z",
"isGlobal": false,
"acsRegion": "cn-hangzhou",
"eventName": "RestartDBInstance"
}示例中关键字段含义如下:
userIdentity.type:请求者的身份类型。取值为assumed-role,表示RAM角色。userIdentity.userName:请求者的用户名。格式为{roleName}:{sessionName},roleName表示被扮演的角色名称,sessionName表示进行角色扮演时指定的名称。取值为aliyunid-ag-ram-role-admin:default,表示被扮演的RAM角色名称是aliyunid-ag-ram-role-admin,进行角色扮演时指定的名称为default。requestParameters.stsTokenPlayerUid:扮演者的阿里云账号ID。取值为165367888785****。referencedResources:事件影响的资源列表。取值为{"ACS::RDS::DBInstance": ["rm-bp1cw83fsi6j3****"]},表示RDS实例rm-bp1cw83fsi6j3****。serviceName:事件相关的阿里云服务名称。取值为Rds,表示RDS。eventName:事件名称。取值为RestartDBInstance,表示重启实例。acsRegion:事件发生的地域。取值为cn-hangzhou,表示杭州地域。eventTime:事件发生的时间(UTC格式)。取值为2021-08-02T06:15:46Z,表示北京时间2021年08月02日14:15:46。