如何知道谁使用AWS Serverless应用程序启动或停止了EC2实例
[英]How to know who started or stopped EC2 instance using AWS Serverless application
问题描述
We have developed an AWS Serverless Lambda application using dotnetcore to perform operations on EC2 Instances, say start or stop EC2 instance and integrated with Aws API Gateway. 
我们开发了一个使用dotnetcore的AWS Serverless Lambda应用程序,以对EC2实例执行操作,例如启动或停止EC2实例,并与Aws API Gateway集成。
serverless.template in dotnetcore application dotnetcore应用程序中的serverless.template
"StartInstanceById" : {
"Type" : "AWS::Serverless::Function",
"Properties": {
"Handler": "EC2_Monitoring_Serverless::EC2_Monitoring_Serverless.Functions::StartInstanceById",
"Runtime": "dotnetcore2.1",
"CodeUri": "",
"MemorySize": 256,
"Timeout": 30,
"Role": "arn:aws:iam::2808xxxx1013:role/lamda_start_stop",
"Policies": [ "AWSLambdaBasicExecutionRole" ],
"Events": {
"PutResource": {
"Type": "Api",
"Properties": {
"Path": "/instances",
"Method": "Get"
}
}
}
}
}
The above Lambda function is working fine for starting ec2 instance when I invoking the API gateway url. 当我调用API网关URL时,上述Lambda函数可以很好地启动ec2实例。
For calling these API's, We have created Angular 6 application and provided authentication using Aws Cognito Userpools. 为了调用这些API,我们创建了Angular 6应用程序,并使用Aws Cognito Userpools提供了身份验证。 So the cognito user logins into the website and gets all EC2 informations. 因此,认知用户登录网站并获取所有EC2信息。
If the user wants to stop / start the EC2 instance, user will click on the particular button which invokes the relevant api gateway url of the lambda functions and It's working fine. 如果用户要停止/启动EC2实例,则将单击特定的按钮,该按钮将调用lambda函数的相关api网关URL,并且运行良好。
Now the question is who performed that action. 现在的问题是谁执行了该操作。 After so much of research on stackoverflow and aws community forums for knowing who started or stopped the EC2 instances , I found Aws CloudTrail logs the information when user start or stopped the instance. 经过大量关于stackoverflow和aws社区论坛的研究,以了解谁启动或停止了EC2实例,我发现Aws CloudTrail在用户启动或停止实例时记录信息。
So I created a trail and I can see the logs in S3 buckets. 因此,我创建了一条路径,可以在S3存储桶中看到日志。 But in every log I opened, I saw that the role "arn:aws:iam::2808xxxx1013:role/lamda_start_stop" is captured. 但是在打开的每条日志中,我都看到了角色“ arn:aws:iam :: 2808xxxx1013:role / lamda_start_stop”。 I know this is because of the Lambda function. 我知道这是因为有Lambda函数。 But I want to know who really stopped the instance. 但是我想知道是谁真正停止了实例。
Please advice how to capture user details! 请建议如何捕获用户详细信息!
1 个解决方案
解决方案1
2 2018-11-13 12:09:55
The reason lambda execution role is getting printed in cloudtrail , is because it has initiated the process to stop the ec2 instance. lambda执行角色之所以会在cloudtrail打印cloudtrail ,是因为它已经启动了停止ec2实例的过程。 Here the role is assumed (instead of actual user). 在此假定角色(而不是实际用户)。
To print your actual user, you need to implement logs at your lambda, which will print logs to Cloudwatch . 要打印您的实际用户,您需要在lambda上实现日志,这会将日志打印到Cloudwatch 。 You can get the actual user or any other custom information from those logs. 您可以从这些日志中获取实际用户或任何其他自定义信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.