Audit Logs
The Spectro Cloud management platform application captures audit logs to track the user interaction with the application resources along with the timeline. For certain resources, the system-level modifications are also captured in the audit logs.
The audit log contains information about the resource and the user who performed the action. The user or the system action on the resource is classified as Create, Update, and Delete. Every resource is categorized as a type that helps the user to scope down the audit logs.
View Audit Logs
Audits can be accessed for the tenant scope and the project scope. The tenant scope audits show all the activity logs across all projects and tenant actions. The project scope audits show the activity logs for the specific project.
-
Log in to Palette.
-
Select a project to view project scope audit logs or select Tenant Admin to view tenant scope audit logs.
- Users must have the Project Viewer role with
audit.getandaudit.listpermissions for the selected project to access the audit logs. - Users must have the Tenant Admin role or the
audit.getandaudit.listpermissions at the tenant scope to access the audit logs.
- Users must have the Project Viewer role with
-
Navigate to the left main menu and select Audit Logs.
-
You can filter audit logs based on user and resource attributes. The following attributes can be used to filter the audit logs.
- Project
- Log Type
- User
- Resource Type
-
You can also download audit logs as CSV files.
Add Update Note
For certain resources, like cluster profiles, you can associate a custom update note in addition to the generic audit event log. On a successful save of a cluster profile, you will be prompted to provide an update note about the changes made to the profile. This message will be shown when you select an audit log from the list.
Push Audit Trails to Amazon CloudWatch
You can push the compliance, management, operational, and risk audit logs to Amazon CloudWatch. This enables continuous monitoring, security analysis, resource tracking, and troubleshooting of the workload cluster using the event history.
Prerequisites
Ensure that the IAM user or the ROOT user role created has the following IAM policy included for Amazon CloudWatch.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DeleteLogStream",
"logs:DescribeLogStreams"
],
"Resource": ["<CLOUDWATCH-LOG-GROUP-ARN>"]
}
]
}
Enablement
-
Log in to Palette as a tenant admin.
-
Navigate to the left main menu and select Tenant Settings. Then, select Audit Trails from the Infrastructure section.
-
Select Add new Audit Trail. The Add audit trail window appears.
-
Fill in the following details.
- Audit Name: Custom name to identify the logs.
- Type: Choice of monitoring service. Currently, CloudWatch is available.
- Group: The log group name obtained from CloudWatch logs for audit trail creation.
- Region: The region of the AWS account.
- Credentials : Use an Access Key and Secret Access Key to validate the AWS account for pushing the audit trails from Palette.
- STS: Use Amazon's unique resource identifier, ARN, to validate the AWS account for pushing the audit trails from Palette.
- Stream (Optional): CloudWatch log stream for audit trail creation.
-
Select Confirm to complete the audit trail configuration. Audit trails can be edited and deleted using the three-dot Menu.