Org-Specific Audit Log Events in Terraform Enterprise

Today we are announcing the ability for customers running Terraform Enterprise in a multiple organization configuration to identify the originating organization for all audit events. Previously, the stream of audit events included a range of information about the source of actions, but tying those events back to a specific organization would require cross-referencing other data or querying the API.

With this small addition to the event payload, customers can now build improved monitoring and alerting around their Terraform Enterprise audit logs.

»Updated event format

The updated event format will now appear like the following in the Terraform Enterprise log output:

Nov 26 17:43:48 blp-tfe-f0fn journal: 2019-11-26 17:43:48 [INFO] [Audit Log] {"resource":"policy","action":"destroy","resource_id":"pol-ZYtcbXCGTE4gNsUu","actor":"user","timestamp":"2019-09-17T17:43:48Z","actor_ip":"8.8.8.8", "organization": "my-org-name"}

As you can see the audit log event structure has been expanded to include an “organization” attribute, which will be set to the name of the originating organization within Terraform Enterprise.

»Isolating and Monitoring Environments by Organization

Using a centralized logging service is a convenient way to have a standardized approach to monitoring and is a common approach for many of our customers. However, not all environments have the same thresholds or monitoring requirements. Alerting on a production system may be very sensitive to unexpected changes to ensure any required intervention happens quickly, while monitoring of development environments may be comparatively lax.

One of the challenges customers have been running into is when they use organizations as a way to isolate specific types of workloads or environments, for example having all “production” workspaces in an isolated organization. The existing log output from Terraform Enterprise would be streamed into another service, and all of the logs from all of the organizations within that Terraform Enterprise installation would be intermingled. This made it impossible for customers to treat audit events in one organization with a different priority to the others.

Now the name of the organization is included in the audit logs and filtering of events can be implemented, if required, in other systems.

»Getting started

For more information on Terraform Cloud and Terraform Enterprise or to get started with your free trial, visit the Terraform product page. To learn more about Terraform visit the HashiCorp Learn platform and see it in action.