Skip to content

Latest commit

 

History

History
93 lines (64 loc) · 4.08 KB

auditing.md

File metadata and controls

93 lines (64 loc) · 4.08 KB
description
Set up features for auditing and view auditing reports and logs

Auditing

The DuploCloud Portal provides a comprehensive audit trail, including reports and logs, for security and compliance purposes. Using the Show Audit Records for list box, you can display real-time audit data for:

  • Auth (Authentications)
  • Admin (Administrators)
  • Tenants (DuploCloud Tenants)
  • Compliance (such as HIPAA, SOC 2, and HIGHTRUST, among others)
  • Kat-Kit (DuploCloud's CI/CD Tool)

The Audit page with Admin audit records selected using the Show Audit Records for list box

The Audit page with audit records selected for the DEV01 Tenant

Enabling Audit

  1. In the DuploCloud Portal, navigate to Administrator -> Observability -> Settings, and select the Audit tab. The Audit page displays.
  2. Click the Enable Audit link.

Enable Audit link on the Audit page

Viewing detailed auditing diagnostics

To view complete auditing reports and logs, navigate to the Observability -> Audit page in the DuploCloud Portal.

Audit page in the DuploCloud Portal

Configuring a custom S3 bucket for auditing in another AWS account

You can create an S3 bucket for auditing in another account, other than the DuploCloud Master Account.

Prerequisites

  1. Verify that the S3 bucket exists in another account, and note the bucket name. In this example, we assume a BUCKET_REGION of us-west-2 and a BUCKET name of audit-s2-bucket-another-account.
  2. Ensure that your S3 bucket has Duplo Master permission to access the S3:PutObject. Refer to the code snippet below for an example.
{
  "Version": "2012-10-17",
  "Statement": [
  {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::accountid:role/duplomaster"
            },
            "Action": "S3:PutObject",
            "Resource": [
                "arn:aws:s3:::arn:aws:s3:::bucknetname/*",
                "arn:aws:s3:::arn:aws:s3:::bucketname"
            ]
        }
  ]
}

Configuring S3 bucket region and bucket name

  1. In the DuploCloud Portal, navigate to Administrator -> System Settings.
  2. Click the System Config tab.

Configuring the S3 Bucket Region

Continuing the example above, configure the S3BUCKET_REGION.

  1. Click Add. The Add Config pane displays.
  2. From the Config Type list box, select AppConfig.
  3. in the Key list box, enter DUPLO_AUDIT_S3BUCKET_REGION.
  4. In the Value field, enter us-west-2.
  5. Click Submit.

Configuring Bucket Name

Continuing the example above, configure the S3BUCKET name.

  1. Click Add. The Add Config pane displays.
  2. From the Config Type list box, select AppConfig.
  3. in the Key list box, enter DUPLO_AUDIT_S3BUCKET.
  4. In the Value field, enter audit-s2-bucket-another-account.
  5. Click Submit.

Your S3 bucket region and name configurations are displayed in the System Config tab. View details on the Audit page in the DuploCloud Portal.

System Config tab with AppConfigs for S3 bucket region and name

{% hint style="info" %} Contact your DuploCloud Support team if you have additional questions or issues. {% endhint %}