Cloud Audit Trail → credential anomaly / account activity review
異常事件
6
Unknown Region
ap-south-1
Credential Status
Compromised?
Recent Audit Events
Time
Action
Region
Principal
Risk
2026-03-31 02:14
CreateInstance
ap-south-1
svc-batch-export
High
2026-03-31 02:19
CreateAccessKey
ap-south-1
svc-batch-export
High
2026-03-31 02:24
ListBuckets
ap-south-1
svc-batch-export
High
Analyst Prompt
這是否足以判定雲端憑證遭濫用?
應先停用 key、輪替憑證,還是先隔離資源?
是否已有資料面或成本面影響?