This topic provides the log of a sample event in which Alibaba Cloud Container Service for Kubernetes (ACK) created a TCP listener by assuming a RAM role. This topic also describes the key fields involved in the event log.
Example
The following example shows that ACK created a TCP listener for the Alibaba Cloud
account whose ID is 159498693826****
by assuming the aliyuncsdefaultrole
RAM role of the account at 08:00:00 on January 1, 2021, UTC+8.
{
"apiVersion": "2014-05-15",
"requestId": "A2D14EC1-BE40-4AF2-92D5-E54A",
"eventType": "ApiCall",
"userIdentity": {
"accessKeyId": "STS.NUQNP4PiGyckMsNiGELCs****",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2021-01-01T00:00:00Z"
}
},
"accountId": "159498693826****",
"principalId": "34359792600393****:ccm-provision-role-1627631749",
"type": "assumed-role",
"userName": "aliyuncsdefaultrole:ccm-provision-role-1627631749"
},
"acsRegion": "cn-hangzhou",
"eventName": "CreateLoadBalancerTCPListener",
"requestParameters": {
"ListenerPort": 6443,
"AcsHost": "slb.aliyuncs.com",
"RequestId": "A2D14EC1-BE40-4AF2-92D5-***",
"LoadBalancerId": "lb-bp19byhscefk3x0li****",
"SignatureType": "",
"HostId": "slb.aliyuncs.com",
"BackendServerPort": 6443,
"StsTokenPrincipalName": "aliyuncsdefaultrole/cs-provision-role-1623911494",
"AcsProduct": "Slb",
"Bandwidth": -1,
"RegionId": "cn-hangzhou",
"StsTokenPlayerUid": 178498693826****,
"HealthCheckType": "tcp"
},
"eventSource": "slb.aliyuncs.com",
"serviceName": "Slb",
"eventTime": "2021-01-01T00:00:00Z",
"referencedResources": {
"ACS::SLB::LoadBalancer": [
"lb-bp1***"
]
},
"userAgent": "AlibabaCloud (linux; amd64) Golang/1.11.4 Core/0.0.1",
"eventId": "A2D14EC1-BE40-4AF2-92D5-****",
"additionalEventData": {
"Scheme": "http"
},
"responseElements": {
"requestId": "A2D14EC1-BE40-4AF2-92D5-EA54"
},
"errorCode": "",
"errorMessage": "",
"eventVersion": "1",
"sourceIpAddress": "192.168.XX.XX"
}
The sample event log contains the following key fields:
userIdentity.accountId
: the ID of the Alibaba Cloud account of the requester. The value in the example is159498693826****
, which indicates the ID of the Alibaba Cloud account to which the RAM role belongs.userIdentity.principalId
: the ID of the requester. The value is in the format of{roleId}:{sessionName}
.roleId
indicates the ID of the RAM role that was assumed.sessionName
indicates the name that was specified when the requester assumed the RAM role. The value in the example is34359792600393****:ccm-provision-role-1627631749
, which indicates that the ID of the RAM role that was assumed is34359792600393****
and the role name specified when the requester assumed the RAM role isccm-provision-role-1627631749
.userIdentity.type
: the type of the identity of the requester. The value in the example isassumed-role
, which indicates that the requester performs operations by assuming the RAM role.userIdentity.userName
: the username of the requester. The value is in the format of{roleName}:{sessionName}
.roleName
indicates the name of the RAM role that was assumed.sessionName
indicates the name that was specified when the requester assumed the RAM role. The value in the example isaliyuncsdefaultrole:ccm-provision-role-1627631749
, which indicates that the name of the RAM role that was assumed isaliyuncsdefaultrole
and the role name specified when the requester assumed the RAM role isccm-provision-role-1627631749
.Notealiyuncsdefaultrole
is the default RAM role assumed by ACK to access resources in other cloud services.requestParameters.stsTokenPlayerUid
: the ID of the Alibaba Cloud account of the requester. The value in the example is178498693826****
.eventTime
: the time when the event occurred in UTC. The value in the example is2021-01-01T00:00:00Z
, which indicates that the event occurred at 08:00:00 on January 1, 2021, in UTC+8.