本文介绍配置审计通过操作审计和云监控接入,作为事件源发布到事件总线EventBridge的事件类型。
背景信息
配置审计支持作为以下云产品的事件源:
-
文件存储NAS负载均衡CDN阿里云Elasticsearch云企业网云数据库HBase云数据库RDS容器服务Kubernetes版云服务器云原生数据库PolarDB MySQL资源编排专有网络VPC对象存储OSS访问控制弹性伸缩运维编排服务DDoS防护云解析DNS密钥管理服务云数据库Redis云数据库MongoDB私网连接VPN网关Web应用防火墙消息队列RocketMQ版资源管理时间序列数据库TSDB
事件类型
配置审计支持发布到事件总线EventBridge的事件类型如下所示。
| 事件类型 | type参数值 |
|---|---|
| 资源配置变更通知 | config:Config:ConfigurationItemChangeNotification |
| 资源评估不合规通知 | config:Config:NonCompliantNotification |
| 阿里云平台对资源执行的操作事件 | config:ActionTrail:AliyunServiceEvent |
| API调用 | config:ActionTrail:ApiCall |
| 控制台的操作事件 | config:ActionTrail:ConsoleOperation |
| 配置项变更 | config:CloudMonitor:ConfigurationItemChangeNotification |
CloudEvents规范中定义的参数解释,请参见事件概述。
资源配置变更通知
资源配置变更时,事件总线EventBridge接收到的示例事件如下所示。
{
"datacontenttype": "application/json;charset=utf-8",
"data": {
"resourceId":"i-bp1b4ym5yh7ciz96****",
"captureTime":"1637659288000",
"configuration":"{\"ResourceGroupId\":\"\",\"Memory\":1024,\"InstanceChargeType\":\"PostPaid\",\"Cpu\":1,\"OSName\":\"CentOS 7.6 64位\",\"InstanceNetworkType\":\"vpc\",\"InnerIpAddress\":{\"IpAddress\":[]},\"ExpiredTime\":\"2099-12-31T15:59Z\",\"ImageId\":\"centos_7_06_64_20G_alibase_20190218.vhd\",\"EipAddress\":{\"AllocationId\":\"\",\"IpAddress\":\"\",\"InternetChargeType\":\"\"},\"Tags\":{\"Tag\":[{\"TagKey\":\"1\",\"TagValue\":\"2\"},{\"TagKey\":\"cost-center\",\"TagValue\":\"202012301217\"},{\"TagKey\":\"d\",\"TagValue\":\"d\"},{\"TagKey\":\"cost-center-haidong\",\"TagValue\":\"1\"},{\"TagKey\":\"05\",\"TagValue\":\"17\"},{\"TagKey\":\"nba\",\"TagValue\":\"yes\"},{\"TagKey\":\"V\",\"TagValue\":\"V\"},{\"TagKey\":\"fff1\",\"TagValue\":\"ff\"},{\"TagKey\":\"fff\",\"TagValue\":\"fff\"}]},\"VlanId\":\"\",\"HostName\":\"test-instance11111name\",\"Status\":\"Stopped\",\"HibernationOptions\":{\"Configured\":false},\"MetadataOptions\":{\"HttpTokens\":\"\",\"HttpEndpoint\":\"\"},\"InstanceId\":\"i-bp1b4ym5yh7ciz96****\",\"StoppedMode\":\"StopCharging\",\"CpuOptions\":{\"ThreadsPerCore\":1,\"Numa\":\"\",\"CoreCount\":1},\"StartTime\":\"2020-11-24T02:42Z\",\"DeletionProtection\":true,\"VpcAttributes\":{\"PrivateIpAddress\":{\"IpAddress\":[\"192.168.XX.XX\"]},\"VpcId\":\"vpc-bp162ot6s0yknn7qj****\",\"VSwitchId\":\"vsw-bp1tuojvtiteqlsh8****\",\"NatIpAddress\":\"\"},\"SecurityGroupIds\":{\"SecurityGroupId\":[\"sg-bp11m8p4hsmegc6d****\"]},\"InternetChargeType\":\"PayByBandwidth\",\"InstanceName\":\"test-instance666666\",\"DeploymentSetId\":\"\",\"InternetMaxBandwidthOut\":10,\"SerialNumber\":\"e8fbd14e-19cd-47c7-b664-b6e60dc30713\",\"OSType\":\"linux\",\"CreationTime\":\"2020-11-24T02:42Z\",\"AutoReleaseTime\":\"\",\"Description\":\"秒睡奥数\",\"InstanceTypeFamily\":\"ecs.xn4\",\"DedicatedInstanceAttribute\":{\"Tenancy\":\"\",\"Affinity\":\"\"},\"PublicIpAddress\":{\"IpAddress\":[]},\"GPUSpec\":\"\",\"NetworkInterfaces\":{\"NetworkInterface\":[{\"Type\":\"Primary\",\"PrimaryIpAddress\":\"192.168.XX.XX\",\"MacAddress\":\"00:16:3f:00:XX:XX\",\"NetworkInterfaceId\":\"eni-bp15hr53jws8jqza****\",\"PrivateIpSets\":{\"PrivateIpSet\":[{\"PrivateIpAddress\":\"192.168.XX.XX\",\"Primary\":true}]}}]},\"SpotPriceLimit\":0.0,\"SaleCycle\":\"\",\"DeviceAvailable\":true,\"InstanceType\":\"ecs.xn4.small\",\"OSNameEn\":\"CentOS 7.6 64 bit\",\"SpotStrategy\":\"NoSpot\",\"IoOptimized\":true,\"ZoneId\":\"cn-hangzhou-b\",\"ClusterId\":\"\",\"EcsCapacityReservation****\":{\"CapacityReservationPreference\":\"\",\"CapacityReservationId\":\"\"},\"DedicatedHostAttribute\":{\"DedicatedHostId\":\"\",\"DedicatedHostName\":\"\",\"DedicatedHostClusterId\":\"\"},\"GPUAmount\":0,\"OperationLocks\":{\"LockReason\":[]},\"InternetMaxBandwidthIn\":100,\"Recyclable\":false,\"RegionId\":\"cn-hangzhou\",\"CreditSpecification\":\"\"}",
"availabilityZone":"cn-hangzhou-b",
"requestId":"d641cac9-b079-4c68-bead-bd7d687e****",
"resourceGroupId":"rg-acfmw3ty5y7****",
"arn":"acs:ecs:cn-hangzhou:120886317861****:instance/i-bp1b4ym5yh7ciz96****",
"relationship":"[{\"regionId\":\"cn-hangzhou\",\"relationType\":\"Contains\",\"resourceId\":\"eni-bp15hr53jws8jqza****\",\"resourceType\":\"ACS::ECS::NetworkInterface\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsAssociatedIn\",\"resourceId\":\"sg-bp11m8p4hsmegc6d****\",\"resourceType\":\"ACS::ECS::SecurityGroup\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsContained\",\"resourceId\":\"vpc-bp162ot6s0yknn7qj****\",\"resourceType\":\"ACS::VPC::VPC\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsContained\",\"resourceId\":\"vsw-bp1tuojvtiteqlsh8****\",\"resourceType\":\"ACS::VPC::VSwitch\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsAttachedTo\",\"resourceId\":\"d-bp1egkvbrif67h8n****\",\"resourceType\":\"ACS::ECS::Disk\"}]",
"configurationDiff":"{\"InstanceName\":[\"test-instance222345\",\"test-instance666666\"]}",
"resourceEventType":"MODIFY",
"resourceCreateTime":"1606185720000",
"dataType":"ConfigurationItemChangeNotification",
"resourceName":"test-instance666666",
"tags":"{\"1\":[\"2\"],\"d\":[\"d\"],\"fff1\":[\"ff\"],\"05\":[\"17\"],\"V\":[\"V\"],\"fff\":[\"fff\"],\"cost-center-haidong\":[\"1\"],\"nba\":[\"yes\"],\"cost-center\":[\"202012301217\"]}",
"accountId":"120886317861****",
"relationshipDiff":"{\"relationship_diff\":{\"relationship_add\":[],\"relationship_delete\":[]}}",
"resourceStatus":"Stopped",
"regionId":"cn-hangzhou",
"configAggregators":"",
"logtime":1637659293,
"resourceType":"ACS::ECS::Instance"
},
"id": "45ef4dewdwe1-7c35-447a-bd93-fab****",
"source": "acs.config",
"specversion": "1.0",
"subject": "acs.config:cn-hangzhou:123456789098****:215672",
"time": "2020-11-19T21:04:41+08:00",
"type": "config:Config:ConfigurationItemChangeNotification",
"aliyunaccountid": "123456789098****",
"aliyunpublishtime": "2020-11-19T21:04:42Z",
"aliyuneventbusname": "default",
"aliyunregionid": "cn-hangzhou",
"aliyunpublishaddr": "172.25.XX.XX"
}data字段包含的参数解释如下表所示。
| 参数 | 类型 | 示例值 | 描述 |
|---|---|---|---|
| resourceId | String | i-bp1b4ym5yh7ciz96**** | 资源ID。 |
| captureTime | String | 1637659288000 | 捕获时间。 |
| configuration | String | | 配置(JSON字符串)。 |
| availabilityZone | String | cn-hangzhou-b | 阿里云可用区。 |
| requestId | String | d641cac9-b079-4c68-bead-bd7d687e**** | 请求ID。 |
| resourceGroupId | String | rg-acfmw3ty5y7**** | 资源组ID。 |
| arn | String | acs:ecs:cn-hangzhou:120886317861****:instance/i-bp1b4ym5yh7ciz96**** | 阿里云资源组名称。 |
| relationship | String | | 关系(JSON字符串)。 |
| configurationDiff | String | | 配置差异(JSON字符串)。 |
| resourceEventType | String | MODIFY | 资源事件类型。 |
| resourceCreateTime | String | 1606185720000 | 资源创建时间。 |
| dataType | String | ConfigurationItemChangeNotification | 数据类型。 |
| resourceName | String | test-instance666666 | 资源名称。 |
| tags | String | | 标签(JSON字符串)。 |
| accountId | String | 120886317861**** | 阿里云账号ID。 |
| relationshipDiff | String | {\"relationship_diff\":{\"relationship_add\":[],\"relationship_delete\":[]}} | 关系差异(JSON字符串)。 |
| resourceStatus | String | Stopped | 资源状态。 |
| regionId | String | cn-hangzhou | 阿里云地域。 |
| configAggregators | String | 无 | 配置聚合。 |
| logtime | Number | 1637659293 | 日志时间。 |
| resourceType | String | ACS::ECS::Instance | 资源类型。 |
资源评估不合规通知
资源评估不合规时,事件总线EventBridge接收到的示例事件如下所示。
{
"datacontenttype": "application/json;charset=utf-8",
"data": {
"annotation":"{\"configuration\":\"[{\\\"Type\\\":\\\"ecs\\\",\\\"ServerId\\\":\\\"i-bp18fnpdsieogla2****\\\",\\\"Port\\\":443,\\\"Weight\\\":0}]\",\"operator\":\"IsEmpty\",\"property\":\"$.data[?(@.Weight==0)]\"}",
"riskLevel":"Critical",
"dataType":"NonCompliantNotification",
"evaluationResultIdentifier":"{\"orderingTimestamp\":1637657187979,\"evaluationResultQualifier\":{\"resourceId\":\"lb-bp1pcf5uglae1016r****\",\"configRuleName\":\"slb_backendserver_weight_check\",\"configRuleId\":\"cr-aa5e626622af00c5****\",\"captureTime\":1637657187979,\"resourceName\":\"lb-bp1pcf5uglae1016raewv\",\"configRuleArn\":\"acs:config::100931896542****:rule/cr-aa5e626622af00c5bc65\",\"regionId\":\"cn-hangzhou\",\"resourceOwnerId\":100931896542****,\"resourceType\":\"ACS::SLB::LoadBalancer\"}}"
"eventType":"ResourceCompliance",
"invokingEventMessageType":"Manual",
"configRuleInvokedTimestamp":1637657187979,
"complianceType":"NON_COMPLIANT",
"accountId":100931896542****,
"requestId":"96dc838e-708d-4429-aa1b-121d1fee****",
"resultRecordedTimestamp":1637658505230,
"eventName":"NonCompliant",
"notificationCreationTime":1637658505710
},
"id": "45ef4dewdwe1-7c35-447a-bd93-fab****",
"source": "acs.config",
"specversion": "1.0",
"subject": "acs.config:cn-hangzhou:123456789098****:215672",
"time": "2020-11-19T21:04:41+08:00",
"type": "config:Config:NonCompliantNotification",
"aliyunaccountid": "123456789098****",
"aliyunpublishtime": "2020-11-19T21:04:42Z",
"aliyuneventbusname": "default",
"aliyunregionid": "cn-hangzhou",
"aliyunpublishaddr": "172.25.XX.XX"
}data字段包含的参数解释如下表所示。
| 参数 | 类型 | 示例值 | 描述 |
|---|---|---|---|
| annotation | String | | 注解(JSON字符串)。 |
| riskLevel | String | Critical | 风险级别。 |
| dataType | String | NonCompliantNotification | 数据类型。 |
| evaluationResultIdentifier | String | | 评估结果标识(JSON字符串)。 |
| eventType | String | ResourceCompliance | 事件类型。 |
| invokingEventMessageType | String | Manual | 调用事件消息类型。 |
| configRuleInvokedTimestamp | Number | 1637657187979 | 配置规则调用时间戳。 |
| complianceType | String | NON_COMPLIANT | 合规类型。 |
| accountId | String | 100931896542**** | 阿里云账号ID。 |
| requestId | String | 96dc838e-708d-4429-aa1b-121d1fee**** | 请求ID。 |
| resultRecordedTimestamp | Number | 1637658505230 | 记录结果的时间戳。 |
| eventName | String | NonCompliant | 事件名称。 |
| notificationCreationTime | Number | 1637658505710 | 通知事件创建时间。 |