我可以完全访问AWS帐户,查看创建和使用的所有密钥,并需要了解私钥的所有者。但AWS UI不提供任何关于密钥对的信息,除了ID、名称、类型、指纹
是否可以确定是谁在AWS EC2中创建了某个密钥对?
如果设置了CloudTrail,它会记录包括用户在内的事件。以下内容摘自AWS Cloudtrail文档:
{"Records": [{
"eventVersion": "1.0",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::123456789012:user/Alice",
"accountId": "123456789012",
"accessKeyId": "EXAMPLE_KEY_ID",
"userName": "Alice",
"sessionContext": {"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2014-03-06T15:15:06Z"
}}
},
"eventTime": "2014-03-06T17:10:34Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "CreateKeyPair",
"awsRegion": "us-east-2",
"sourceIPAddress": "72.21.198.64",
"userAgent": "EC2ConsoleBackend, aws-sdk-java/Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx",
"requestParameters": {"keyName": "mykeypair"},
"responseElements": {
"keyName": "mykeypair",
"keyFingerprint": "30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21",
"keyMaterial": "u003csensitiveDataRemovedu003e"
}
}]}
如果在创建密钥对时没有启用cloudTrail,我想你可能运气不好。如果你有付费支持,你可以向AWS提出问题,或者使用AWS论坛-他们可能比我知道得更多。