Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/amazon-s3/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 创建CloudWatch报警,通知将S3对象设置为公共_Amazon Web Services_Amazon S3_Metrics_Amazon Cloudwatchlogs_Amazon Cloudtrail - Fatal编程技术网
Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 创建CloudWatch报警,通知将S3对象设置为公共

Amazon web services 创建CloudWatch报警,通知将S3对象设置为公共

amazon-web-services amazon-s3

Amazon web services 创建CloudWatch报警,通知将S3对象设置为公共,amazon-web-services,amazon-s3,metrics,amazon-cloudwatchlogs,amazon-cloudtrail,Amazon Web Services,Amazon S3,Metrics,Amazon Cloudwatchlogs,Amazon Cloudtrail,我想在CloudWatch上创建一个度量过滤器和一个基于它的警报,以通知我S3事件,特别是当文件或存储桶设置为public时。这是我用来创建度量的度量过滤器: {($.eventSource=s3.amazonaws.com)&&($.eventName=PutBucketAcl) ||($.eventName=PutObjectAcl))&& (($.requestParameters.AccessControlPolicy.AccessControlList.Grant.Grantee.ty

我想在CloudWatch上创建一个度量过滤器和一个基于它的警报,以通知我S3事件,特别是当文件或存储桶设置为public时。这是我用来创建度量的度量过滤器:

{($.eventSource=s3.amazonaws.com)&&($.eventName=PutBucketAcl) ||($.eventName=PutObjectAcl))&& (($.requestParameters.AccessControlPolicy.AccessControlList.Grant.Grantee.type) =组}

我通过放置以下
自定义日志数据来测试此
模式


{
    "Records": [
    {
        "eventVersion": "1.03",
        "userIdentity": {
            "type": "IAMUser",
            "principalId": "111122223333",
            "arn": "arn:aws:iam::111122223333:user/myUserName",
            "accountId": "111122223333",
            "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
            "userName": "myUserName"
        },
        "eventTime": "2015-08-26T20:46:31Z",
        "eventSource": "s3.amazonaws.com",
        "eventName": "DeleteBucketPolicy",
        "awsRegion": "us-west-2",
        "sourceIPAddress": "127.0.0.1",
        "userAgent": "[]",
        "requestParameters": {
            "bucketName": "myawsbucket"
        },
        "responseElements": null,
        "requestID": "47B8E8D397DCE7A6",
        "eventID": "cdc4b7ed-e171-4cef-975a-ad829d4123e8",
        "eventType": "AwsApiCall",
        "recipientAccountId": "111122223333"
    },
    {
       "eventVersion": "1.03",
       "userIdentity": {
            "type": "IAMUser",
            "principalId": "111122223333",
            "arn": "arn:aws:iam::111122223333:user/myUserName",
            "accountId": "111122223333",
            "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
            "userName": "myUserName"
        },
      "eventTime": "2015-08-26T20:46:31Z",
      "eventSource": "s3.amazonaws.com",
      "eventName": "PutBucketAcl",
      "awsRegion": "us-west-2",
      "sourceIPAddress": "",
      "userAgent": "[]",
      "requestParameters": {
          "bucketName": "",
          "AccessControlPolicy": {
              "AccessControlList": {
                  "Grant": {
                      "Grantee": {
                          "xsi:type": "Group",
                          "xmlns:xsi": "http://www.w3.org/2001/XMLSchema-instance",
                          "ID": "d25639fbe9c19cd30a4c0f43fbf00e2d3f96400a9aa8dabfbbebe1906Example"
                       },
                      "Permission": "FULL_CONTROL"
                   }
              },
              "xmlns": "http://s3.amazonaws.com/doc/2006-03-01/",
              "Owner": {
                  "ID": "d25639fbe9c19cd30a4c0f43fbf00e2d3f96400a9aa8dabfbbebe1906Example"
              }
          }
      },
      "responseElements": null,
      "requestID": "BD8798EACDD16751",
      "eventID": "607b9532-1423-41c7-b048-ec2641693c47",
      "eventType": "AwsApiCall",
      "recipientAccountId": "111122223333"
    },
    {
      "eventVersion": "1.03",
      "userIdentity": {
          "type": "IAMUser",
          "principalId": "111122223333",
          "arn": "arn:aws:iam::111122223333:user/myUserName",
          "accountId": "111122223333",
          "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
          "userName": "myUserName"
        },
      "eventTime": "2015-08-26T20:46:31Z",
      "eventSource": "s3.amazonaws.com",
      "eventName": "GetBucketVersioning",
      "awsRegion": "us-west-2",
      "sourceIPAddress": "",
      "userAgent": "[]",
      "requestParameters": {
          "bucketName": "myawsbucket"
      },
      "responseElements": null,
      "requestID": "07D681279BD94AED",
      "eventID": "f2b287f3-0df1-4961-a2f4-c4bdfed47657",
      "eventType": "AwsApiCall",
      "recipientAccountId": "111122223333"
    }
  ]
}


我单击了测试模式,得到以下消息:

结果在示例日志中的50个事件中找到0个匹配项


公制过滤器是否正确?我应该有一个结果,但它不会出现。
计算一个策略是否提供开放访问非常复杂,因为在Bucket策略中可以通过多种方式指定规则(例如,通配符可以提供访问)

一种更简单的方法是使用Amazon S3 Bucket Permissions签入可信顾问:

检查Amazon简单存储服务(Amazon S3)中具有开放访问权限或允许访问任何经过身份验证的AWS用户的存储桶

那你就可以了

但是,该特定检查不包括在Trusted Advisor的免费层中。您需要支持计划才能执行该检查


Amazon S3控制台最近也进行了更新——它现在清楚地显示了任何具有公共权限的存储桶。
计算策略是否提供开放访问非常复杂,因为在存储桶策略中可以通过多种方式指定规则(例如,通配符可以提供访问)

一种更简单的方法是使用Amazon S3 Bucket Permissions签入可信顾问:

检查Amazon简单存储服务(Amazon S3)中具有开放访问权限或允许访问任何经过身份验证的AWS用户的存储桶

那你就可以了

但是,该特定检查不包括在Trusted Advisor的免费层中。您需要支持计划才能执行该检查


Amazon S3控制台最近也进行了更新——它现在清楚地显示了任何具有公共权限的存储桶。
是的,我知道Trust Advisor提供了这一功能,但我需要SNS向我的邮箱发送通知,因为我管理许多AWS帐户,很难逐个帐户检查Trust Advisor帐户。所有帐户的CloudTrail事件都集中在一个bucket中,我需要在其上设置度量过滤器。我需要该警报,即使它很复杂。根据上面的链接,Trusted Advisor可以触发CloudWatch事件,它可以发送SNS通知消息。我们正在eu-west-1地区工作,那里没有信托顾问规则。正确。如文档中所述,您必须使用
us-east-1
中的Amazon CloudWatch事件来访问Trusted Advisor。然而,Amazon S3的Trusted Advisor检查是全球性的,因此它们在
us-east-1
中仍然可用。是的,我知道Trust Advisor提供了这一功能,但我需要SNS通知我的邮箱,因为我管理许多AWS帐户,很难逐个帐户检查Trust Advisor帐户。所有帐户的CloudTrail事件都集中在一个bucket中,我需要在其上设置度量过滤器。我需要该警报,即使它很复杂。根据上面的链接,Trusted Advisor可以触发CloudWatch事件,它可以发送SNS通知消息。我们正在eu-west-1地区工作,那里没有信托顾问规则。正确。如文档中所述,您必须使用
us-east-1
中的Amazon CloudWatch事件来访问Trusted Advisor。但是,Amazon S3的Trusted Advisor检查是全球性的,因此它们仍然可以在
us-east-1
中使用。