Centralized audit logs

β­οΈβ­οΈπŸ›¬ Landing ZoneAudit logs from all cloud tenants (API/resource access) are centrally collected and stored.

Audit Logs are records of what actions were performed by whom. A centralized audit log stores audit logs from all cloud tenants.

The audit logs we need to store here cover interactions with the cloud API. A common example would be answering the question β€œwho deployed and configured this specific Cloud Function?”. This is important to balance the freedom given to teams: β€œWe let you deploy your own workload, but we will be looking over your shoulders”.

Centralized audit logs make an analysis of logs easier for auditors. Standardizing and providing a centralized audit log as part of Landing Zones frees DevOps teams from the burden of finding out how to comply with auditor requirements.

Make your Cloud Security a Priority

Standardizing and providing a centralized audit log as part of Landing Zones frees DevOps teams from the burden of finding out how to comply with auditor requirements.

Learn more β†’

Proven Patterns When Implementing Centralized Audit Logs

Store and Retain First, Worry about Analytics Later

Audit logs enable incident analysis right at the start. You can still build SIEM and preventive capabilities later. See (Cloud SIEM).

Carefully Guard Access to Centralized Audit Logs

DevOps teams are responsible for keeping secrets from leaking into logs. Even with rolling credentials, there is a chance that centralized audit logs contain sensible information. Therefore access should be restricted carefully to minimize risk.

Create a Concept That Outlines Your Centralized Audit Log Strategy

DevOps teams and Auditors want to know how the system works and need to know how to interact with it. Laying it out in a concept that is shared widely reduces dependencies.

Currently no tool implementations documented. Contributions welcome!

Last Updated: