Amazon AWS Elastic Kubernetes Service Sample Event Messages
Use these sample event messages to verify a successful integration with JSA.
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Amazon AWS Elastic Kubernetes Service Sample Message when you use the Amazon Web Services Protocol
Sample 1: The following sample event message shows that a watch role changed to an object of kind role.
{"kind":"Event","apiVersion":"audit.k8s.io/
v1","level":"Request","auditID":"8716c01c-7a52-4100-8e97-1b9640c72a2f","stage":"ResponseComplete",
"requestURI":"/apis/rbac.authorization.k8s.io/v1/roles?
allowWatchBookmarks=true&resourceVersion=1575982&timeout=6m33s&timeoutSeconds=393&watch=true","ver
b":"watch","user":{"username":"system:kube-controller-manager","groups":
["system:authenticated"]},"sourceIPs":["10.0.46.47"],"userAgent":"kube-controller-manager/v1.18.9
(linux/amd64) kubernetes/d1db3c4/shared-informers","objectRef":
{"resource":"roles","apiGroup":"rbac.authorization.k8s.io","apiVersion":"v1"},"responseStatus":
{"metadata":{},"status":"Success","message":"Connection closed
early","code":200},"requestReceivedTimestamp":"2021-03-29T19:15:03.945243Z","stageTimestamp":"2021
-03-29T19:21:36.945705Z","annotations":{"authorization.k8s.io/
decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding
\"system:kube-controller-manager\" of ClusterRole \"system:kube-controller-manager\" to User
\"system:kube-controller-manager\""}}|
JSA field name |
Highlighted values in the event payload |
|---|---|
|
Event ID |
Watch |
|
Event Category |
Event Category |
|
Source IP |
10.0.46.47 |
|
Username |
system:kube-controller-manager |
|
Device Time |
2021-03-29T19:21:36.945705Z |
Sample 2: The following sample event shows that the specified lease is replaced.
{LogStreamName: kube-apiserver-audit-e5c612db6e0f317f383ed50f22c28423,Timestamp:
1616696002054,Message: {"kind":"Event","apiVersion":"audit.k8s.io/
v1","level":"Metadata","auditID":"e4b88806-2ebf-45b7-8e92-998a33fb0689","stage":"ResponseComplete"
,"requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/kube-controller-manager?
timeout=10s","verb":"update","user":{"username":"system:kube-controller-manager","groups":
["system:authenticated"]},"sourceIPs":["10.0.184.90"],"userAgent":"kube-controller-manager/
v1.18.9 (linux/amd64) kubernetes/d1db3c4/leader-election","objectRef":
{"resource":"leases","namespace":"kube-system","name":"kube-controllermanager","
uid":"a047cca1-2cda-4e10-9f5c-205de4effe90","apiGroup":"coordination.k8s.io","apiVersion
":"v1","resourceVersion":"36409"},"responseStatus":{"metadata":
{},"code":200},"requestReceivedTimestamp":"2021-03-25T18:13:21.066654Z","stageTimestamp":"2021-03-
25T18:13:21.071075Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/
reason":"RBAC: allowed by ClusterRoleBinding \"system:kube-controller-manager\" of ClusterRole
\"system:kube-controller-manager\" to User \"system:kube-controller-manager\""}},IngestionTime:
1616696007143,EventId: 36053525605289394950164595066735255382191488289159053312}|
JSA field name |
Highlighted values in the payload |
|---|---|
|
Event ID |
update |
|
Event Category |
Event Category |
|
Source IP |
10.0.184.90 |
|
Username |
system:kube-controller-manager |
|
Device Time |
2021-03-25T18:13:21.071075Z |