Org-Specific Audit Log Events in Terraform Enterprise
Today we are announcing the ability for customers running Terraform Enterprise in a multiple organization configuration to identify the originating organization for all audit events. Previously, the stream of audit events included a range of information about the source of actions, but tying those events back to a specific organization would require cross-referencing other data or querying the API.
With this small addition to the event payload, customers can now build improved monitoring and alerting around their Terraform Enterprise audit logs.
» Updated event format
The updated event format will now appear like the following in the Terraform Enterprise log output:
Nov 26 17:43:48 blp-tfe-f0fn journal: 2019-11-26 17:43:48 [INFO] [Audit Log] {"resource":"policy","action":"destroy","resource_id":"pol-ZYtcbXCGTE4gNsUu","actor":"user","timestamp":"2019-09-17T17:43:48Z","actor_ip":"8.8.8.8", "organization": "my-org-name"}
As you can see the audit log event structure has been expanded to include an “organization” attribute, which will be set to the name of the originating organization within Terraform Enterprise.
» Isolating and Monitoring Environments by Organization
Using a centralized logging service is a convenient way to have a standardized approach to monitoring and is a common approach for many of our customers. However, not all environments have the same thresholds or monitoring requirements. Alerting on a production system may be very sensitive to unexpected changes to ensure any required intervention happens quickly, while monitoring of development environments may be comparatively lax.
One of the challenges customers have been running into is when they use organizations as a way to isolate specific types of workloads or environments, for example having all “production” workspaces in an isolated organization. The existing log output from Terraform Enterprise would be streamed into another service, and all of the logs from all of the organizations within that Terraform Enterprise installation would be intermingled. This made it impossible for customers to treat audit events in one organization with a different priority to the others.
Now the name of the organization is included in the audit logs and filtering of events can be implemented, if required, in other systems.
» Getting started
For more information on Terraform Cloud and Terraform Enterprise or to get started with your free trial, visit the Terraform product page. To learn more about Terraform visit the HashiCorp Learn platform and see it in action.
Sign up for the latest HashiCorp news
More blog posts like this one
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Speed up app delivery with automated cancellation of plan-only Terraform runs
Automatic cancellation of plan-only runs allows customers to easily cancel any unfinished runs for outdated commits to speed up application delivery.