-
Notifications
You must be signed in to change notification settings - Fork 224
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(audit-trail): add audit trail documentation (#3970)
- Loading branch information
1 parent
e148fcf
commit 3832d41
Showing
12 changed files
with
439 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
--- | ||
meta: | ||
title: Audit Trail FAQ | ||
description: Get answers on using Scaleway's Audit Trail to monitor events, enhance security, and track activities across your resources | ||
content: | ||
h1: Audit Trail | ||
productIcon: SecretManagerProductIcon | ||
dates: | ||
validation: 2024-11-28 | ||
category: identity-and-access-management | ||
--- | ||
|
||
## What is Audit Trail? | ||
|
||
Audit Trail is a tool that holds a record of events and changes performed within a Scaleway Organization. | ||
|
||
## Why do I need Audit Trail? | ||
|
||
Audit Trail helps you ensure accountability and security by recording who did what and when within your Scaleway Organization. It tracks activity across all your resources (identity of the principal, date of activity, source IP address, API method used, and status of the request). | ||
|
||
You can use Audit Trail for troubleshooting, compliance verification, and analysis in the event of a breach. | ||
|
||
## How am I billed for using Audit Trail? | ||
|
||
Audit Trail is free of charge. | ||
|
||
## Which Scaleway products are integrated with Audit Trail? | ||
|
||
During Beta, only Secret Manager is integrated with Audit Trail. Refer to the [dedicated documentation](/identity-and-access-management/audit-trail/reference-content/resource-integration-with-adt/) to find out more about product integration with Audit Trail. | ||
|
||
## Where are my Audit Trail events stored? | ||
|
||
Audit Trail events are stored in the same region where the activity occurred. This means that if an event takes place in a specific region, it will be saved and accessible in that same region. | ||
|
||
Audit Trail is not available for the Poland - Warsaw region. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
--- | ||
meta: | ||
title: Audit Trail - Concepts | ||
description: Learn fundamental concepts of Scaleway's Audit Trail. | ||
content: | ||
h1: Concepts | ||
paragraph: Learn fundamental concepts of Scaleway's Audit Trail. | ||
tags: audit-trail log events access | ||
dates: | ||
validation: 2024-11-28 | ||
--- | ||
|
||
## Audit Trail | ||
|
||
Audit Trail is a tool that holds a record of events and changes performed within a Scaleway Organization. Audit Trail allows you to keep track of all actions, whether successful, attempted, or failed, perfomed on your Scaleway resources. | ||
|
||
With Audit Trail you can view actions taken by any [principal](/identity-and-access-management/iam/concepts/#principal) in any Project and on any of your Scaleway resources. You can also see the API methods used, the outcome of the action performed (status), and the IP address from which a principal performed an action. | ||
|
||
Audit Trail allows you to view the metadata of the API method used, allowing you to investigate incidents and troubleshoot issues. | ||
|
||
## Event | ||
|
||
An event is a record of any activity related to your Scaleway resources, encompassing actions by users, applications, or Scaleway. | ||
|
||
## Project | ||
|
||
In the context of Audit Trail, a Project refers to the place where the Scaleway resources being monitored are located. They can be located in different Scaleway Projects, of different Scaleway Organizations. | ||
|
||
## Method | ||
|
||
A method in the context of Audit Trail is the API call sent to the Audit Trail API whenever a principal takes an action (whether successful, attempted, or failed) on any Scaleway resource. | ||
|
||
## Region | ||
|
||
A region is the geographical area in which your resources are located (Paris, Amsterdam). Audit Trail is not available for the Poland - Warsaw region. | ||
|
||
Audit Trail allows you to select and filter your resources by region and Scaleway Project. This allows you to better sort through your resources. | ||
|
||
## Status | ||
|
||
A status is the API response returned whenever an action was taken on a resource by a principal. There are two statuses: | ||
|
||
- `200`: the API request was executed. | ||
|
||
- `403`: permission to access the API was denied. |
41 changes: 41 additions & 0 deletions
41
...-and-access-management/audit-trail/how-to/configure-audit-trail-permissions.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
--- | ||
meta: | ||
title: How to configure the Audit Trail permission set | ||
description: Learn how to configure IAM permissions for accessing Scaleway's Audit Trail, enabling event tracking across Organizations and Projects. | ||
content: | ||
h1: How to configure the Audit Trail permission set | ||
paragraph: Learn how to configure IAM permissions for accessing Scaleway's Audit Trail, enabling event tracking across Organizations and Projects. | ||
tags: audit-trail events tracking iam permissions | ||
dates: | ||
validation: 2024-11-28 | ||
posted: 2024-11-28 | ||
categories: | ||
- identity-and-access-management | ||
--- | ||
|
||
This page teaches you how to configure the necessary permission set to access [Audit Trail](/identity-and-access-management/audit-trail/concepts/#audit-trail). | ||
|
||
## Configure the Audit Trail permission set | ||
|
||
To start using Audit Trail you need to configure the `AuditTrailReadOnly` or the `OrganizationManager` permission sets in [IAM](/identity-and-access-management/iam/concepts/#iam). | ||
The `OrganizationManager` permission set is included in the `Administrators` group which is created by default whenever a new Organization is created. | ||
The [scope](/identity-and-access-management/iam/concepts/#scope) of these permission sets is at [Organization](/identity-and-access-management/iam/concepts/#organization) level. | ||
|
||
1. Click **Identity and Access Management (IAM)** from the top-right of your [**Organization Dashboard**](https://console.scaleway.com/organization) in the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays. | ||
2. [Create an IAM policy](/identity-and-access-management/iam/how-to/create-policy/) and perform steps one to five. | ||
3. Select the **Access to Organization features** scope and click **Validate** to move on to the next step. | ||
<Message type="important"> | ||
The **Access to Organization features** scope allows you to give the [principal](/identity-and-access-management/iam/concepts/#principal) permissions to Organization-level features such as IAM, Audit Trail, billing, support and abuse tickets, and project management. | ||
</Message> | ||
4. Click the **Security and Identity** category in the **Products** section, then choose the **AuditTrailReadOnly** permission set. | ||
5. Click **Validate**. | ||
6. Click **Create policy**. | ||
|
||
## Configure Audit Trail access via the IAM Administrators group | ||
|
||
You can also use Audit Trail if you are part of the IAM `Administrators` [group](/identity-and-access-management/iam/concepts/#group). | ||
|
||
1. Follow the [following procedure](/identity-and-access-management/iam/how-to/invite-user-to-orga/) until step 3. | ||
2. Click the drop-down under **Add to an existing group** and add the users to the **Administrators** group. | ||
3. Click **Invite** to send the invitation. The user receives an email inviting them to accept your invitation. If they do not already have a Scaleway account, they will be prompted to [create one](/console/account/how-to/create-an-account/) first. | ||
4. The user will appear in the **Users** tab** once they have accepted the invitation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
meta: | ||
title: Audit Trail - How Tos | ||
description: Audit Trail How Tos | ||
content: | ||
h1: How Tos | ||
paragraph: Audit Trail How Tos | ||
--- |
30 changes: 30 additions & 0 deletions
30
identity-and-access-management/audit-trail/how-to/use-audit-trail.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
--- | ||
meta: | ||
title: How to use Audit Trail | ||
description: Learn to view and filter events in Scaleway's Audit Trail by region, date, project, method, and status for effective resource tracking. | ||
content: | ||
h1: How to use Audit Trail | ||
paragraph: Learn to view and filter events in Scaleway's Audit Trail by region, date, project, method, and status for effective resource tracking. | ||
tags: audit-trail events track filter | ||
dates: | ||
validation: 2024-11-28 | ||
posted: 2024-11-28 | ||
categories: | ||
- identity-and-access-management | ||
--- | ||
|
||
This page shows you how to see and filter events for your Scaleway resources in Audit Trail. | ||
|
||
## How to use Audit Trail | ||
|
||
1. Click **Audit Trail** in the **Security and Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu. | ||
2. Click the **Region** drop-down and select a region in which you have created resources integrated with Audit Trail. Your Audit Trail events display. | ||
3. Click the **Date range** field and select a date range to track events for. | ||
4. Click the **Project** drop-down and select the Scaleway Project containing the resources you want to track. | ||
5. Click the **Method** drop-down and select the API method you want to track events for. | ||
6. Click the **Status** drop-down and select either **200** or **403** to view successful or failed requests. | ||
7. Optionally, click **Reset** to reset the filter. | ||
|
||
<Message type="tip"> | ||
If no events display after you use the filter, check the [dedicated troubleshooting page](/identity-and-access-management/audit-trail/troubleshooting/cannot-see-events/) to solve the issue. | ||
</Message> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
--- | ||
meta: | ||
title: Audit Trail Documentation | ||
description: Dive into Scaleway Audit Trail with our quickstart guides, how-tos, and more. | ||
--- | ||
|
||
<ProductHeader | ||
productName="Audit Trail" | ||
productLogo="secretManager" | ||
description="Audit Trail allows you to keep track of the activity of your Scaleway resources." | ||
url="/identity-and-access-management/audit-trail/quickstart/" | ||
label="Audit Trail Quickstart" | ||
/> | ||
|
||
## Getting Started | ||
|
||
<Grid> | ||
<SummaryCard | ||
title="Quickstart" | ||
icon="rocket" | ||
description="Learn how to track user activity, access events, and system changes in a few steps." | ||
label="View Quickstart" | ||
url="/identity-and-access-management/audit-trail/quickstart/" | ||
/> | ||
<SummaryCard | ||
title="Concepts" | ||
icon="info" | ||
description="Core concepts that give you a better understanding of Audit Trail." | ||
label="View Concepts" | ||
url="/identity-and-access-management/audit-trail/concepts/" | ||
/> | ||
<SummaryCard | ||
title="How-Tos" | ||
icon="help-circle-outline" | ||
description="Learn how to use Audit Trail via the Scaleway console." | ||
label="View How-Tos" | ||
url="/identity-and-access-management/audit-trail/how-to/" | ||
/> | ||
<SummaryCard | ||
title="Additional Content" | ||
icon="book-open-outline" | ||
description="Check out in-depth information about Audit Trail." | ||
label="View Additional Content" | ||
url="/identity-and-access-management/audit-trail/reference-content/" | ||
/> | ||
</Grid> | ||
|
||
<ClickableBanner | ||
productLogo="cli" | ||
title="Audit Trail API" | ||
description="Manage Audit Trail using the Scaleway API." | ||
url="https://www.scaleway.com/en/developers/api/audit-trail/" | ||
label="Go to Audit Trail API" | ||
/> | ||
|
||
## Changelog | ||
|
||
<ChangelogList | ||
productName="audit-trail" | ||
numberOfChanges={3} | ||
/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
--- | ||
meta: | ||
title: Audit Trail - Quickstart | ||
description: Quickly set up and start using Scaleway’s Audit Trail. Follow steps to configure permissions and track events across regions and projects. | ||
content: | ||
h1: Audit Trail - Quickstart | ||
paragraph: Quickly set up and start using Scaleway’s Audit Trail. Follow steps to configure permissions and track events across regions and projects. | ||
dates: | ||
validation: 2024-11-28 | ||
posted: 2024-11-28 | ||
--- | ||
|
||
In this quickstart, we show you how to start using [Audit Trail](/identity-and-access-management/audit-trail/concepts/#audit-trail). | ||
|
||
<Macro id="requirements" /> | ||
|
||
- A Scaleway account logged into the [console](https://console.scaleway.com) | ||
- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization | ||
- Created [resources integrated with Audit Trail](/identity-and-access-management/audit-trail/reference-content/resource-integration-with-adt/) | ||
|
||
## How to configure the Audit Trail permission set | ||
|
||
To start using Audit Trail you need to configure permission sets in [IAM](/identity-and-access-management/iam/concepts/#iam). | ||
|
||
Refer to the [dedicated documentation page](/identity-and-access-management/audit-trail/how-to/configure-audit-trail-permissions/) to find out how. | ||
|
||
## How to use Audit Trail | ||
|
||
1. Click **Audit Trail** in the **Security and Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu. | ||
2. Click the **Region** drop-down and select a region in which you have created resources integrated with Audit Trail. Your Audit Trail events display. | ||
<Message type="note"> | ||
Audit Trail is not available in Poland. | ||
</Message> | ||
3. Click the **Date range** field and select a date range to track events for. | ||
4. Click the **Project** drop-down and select the Scaleway Project containing the resources you want to track. | ||
5. Click the **Method** drop-down and select the API method you want to track events for. | ||
6. Click the **Status** drop-down and select either **200** or **403** to view successful requests or denied access. | ||
7. Optionally, click **Reset** to reset the filter. | ||
|
||
<Message type="tip"> | ||
If no events display after you use the filter, try switching the region from the **Region** drop-down, or adjusting your search. Find out how to troubleshoot event issues in our [dedicated documentation](/identity-and-access-management/audit-trail/troubleshooting/cannot-see-events). | ||
</Message> | ||
|
||
|
||
|
72 changes: 72 additions & 0 deletions
72
...cess-management/audit-trail/reference-content/resource-integration-with-adt.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
--- | ||
meta: | ||
title: Audit Trail product integration | ||
description: Discover current and planned Scaleway product integrations with Audit Trail for event tracking. | ||
content: | ||
h1: Audit Trail product integration | ||
paragraph: Discover current and planned Scaleway product integrations with Audit Trail for event tracking. | ||
tags: audit-trail product-integration scaleway-resources | ||
dates: | ||
validation: 2024-11-28 | ||
posted: 2024-11-28 | ||
categories: | ||
- identity-and-access-management | ||
--- | ||
|
||
The following table provides details about the Scaleway products that are integrated with Audit Trail. | ||
|
||
## Product integration available | ||
|
||
| **Product Name** | **Audit Trail Integration** | | ||
|----------------------------|---------------------------------| | ||
| Secret Manager | **Integrated** | | ||
|
||
## Planned product integration | ||
|
||
The following table provides details about the Scaleway products that will be integrated with Audit Trail. | ||
|
||
|
||
| **Product Name** | **Audit Trail Integration** | | ||
|----------------------------|---------------------------------| | ||
| Kubernetes | **Not integrated yet** | | ||
| IAM | **Not integrated yet** | | ||
| Object Storage | **Not integrated yet** | | ||
| Billing | **Not integrated yet** | | ||
| Account | **Not integrated yet** | | ||
| Apple Silicon | **Not integrated yet** | | ||
| Block Storage | **Not integrated yet** | | ||
| Cockpit | **Not integrated yet** | | ||
| Container Registry | **Not integrated yet** | | ||
| Distributed Data Lab | **Not integrated yet** | | ||
| Domains and DNS | **Not integrated yet** | | ||
| Edge Services | **Not integrated yet** | | ||
| Elastic Metal | **Not integrated yet** | | ||
| Environmental Footprint | **Not integrated yet** | | ||
| Generative APIs | **Not integrated yet** | | ||
| GPU Instances | **Not integrated yet** | | ||
| Instances | **Not integrated yet** | | ||
| Instance Scaling Group | **Not integrated yet** | | ||
| InterLink | **Not integrated yet** | | ||
| IoT Hub | **Not integrated yet** | | ||
| IPAM | **Not integrated yet** | | ||
| Key Manager | **Not integrated yet** | | ||
| Labs | **Not integrated yet** | | ||
| Load Balancers | **Not integrated yet** | | ||
| Managed Databases | **Not integrated yet** | | ||
| Managed Inference | **Not integrated yet** | | ||
| NATS | **Not integrated yet** | | ||
| NFS | **Not integrated yet** | | ||
| Organizations and Projects | **Not integrated yet** | | ||
| Partners | **Not integrated yet** | | ||
| Private Networks | **Not integrated yet** | | ||
| Public Gateways | **Not integrated yet** | | ||
| Queues | **Not integrated yet** | | ||
| Serverless Containers | **Not integrated yet** | | ||
| Serverless Functions | **Not integrated yet** | | ||
| Serverless Jobs | **Not integrated yet** | | ||
| Serverless SQL Databases | **Not integrated yet** | | ||
| Service Catalog | **Not integrated yet** | | ||
| Topics and Events | **Not integrated yet** | | ||
| Transactional Email | **Not integrated yet** | | ||
| VPC | **Not integrated yet** | | ||
| Web Hosting | **Not integrated yet** | |
Oops, something went wrong.