Org-Specific Audit Log Events in Terraform Enterprise
Today we are announcing the ability for customers running Terraform Enterprise in a multiple organization configuration to identify the originating organization for all audit events. Previously, the stream of audit events included a range of information about the source of actions, but tying those events back to a specific organization would require cross-referencing other data or querying the API.
With this small addition to the event payload, customers can now build improved monitoring and alerting around their Terraform Enterprise audit logs.
» Updated event format
The updated event format will now appear like the following in the Terraform Enterprise log output:
Nov 26 17:43:48 blp-tfe-f0fn journal: 2019-11-26 17:43:48 [INFO] [Audit Log] {"resource":"policy","action":"destroy","resource_id":"pol-ZYtcbXCGTE4gNsUu","actor":"user","timestamp":"2019-09-17T17:43:48Z","actor_ip":"8.8.8.8", "organization": "my-org-name"}
As you can see the audit log event structure has been expanded to include an “organization” attribute, which will be set to the name of the originating organization within Terraform Enterprise.
» Isolating and Monitoring Environments by Organization
Using a centralized logging service is a convenient way to have a standardized approach to monitoring and is a common approach for many of our customers. However, not all environments have the same thresholds or monitoring requirements. Alerting on a production system may be very sensitive to unexpected changes to ensure any required intervention happens quickly, while monitoring of development environments may be comparatively lax.
One of the challenges customers have been running into is when they use organizations as a way to isolate specific types of workloads or environments, for example having all “production” workspaces in an isolated organization. The existing log output from Terraform Enterprise would be streamed into another service, and all of the logs from all of the organizations within that Terraform Enterprise installation would be intermingled. This made it impossible for customers to treat audit events in one organization with a different priority to the others.
Now the name of the organization is included in the audit logs and filtering of events can be implemented, if required, in other systems.
» Getting started
For more information on Terraform Cloud and Terraform Enterprise or to get started with your free trial, visit the Terraform product page. To learn more about Terraform visit the HashiCorp Learn platform and see it in action.
Sign up for the latest HashiCorp news
More blog posts like this one

Helvetia’s journey building an enterprise serverless product with Terraform
What started as a basic compliance challenge for one team at Helvetia Insurance evolved into a comprehensive enterprise solution for running self-managed installations like a cloud service, using Terraform to manage a serverless architecture.

Scalable, secure infrastructure code the right way: Use a private module registry
How do you ensure standard security, compliance, and reliability best practices are followed across your organization when provisioning infrastructure? A private module registry is the first step.

Vault Enterprise 1.20: SCEP, usage reporting, cloud secret imports
Vault 1.20 adds smarter, streamlined security workflows with encryption updates and UX improvements. The Terraform Vault provider adds ephemeral values.