Introduction
We are pleased to announce the implementation of audit logs, a powerful new feature designed to enhance transparency and accountability within your cloud environment.
Prerequisite
- Code editor
- Python installed
-
API Security Tokens:
- Access key
- Secret key
- Organization ID
Query audit logs
Below is an example of calling the audit log API endpoint via Python. You can learn more about authenticated API requests here.
import hmac
import hashlib
import base64
import datetime
import requests
import json
# AT MINIMUM, FILL OUT THESE 3 VARIABLES AND RUN THE SCRIPT
# BY DEFAULT YOU WILL GET 1-DAY HISTORY OF AUDIT LOGS
api_access_key = ""
api_secret_key = ""
org_id = ""
# OPTIONAL: TO FILTER OUTPUT WITH QUERY PARAMS
# 1. add them to query_params_dict
# 2. sort them alphabetically, seperate by &, and add to query_params_string
#
# Example:
# query_params_dict = {
# "target_types" : "VM",
# "project_ids" : "fc9hyy16-305c-k8fg-8d70-b474fec1f001"
# }
# query_params_string = "project_ids=fc9hyy16-305c-k8fg-8d70-b474fec1f001&target_types=VM"
#
# See all supported query parameters at https://docs.crusoecloud.com/api/index.html
query_params_dict = {}
query_params_string = ""
########################################
# ----- DON'T EDIT BELOW THIS ------- #
########################################
request_path = "/organizations/" + org_id + "/audit-logs"
request_verb = "GET"
signature_version = "1.0"
api_version = "/v1alpha5"
dt = str(datetime.datetime.now(datetime.timezone.utc).replace(microsecond=0))
dt = dt.replace(" ", "T")
payload = api_version + request_path + "\n" + query_params_string + "\n" + request_verb + "\n{0}\n".format(dt)
decoded = base64.urlsafe_b64decode(api_secret_key + '=' * (-len(api_secret_key) % 4))
signature = base64.urlsafe_b64encode(hmac.new(decoded, msg = bytes(payload, 'ascii'), digestmod=hashlib.sha256).digest()).decode('ascii').rstrip("=")
response = requests.get(
'https://api.crusoecloud.com' + api_version + request_path,
headers={
'X-Crusoe-Timestamp': dt,
'Authorization': 'Bearer {0}:{1}:{2}'.format(signature_version, api_access_key, signature)
},
params=query_params_dict
)
data = response.text
mydata = json.loads(data)
print(json.dumps(mydata, indent=4))
1. Copy paste the above python query into your favorite code editor
2. Update the api_access_key, api_secret_key and the org_id
3. Run the python script
This will generate an output similar to the example below:
{
"action": "Start",
"action_detail": "",
"actor_id": "ab4a6b00-aa5f-408e-a9fb-ac6de5eb45ab",
"actor_email": "john.smith@mycompany.com",
"actor_type": "User",
"client_ip": "10.192.200.155:12345",
"end_time": "2024-07-21T23:10:29.157Z",
"error_message": "",
"locations": "[us-northcentral1-a]",
"organization_id": "804bf3a2-81f2-4d78-9a9e-dc6a55ed33d8",
"organization_name": "My Company",
"project_id": "fc9hyy16-305c-k8fg-8d70-b474fec1f001",
"project_name": "renewable-ocean-807",
"target_ids": "[123e4567-e89b-12d3-a456-426614174000]",
"target_names": "[my-vm]",
"target_type": "VM",
"result": "OK",
"start_time": "2024-07-21T23:10:11.982Z",
"surface": "Console"
}
More information can be found here
FAQs
1. How long can I view a log?
Audit logs give you a 90 day history of who did what in your cloud.
2. Is this available in the UI?
Audit log is only available through the API for now. Viewing audit logs in the UI and CLI will be coming soon.
3. Can I view logs exposed actions taken within my VM?
Audit logs exposes actions taken through the control plane. It does not report on actions taken from within a resource (VM). Audit logs does not have entries for data access events.
Comments
0 comments
Article is closed for comments.