- 新しい順
- 投票が多い順
- コメントが多い順
You can find the "CloseAccount" event in the CloudTrail of the Organizations management account.
When checking CloudTrail events, please check "us-east-1".
The following images are in Japanese, but were confirmed by my console.
Hi,
CloudTrail captures all API calls for AWS Organizations as events, including CloseAccount
, with the following user identity information in the log entry:
- Whether the request was made with root user or IAM user credentials
- Whether the request was made with temporary security credentials for an IAM role or a federated user
- Whether the request was made by another AWS service
However, CloudTrail will only show the results of the CloudTrail Event History for the last 90 days, so you must have configured a CloudTrail trail to enable continuous delivery of CloudTrail events to an Amazon S3 bucket, or you won't be able to see them. Did you already have it configured?
If so, then you can use Amazon Athena to query data in S3. This is an example of CloseAccount
log entry, extracted from the AWS documentation, which can serve as a reference.
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "AIDAMVNPBQA3EXAMPLE:my-admin-role",
"arn": "arn:aws:sts::111122223333:assumed-role/my-admin-role/my-session-id",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AIDAMVNPBQA3EXAMPLE",
"arn": "arn:aws:iam::111122223333:role/my-admin-role",
"accountId": "111122223333",
"userName": "my-session-id"
},
"webIdFederationData": {},
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2022-03-18T18:17:06Z"
}
}
},
"eventTime": "2022-03-18T18:17:06Z",
"eventSource": "organizations.amazonaws.com",
"eventName": "CloseAccount",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.168.0.1",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...",
"requestParameters": {
"accountId": "555555555555"
},
"responseElements": null,
"requestID": "e28932f8-d5da-4d7a-8238-ef74f3d5c09a",
"eventID": "19fe4c10-f57e-4cb7-a2bc-6b5c30233592",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
関連するコンテンツ
- AWS公式更新しました 3年前