“All these investments in DevOps and developer productivity and operational efficiency are bottlenecking in these environments on security and compliance.”
This was an observation from Andrew Clay Shafer in a fireside chat with John Willis at DevOps Days Dallas 2022. One such bottleneck can come in the form of audit logs, but auditability doesn’t have to be a blocker.
In this post we’ll take a look at why auditing is necessary for Infrastructure as Code, the benefits of having an audit trail for Terraform and other IaC frameworks (such as Terragrunt, Pulumi, CloudFormation, Kubernetes, and others), and share how you can automate your audit trail easily with env0.
How do you audit Infrastructure as Code?
All you need is a central log management system that can aggregate and parse your audit. env0 delivers a number of benefits for auditability:
- Changes to infrastructure are tracked in the code repository, making it easy to see who made what changes and when.
- Automatically roll back changes that cause problems.
- Audit changes made by third-party vendors.
Audit log walkthrough
There are two ways to access audit logs in env0, 1) through the UI, and 2) through the API. As always, env0 gives you the flexibility to interact with your infrastructure-as-code as it suits your organization, be it programmatically or through a simple user interface. Only an Admin user can access the Audit Logs.
The audit log contains information about who performed the activity, when the action was performed, the activity’s description, and additional data like their IP address.
The audit log shows events related to changes in your:
- Organization
- Projects
- Templates
- Environments
- Teams
- Users
- Roles
- Modules
- Git Tokens
- Cloud credentials
- API keys
- SSH keys
- Variables
- Agent configurations
Through the env0 UI
- Go to the Organization's Settings page.
- Click the Audit Logs tab.
- The audit details are listed in a table.
- Click the row's + sign to reveal additional activity details.
- Click the Show more button at the bottom of the page to see more rows.
Through the env0 API
Use the "Fetch Audit Logs" API to retrieve your organization's audit logs programmatically. Learn more about the audit log in our documentation.
Use an audit log for governance and compliance
With this latest release, we’re continuing to deliver the enterprise-level capabilities to enable DevOps, Platform, and Infrastructure as Code teams to deliver secure software faster while ensuring compliance with internal policies or external regulations. Env0 has clearly auditable versioning of infrastructure changes, giving you the answer to questions like, “What was changed, who changed it, and when was it changed?”
We help you avoid the audit and compliance bottleneck, so you can focus on what’s important—shipping software.
“All these investments in DevOps and developer productivity and operational efficiency are bottlenecking in these environments on security and compliance.”
This was an observation from Andrew Clay Shafer in a fireside chat with John Willis at DevOps Days Dallas 2022. One such bottleneck can come in the form of audit logs, but auditability doesn’t have to be a blocker.
In this post we’ll take a look at why auditing is necessary for Infrastructure as Code, the benefits of having an audit trail for Terraform and other IaC frameworks (such as Terragrunt, Pulumi, CloudFormation, Kubernetes, and others), and share how you can automate your audit trail easily with env0.
How do you audit Infrastructure as Code?
All you need is a central log management system that can aggregate and parse your audit. env0 delivers a number of benefits for auditability:
- Changes to infrastructure are tracked in the code repository, making it easy to see who made what changes and when.
- Automatically roll back changes that cause problems.
- Audit changes made by third-party vendors.
Audit log walkthrough
There are two ways to access audit logs in env0, 1) through the UI, and 2) through the API. As always, env0 gives you the flexibility to interact with your infrastructure-as-code as it suits your organization, be it programmatically or through a simple user interface. Only an Admin user can access the Audit Logs.
The audit log contains information about who performed the activity, when the action was performed, the activity’s description, and additional data like their IP address.
The audit log shows events related to changes in your:
- Organization
- Projects
- Templates
- Environments
- Teams
- Users
- Roles
- Modules
- Git Tokens
- Cloud credentials
- API keys
- SSH keys
- Variables
- Agent configurations
Through the env0 UI
- Go to the Organization's Settings page.
- Click the Audit Logs tab.
- The audit details are listed in a table.
- Click the row's + sign to reveal additional activity details.
- Click the Show more button at the bottom of the page to see more rows.
Through the env0 API
Use the "Fetch Audit Logs" API to retrieve your organization's audit logs programmatically. Learn more about the audit log in our documentation.
Use an audit log for governance and compliance
With this latest release, we’re continuing to deliver the enterprise-level capabilities to enable DevOps, Platform, and Infrastructure as Code teams to deliver secure software faster while ensuring compliance with internal policies or external regulations. Env0 has clearly auditable versioning of infrastructure changes, giving you the answer to questions like, “What was changed, who changed it, and when was it changed?”
We help you avoid the audit and compliance bottleneck, so you can focus on what’s important—shipping software.