Today we are announcing the ability for customers running Terraform Enterprise in a multiple organization configuration to identify the originating organization for all audit events. Previously, the stream of audit events included a range of information about the source of actions, but tying those events back to a specific organization would require cross-referencing other data or querying the API.
With this small addition to the event payload, customers can now build improved monitoring and alerting around their Terraform Enterprise audit logs.
The updated event format will now appear like the following in the Terraform Enterprise log output:
Nov 26 17:43:48 blp-tfe-f0fn journal: 2019-11-26 17:43:48 [INFO] [Audit Log] {"resource":"policy","action":"destroy","resource_id":"pol-ZYtcbXCGTE4gNsUu","actor":"user","timestamp":"2019-09-17T17:43:48Z","actor_ip":"8.8.8.8", "organization": "my-org-name"}
As you can see the audit log event structure has been expanded to include an “organization” attribute, which will be set to the name of the originating organization within Terraform Enterprise.
Using a centralized logging service is a convenient way to have a standardized approach to monitoring and is a common approach for many of our customers. However, not all environments have the same thresholds or monitoring requirements. Alerting on a production system may be very sensitive to unexpected changes to ensure any required intervention happens quickly, while monitoring of development environments may be comparatively lax.
One of the challenges customers have been running into is when they use organizations as a way to isolate specific types of workloads or environments, for example having all “production” workspaces in an isolated organization. The existing log output from Terraform Enterprise would be streamed into another service, and all of the logs from all of the organizations within that Terraform Enterprise installation would be intermingled. This made it impossible for customers to treat audit events in one organization with a different priority to the others.
Now the name of the organization is included in the audit logs and filtering of events can be implemented, if required, in other systems.
For more information on Terraform Cloud and Terraform Enterprise or to get started with your free trial, visit the Terraform product page. To learn more about Terraform visit the HashiCorp Learn platform and see it in action.
A recap of HashiCorp infrastructure and security news and developments from Google Cloud Next, from scaling infrastructure as code to fighting secrets sprawl and more.
New in Terraform 1.8: Provider-defined functions let users extend Terraform with custom capabilities. Plus, refactoring can now be done across resource types.
See usage examples of Terraform 1.8's new launch-day provider-defined functions for AWS, Google Cloud, and Kubernetes.