What is the internal audit log and what is it used for?
- The internal audit log is a database of every single command that is issued to the system, along with all data for that request (except sensitive information such as passwords and private keys). Additional metadata such as tenant id, user id, impersonated user id, timestamp is also tracked.
- It is used to discover specific actions taken by a specific user. It is not used to create a list of all actions taken in a tenant over a span of time.
- It logs front end actions. Changes coming through integration channels many not be logged.
- It is expensive. This is a massive amount of data. Thus:
- We incur extra costs from AWS any time we query data, and the more data we query the more expensive it is.
- There is a three month retention window for data.
-
We will interpret the log for clients. Since this is a data dump, most likely the only reason the actual log would be needed or useful is if there is legal action pending.
To request information from the log:
- Make sure this is a legitimate, critical need.
- Gather all relevant data:
- Tenant ID and region
- A short description of the client request/need
- The specific action taken that you need information about
- Other relevant unique IDs: event ID, user ID, invoice ID, etc. Please send the full ID numbers (don't truncate the first sections off of event IDs that are always the same).
- The date range of the action. Please be as specific as possible (remember, the more data we query, the more expensive it is).
- Message @ops in the #venueops-discussion channel with the data you gathered.
Comments
0 comments
Article is closed for comments.