Org-Specific Audit Log Events in Terraform Enterprise
Today we are announcing the ability for customers running Terraform Enterprise in a multiple organization configuration to identify the originating organization for all audit events. Previously, the stream of audit events included a range of information about the source of actions, but tying those events back to a specific organization would require cross-referencing other data or querying the API.
With this small addition to the event payload, customers can now build improved monitoring and alerting around their Terraform Enterprise audit logs.
» Updated event format
The updated event format will now appear like the following in the Terraform Enterprise log output:
Nov 26 17:43:48 blp-tfe-f0fn journal: 2019-11-26 17:43:48 [INFO] [Audit Log] {"resource":"policy","action":"destroy","resource_id":"pol-ZYtcbXCGTE4gNsUu","actor":"user","timestamp":"2019-09-17T17:43:48Z","actor_ip":"8.8.8.8", "organization": "my-org-name"}
As you can see the audit log event structure has been expanded to include an “organization” attribute, which will be set to the name of the originating organization within Terraform Enterprise.
» Isolating and Monitoring Environments by Organization
Using a centralized logging service is a convenient way to have a standardized approach to monitoring and is a common approach for many of our customers. However, not all environments have the same thresholds or monitoring requirements. Alerting on a production system may be very sensitive to unexpected changes to ensure any required intervention happens quickly, while monitoring of development environments may be comparatively lax.
One of the challenges customers have been running into is when they use organizations as a way to isolate specific types of workloads or environments, for example having all “production” workspaces in an isolated organization. The existing log output from Terraform Enterprise would be streamed into another service, and all of the logs from all of the organizations within that Terraform Enterprise installation would be intermingled. This made it impossible for customers to treat audit events in one organization with a different priority to the others.
Now the name of the organization is included in the audit logs and filtering of events can be implemented, if required, in other systems.
» Getting started
For more information on Terraform Cloud and Terraform Enterprise or to get started with your free trial, visit the Terraform product page. To learn more about Terraform visit the HashiCorp Learn platform and see it in action.
Sign up for the latest HashiCorp news
More blog posts like this one
New Terraform integrations with Crowdstrike, Datadog, JFrog, Red Hat, and more
12 new Terraform integrations from 9 partners provide more options to automate and secure cloud infrastructure management.
Terraform delivers launch-day support for Amazon S3 Tables, EKS Hybrid Nodes, and more at re:Invent
The Terraform provider for AWS now enables users to manage a variety of new services just announced at re:Invent.
HashiCorp at re:Invent 2024: Infrastructure Lifecycle Management with AWS
A recap of HashiCorp infrastructure news and developments on AWS from the past year, from a new provider launch to simplifying infrastructure provisioning and more.