账户安全是云安全的重中之重。许多用户在初期阶段并不清楚账户管理的重要性,以及如何有效地监控和管理控制台登录活动。如果您的企业或所属的行业对账户登录活动有比较严格的要求,或者因为合规监管原因需要对登录活动进行严格的监控,我们提供了这种通过EventBridge服务来实时监控账户登录活动的方法。在示例配置中,您可以实现秒级获取控制台登录的事件,并通过SNS服务作为中转,来最终实现邮件、短信、APP通知等方式的登录通知。
EventBridge 是一项无服务器服务,可以轻松构建事件驱动型应用。事件驱动型架构是一种松耦合的设计模式,这些系统通过发出和响应事件来协同工作,而不需要长时间通过监听的方式运行应用。使用CloudTrail来进行账户登录的监控通常也是账安全户审计的重要内容和前提条件。本文中我们将深入EventBridge的配置来详细解释如何抽取关键信息字段。
常见的账户安全最佳实践
在开始之前,建议您先了解一些身份和凭证管理的最佳实践。常见的账户安全最佳实践包括:
- 禁用 root 账户。如果Root账户发生密码泄漏,攻击者可以完全控制账户。
- 身份专人专用。专人专用有助于确保每个用户操作的可追溯性,以定位到具体操作人。
- 为所有身份开启 MFA。多因素认证(MFA)是一种常见的安全措施,可以显著提高账户安全性,即使密码被盗,攻击者也无法轻易访问账户。
- 尽量使用IAM Identity Center代替传统IAM用户登录方式。IAM Identity Center 提供了集中管理、最小权限和自动密钥轮换等优势,大大降低了因用户凭证泄露而导致的安全风险。
- 定期审计。CloudTrail日志和Credential Report提供了可以用于合规审计的材料。这些材料可以用于识别用户凭证管理中存在的潜在风险。
关于更多管理身份和访问权限的安全最佳实践,您可以参考此链接。
了解EventBridge中产生的账户登录事件类型
CloudTrail 会记录尝试登录AWS控制台的事件,并将Console Signin记录发送到EventBridge。要使用这个功能,首先需要在至少一个AWS Region创建一个记录管理类事件的CloudTrail跟踪。可以参考此链接。
根据登录方式的不同,EventBridge中产生的事件也有所不同。在这部分我们将展示如何通过示例EventBridge规则筛选出需要关注的登录事件,并且通过示例EventBridge input transformation将事件中有重要意义的字段转换为文本格式输出。
登录AWS控制台的核心事件是EventName为ConsoleLogin的登录事件。包括root用户在内的所有IAM用户、Identity Center用户登录、Federated User登录都会产生ConsoleLogin事件。通过不同登录方式产生的事件略有区别:
1. 通过IAM用户事件
不管IAM用户成功登录与否,都会产生EventName为”ConsoleLogin”的登录事件。如果IAM用户配置了MFA,会需要用户额外使用MFA设备进行登录,这时会产生EventName为”CheckMfa”的事件,不过该事件中通常不包含对监控登录事件有用的信息。不论是密码或者MFA的输入有错误,登录失败后产生的”ConsoleLogin”事件中都会返回统一的”Failed authentication”的错误信息。关于更多IAM用户的登录事件信息,可以参考此链接。
该事件的示例格式为:
```
{
"detail-type": "AWS Console Sign In via CloudTrail",
"source": "aws.signin",
"account": "1234567890",
"time": "2026-01-01T00:00:00Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventVersion": "1.11",
"userIdentity": {
"type": "IAMUser",
"principalId": "ABCDEFGHIJKLMN",
"accountId": "1234567890",
"accessKeyId": "",
"userName": "abc"
},
"eventTime": "2026-01-01T00:00:00Z",
"eventSource": "signin.amazonaws.com",
"eventName": "ConsoleLogin",
"awsRegion": "us-east-1",
"sourceIPAddress": "1.2.3.4",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0",
"errorMessage": "Failed authentication",
"requestParameters": null,
"responseElements": {
"ConsoleLogin": "Failure"
},
"additionalEventData": {
"LoginTo": "https://us-east-1.aws.amazon.com/xxx",
"MobileVersion": "No",
"MFAUsed": "Yes"
},
"eventID": "xxx-xxx-xxx",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "1234567890",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "signin.aws.amazon.com"
}
}
}
```
针对IAM用户的”ConsoleLogin”事件,可以通过以下的示例EventBridge规则进行过滤:
```
{
"account": ["1234567890"],
"detail": {
"eventName": ["ConsoleLogin"],
"userIdentity": {
"type": ["IAMUser"]
}
}
}
```
通过Input Transformer抽取关键信息后,示例配置和告警效果为:
```
{
"account": "$.detail.userIdentity.accountId",
"additional": "$.detail.additionalEventData",
"eventname": "$.detail.eventName",
"ip": "$.detail.sourceIPAddress",
"region": "$.detail.awsRegion",
"response": "$.detail.responseElements",
"time": "$.detail.eventTime",
"type": "$.detail.userIdentity.type",
"username": "$.detail.userIdentity.userName"
}
"时间: <time>\n账户: <account>\n登录终端节点: <region>\n登录IP: <ip>\n事件类型: <type>\n用户: <username>\n事件结果: <response>"
```
2. IAM Identity Center用户事件
使用IAM Identity Center的登录工作流会先产生EventName为”CredentialChallenge”、”CredentialVerification”、和”UserAuthentication”的三种事件。在认证流完成后,只有在用户在AWS Access Portal中登录到对应账号的IAM角色时,才会在该账号中产生”ConsoleLogin” 事件。Identity Center也可以选择接入外部身份提供者(IdP),但这种情况下用户认证的流程会在IdP内部完成,因此EventBridge中通常只会产生最终的”ConsoleLogin”登录事件,而不会获取到认证流程相关的信息。关于IAM Identity Center的登录事件详细解释,可以参考此链接。
以下讨论仅限于使用Identity Center内置IdP的情况。首先产生的”CredentialChallenge”事件用于通知Identity Center 已请求用户解决特定的凭证质询并指定所需的 CredentialType。举例来说,当 Identity Center要求用户输入密码,或者要求用户输入MFA验证码时,在EventBridge中就会产生”CredentialChallenge”事件。该事件的示例为:
```
{
"detail-type": "AWS Service Event via CloudTrail",
"source": "aws.signin",
"account": "1234567890",
"time": "2026-01-01T00:00:00Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventVersion": "1.11",
"userIdentity": {
"type": "IdentityCenterUser",
"arn": "",
"accountId": "1234567890",
"accessKeyId": "",
"onBehalfOf": {
"userId": "xxx-xxx-xxx-xxx-xxx",
"identityStoreArn": "arn:aws:identitystore::1234567890:identitystore/d-12345a67bc"
},
"credentialId": "xxx-xxx-xxx-xxx-xxx"
},
"eventTime": "2026-01-01T00:00:00Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CredentialChallenge",
"awsRegion": "us-east-1",
"sourceIPAddress": "1.2.3.4",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:144.0) Gecko/20100101 Firefox/144.0",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "xxx-xxx-xxx-xxx-xxx",
"CredentialType": "PASSWORD"(如果是MFA事件,该字段的值会是"TOTP")
},
"requestID": "xxx-xxx-xxx-xxx-xxx",
"eventID": "xxx-xxx-xxx-xxx-xxx",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"recipientAccountId": "1234567890",
"serviceEventDetails": {
"CredentialChallenge": "Success"
},
"eventCategory": "Management"
}
}
```
“CredentialVerification”事件用于通知用户凭证的认证是否成功。简单来说,这类事件会在用户输入的密码或MFA验证码并点击下一步后产生。该事件的示例为:
```
{
"detail-type": "AWS Service Event via CloudTrail",
"source": "aws.signin",
"account": "1234567890",
"time": "2026-01-01T00:00:00Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventVersion": "1.11",
"userIdentity": {
"type": "IdentityCenterUser",
"arn": "",
"accountId": "1234567890",
"accessKeyId": "",
"onBehalfOf": {
"userId": "xxx-xxx-xxx-xxx-xxx",
"identityStoreArn": "arn:aws:identitystore::1234567890:identitystore/d-12345a67bc"
},
"credentialId": "xxx-xxx-xxx-xxx-xxx"
},
"eventTime": "2026-01-01T00:00:00Z",
"eventSource": "signin.amazonaws.com",
"eventName": "CredentialVerification",
"awsRegion": "us-east-1",
"sourceIPAddress": "1.2.3.4",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:144.0) Gecko/20100101 Firefox/144.0",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "xxx-xxx-xxx-xxx-xxx",
"CredentialType":"PASSWORD"
},
"requestID": "xxx-xxx-xxx-xxx-xxx",
"eventID": "xxx-xxx-xxx-xxx-xxx",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"recipientAccountId": "1234567890",
"serviceEventDetails": {
"CredentialVerification": "Failure"
},
"eventCategory": "Management"
}
}
```
“UserAuthentication”用于在认证流程完成、用户最终成功登录后产生。该事件的示例为:
```
{
"detail-type": "AWS Service Event via CloudTrail",
"source": "aws.signin",
"account": "1234567890",
"time": "2026-01-01T00:00:00Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventVersion": "1.11",
"userIdentity": {
"type": "IdentityCenterUser",
"arn": "",
"accountId": "1234567890",
"accessKeyId": "",
"onBehalfOf": {
"userId": "xxx-xxx-xxx-xxx-xxx",
"identityStoreArn": "arn:aws:identitystore::1234567890:identitystore/d-12345a67bc"
},
"credentialId": "xxx-xxx-xxx-xxx-xxx"
},
"eventTime": "2026-01-01T00:00:00Z",
"eventSource": "signin.amazonaws.com",
"eventName": "UserAuthentication",
"awsRegion": "us-east-1",
"sourceIPAddress": "1.2.3.4",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:144.0) Gecko/20100101 Firefox/144.0",
"requestParameters": null,
"responseElements": null,
"additionalEventData": {
"AuthWorkflowID": "xxx-xxx-xxx-xxx-xxx",
"LoginTo": "https://d-12345a67bc.awsapps.com/start/",
"CredentialType": "PASSWORD,TOTP"
},
"requestID": "xxx-xxx-xxx-xxx-xxx",
"eventID": "xxx-xxx-xxx-xxx-xxx",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"recipientAccountId": "1234567890",
"serviceEventDetails": {
"UserAuthentication": "Success"
},
"eventCategory": "Management"
}
}
```
这三类事件的格式基本相同。针对Identity Center产生的这三类登录事件,可以通过以下的示例EventBridge规则进行过滤:
```
{
"account": ["1234567890"],
"detail": {
"eventName": ["CredentialChallenge", "CredentialVerification", "UserAuthentication"],
"userIdentity": {
"type": ["IdentityCenterUser"]
}
}
}
```
通过Input Transformer抽取关键信息后,示例配置和告警效果为:
```
{
"account": "$.detail.userIdentity.accountId",
"additional": "$.detail.additionalEventData",
"detail": "$.detail.serviceEventDetails",
"eventname": "$.detail.eventName",
"ip": "$.detail.sourceIPAddress",
"region": "$.detail.awsRegion",
"response": "$.detail.responseElements",
"time": "$.detail.eventTime",
"idcstore": "$.detail.userIdentity.onBehalfOf.identityStoreArn",
"userid": "$.detail.userIdentity.onBehalfOf.userId"
}
"时间: <time>\n账户: <account>\n登录终端节点: <region>\n登录IP: <ip>\n事件类型: <eventname>\n事件结果: <detail>\nidentity-store-id: <idcstore>\nuserid: <userid>"
```
可以看出,并非所有事件都会显示该认证工作流的具体登录用户名。但事件中总会包括Identity Center的Identity Store Arn和User ID字段。Identity Center管理员可以通过这两个参数定位到具体的登录用户:
```
aws identitystore describe-user \
--identity-store-id d-xxx \
--user-id xxx
```
如开头所述,在认证通过后, AWS access portal页面会显示出该Identity Center用户被分配的 AWS 账户和permission set列表。当该用户点击某个账户+permission set组合对应到的控制台登录链接时,还会产生”ConsoleLogin”事件。不过此事件产生于用户认证流程之后。该事件的示例为:
```
{
"detail-type": "AWS Console Sign In via CloudTrail",
"source": "aws.signin",
"account": "1234567890",
"time": "2026-01-01T00:00:00Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventVersion": "1.11",
"userIdentity": {
"type": "AssumedRole",
"principalId": "ABCDEFG:abc@test.com",
"arn": "arn:aws:sts::1234567890:assumed-role/AWSReservedSSO_ABCAccess_xxx/ abc@test.com",
"accountId": "1234567890",
"accessKeyId": "ASDFQWER",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "ABCDEFGHIJKLMN",
"arn": "arn:aws:sts::1234567890:assumed-role/AWSReservedSSO_ABCAccess_xxx/ abc@test.com",
"accountId": "1234567890",
"userName": "AWSReservedSSO_ABCAccess_xxx"
},
"attributes": {
"creationDate": "2026-01-01T00:00:00Z ",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2026-01-01T00:00:00Z ",
"eventSource": "signin.amazonaws.com",
"eventName": "ConsoleLogin",
"awsRegion": "us-east-1",
"sourceIPAddress": "1.2.3.4",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:145.0) Gecko/20100101 Firefox/145.0",
"requestParameters": null,
"responseElements": {
"ConsoleLogin": "Success"
},
"additionalEventData": {
"MobileVersion": "No",
"MFAUsed": "No"
},
"eventID": "1a2b3c4d-5e6f-xxx",
"readOnly": false,
"eventType": "AwsConsoleSignIn",
"managementEvent": true,
"recipientAccountId": "1234567890",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "signin.aws.amazon.com"
}
}
}
```
示例登录认证活动监控方案
登录事件产生和架构描述
通常来说,IAM使用signin.aws.amazon.com作为全球统一的登录终端节点。如果使用这个终端节点登录,登录事件会由us-east-1的EventBridge产生。该服务也提供区域终端节点,这些终端节点的格式为<region>.signin.aws.amazon.com。如果使用区域终端节点登录,登录事件将产生在具体区域。关于signin服务提供的终端节点列表,可以参考此链接。对于IAM Identity Center或者其他IdP而言,通常登录页面会将用户跳转到Identity Center的home region或是IdP中配置的登录区域。
对于IAM用户登录而言,区域终端节点的选项是可以在IAM中进行控制的。该区域必须启用了STS才能使用区域终端节点进行登录。这些选项可以在IAM控制台中的账户选项下面进行控制:
综上所述,要简单而完整地监控所有IAM登录活动,应该在账户中所有启用的区域配置EventBridge规则过滤登录事件,然后再转发到一个主区域中进行集中处理。因此这个解决方案分为两个部分:首先,在一个主区域中创建一个自定义Event Bus和SNS Topic集中处理所有登录事件和进行通知;其次,通过在所有区域部署一条EventBridge规则,筛选登录事件发送至主区域的自定义Event Bus进行集中处理,将所有登录事件集中发送到主区域,从而防止其他区域终端服务产生的登录活动没有产生通知。
该通知应用的架构如下:
通过CloudFormation部署示例通知应用
接下来我们将提供一个示例的通知应用,可以用于CloudFormation中进行快速部署。该通知适用于前面环节描述的用户认证相关事件的监控。在开始部署之前,请先确保在至少一个AWS region中开启了CloudTrail管理事件的记录。可以参考此链接完成。另外如果第一次使用CloudFormation,可以参考此链接。
要监控和对登陆事件进行通知,首先请手动创建一个Amazon Simple Notification Service (SNS) 主题。用户可以预先设置好该主题的订阅,以便后续通过自定义渠道接收通知。这个SNS主题的配置保持默认即可,也不需要配置额外的Resource Policy。创建完成之后,请记录这个主题的arn,例如:arn:aws:sns:us-east-1:1234567890:xxx
接下来通过此CloudFormation模板主区域中用于从各个区域接收登录事件的event bus。请将如下的CloudFormation模板复制并保存为一个yaml文件:
```
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
NotificationTopicArn:
Type: String
Description: |-
Arn of SNS topic to send notifications to.
Default: ""
Resources:
ConsoleSigninEventBridgeRole:
Type: AWS::IAM::Role
Properties:
RoleName: ConsoleSigninEventBridgeRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: events.amazonaws.com
Action: sts:AssumeRole
MaxSessionDuration: 3600
ConsoleSigninEventBridgeRolePolicy:
Type: AWS::IAM::RolePolicy
Properties:
PolicyName: ConsoleSigninEventBridgeRolePolicy
RoleName:
Ref: ConsoleSigninEventBridgeRole
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: ActionsForSNS
Effect: Allow
Action:
- sns:Publish
Resource: !Ref NotificationTopicArn
- Sid: ActionsForEventBus
Effect: Allow
Action:
- events:PutEvents
Resource:
Fn::GetAtt:
- ConsoleSigninEventBus
- Arn
ConsoleSigninEventBus:
Type: AWS::Events::EventBus
Properties:
Name: console-signin-eventbus
IAMSigninRule:
Type: AWS::Events::Rule
DependsOn:
- ConsoleSigninEventBus
Properties:
Name: iamuser-consolelogin
EventPattern:
Fn::Sub: >-
{"account":["${AWS::AccountId}"],"detail":{"eventName":["ConsoleLogin"],"userIdentity":{"type":["IAMUser"]}}}
State: ENABLED
Description: ''
EventBusName: console-signin-eventbus
Targets:
- Id: Id260097a2-969b-4b2b-abef-40c65d96ca56
Arn: !Ref NotificationTopicArn
RoleArn:
Fn::GetAtt:
- ConsoleSigninEventBridgeRole
- Arn
InputTransformer:
InputPathsMap:
account: $.detail.userIdentity.accountId
additional: $.detail.additionalEventData
eventname: $.detail.eventName
ip: $.detail.sourceIPAddress
region: $.detail.awsRegion
response: $.detail.responseElements
time: $.detail.eventTime
type: $.detail.userIdentity.type
username: $.detail.userIdentity.userName
InputTemplate: >-
"IAM登录事件\n时间: <time>\n账户: <account>\n登录终端节点: <region>\n登录IP:
<ip>\n事件类型: <type>\n登录用户: <username>\n事件结果: <response>\n额外信息:
<additional>"
IDCSigninRule:
Type: AWS::Events::Rule
DependsOn:
- ConsoleSigninEventBus
Properties:
Name: idcuser-consolelogin
EventPattern:
Fn::Sub: >-
{"account":["${AWS::AccountId}"],"detail":{"eventName":["CredentialChallenge","CredentialVerification","UserAuthentication"],"userIdentity":{"type":["IdentityCenterUser"]}}}
State: ENABLED
Description: ''
EventBusName: console-signin-eventbus
Targets:
- Id: Idcdc4fddc-77c1-42de-a2ec-b89c09758281
Arn: !Ref NotificationTopicArn
RoleArn:
Fn::GetAtt:
- ConsoleSigninEventBridgeRole
- Arn
InputTransformer:
InputPathsMap:
account: $.detail.userIdentity.accountId
additional: $.detail.additionalEventData
detail: $.detail.serviceEventDetails
eventname: $.detail.eventName
idcstore: $.detail.userIdentity.onBehalfOf.identityStoreArn
ip: $.detail.sourceIPAddress
region: $.detail.awsRegion
response: $.detail.responseElements
time: $.detail.eventTime
userid: $.detail.userIdentity.onBehalfOf.userId
InputTemplate: >-
"Identity Center登录事件\n时间: <time>\n账户: <account>\n登录终端节点:
<region>\n登录IP: <ip>\n事件类型: <eventname>\n事件结果:
<detail>\nidentity-store-id: <idcstore>\nuserid: <userid>\n额外信息:
<additional>"
Outputs:
TargetEventBusArn:
Description: Arn of target EventBus to forward events from cross-region
Value:
Fn::GetAtt:
- ConsoleSigninEventBus
- Arn
```
该模板中包含了一个用于EventBridge的IAM Role、一个自定义event bus、两个分别用于监控IAM用户和Identity Center用户登录认证的规则以及相关的input transformer规则。
接下来到CloudFormation控制台,部署这个模板。部署的时候需要填入记录的SNS topic arn作为参数:
部署成功之后,可以在CloudFormation控制台中的Output选项中,或者EventBridge控制台的”Event buses”选项中,看到这个名为”console-signin-eventbus”的自定义event bus:
将这个event bus的arn记录下来,格式为arn:aws:events:xxx,这个arn将作为TargetEventBusArn参数的输入。然后将以下的CloudFormation模板复制并保存为一个yaml文件。在所有启用的区域中通过该CloudFormation模板创建EventBridge规则:
```
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
TargetEventBusArn:
Type: String
Description: |-
Arn of target EventBus to forward notifications to.
Default: ""
Resources:
ConsoleSigninRule:
Type: AWS::Events::Rule
Properties:
Name: console-signin-rule
EventPattern: >-
{"source":["aws.signin"]}
State: ENABLED
EventBusName: default
Targets:
- Id: EventBusTarget
Arn: !Ref TargetEventBusArn
RoleArn:
Fn::Sub: >-
arn:${AWS::Partition}:iam::${AWS::AccountId}:role/ConsoleSigninEventBridgeRole
```
可以通过CloudFormation控制台或者命令行将这个模板部署到单个账户的多个区域。示例命令行如下:
```
for region in us-east-1 us-east-2 us-west-1 us-west-2 ap-south-1 ap-northeast-1 ap-northeast-2 ap-northeast-3 ap-southeast-1 ap-southeast-2 ca-central-1 eu-central-1 eu-west-1 eu-west-2 eu-west-3 eu-north-1 sa-east-1
do
aws cloudformation create-stack --stack-name console-signin-rule --template-body file://xxx/ConsoleSigninRule.yaml --parameters ParameterKey=TargetEventBusArn,ParameterValue=<your target eventbus arn> --region $region
done
```
清理环境
- 运行如下命令删除多个区域部署的EventBridge规则:
```
for region in us-east-1 us-east-2 us-west-1 us-west-2 ap-south-1 ap-northeast-1 ap-northeast-2 ap-northeast-3 ap-southeast-1 ap-southeast-2 ca-central-1 eu-central-1 eu-west-1 eu-west-2 eu-west-3 eu-north-1 sa-east-1
do
aws cloudformation delete-stack --stack-name console-signin-rule --region $region
done
```
- 删除主区域部署的包含自定义EventBus的CloudFormation堆栈
总结
在这篇文章中,我们向您介绍了通过IAM用户和IAM Identity Center用户登录的认证过程和其中产生的EventBridge事件,以及如何创建简单的账户登录活动告警。您可以通过这个解决方案,或者在这个解决方案的基础上进行一些自定义,来满足对账户登录活动的安全和合规要求。
*前述特定亚马逊云科技生成式人工智能相关的服务目前在亚马逊云科技海外区域可用。亚马逊云科技中国区域相关云服务由西云数据和光环新网运营,具体信息以中国区域官网为准。
本篇作者
AWS 架构师中心: 云端创新的引领者
探索 AWS 架构师中心,获取经实战验证的最佳实践与架构指南,助您高效构建安全、可靠的云上应用
|
 |
