This is an optional step that seeks to simplify your usage of the Audit Trail API.
Audit Trail API
Introduction
Scaleway Audit Trail is a tool that holds a record of events and changes performed within a Scaleway Organization. It helps you ensure accountability and security by recording activity across all your resources (identity of the principal, date of activity, source IP address, API method used, and status of the request).
You can use Audit Trail for troubleshooting, compliance verification, and analysis in the event of a breach.
Concepts
Refer to our dedicated concepts page to find definitions of the different terms referring to Audit Trail.
Quickstart
To start using Audit Trail you need to configure the AuditTrailReadOnly
or the OrganizationManager
permission sets in IAM.
The OrganizationManager
permission set is included in the Administrator
group which is created by default whenever a new Organization is created.
The scope of these permission sets is at Organization level.
-
Configure your environment variables.
Noteexport ACCESS_KEY="<access-key>"export SECRET_KEY="<secret-key>"export REGION="<region>" -
Create an IAM policy. Replace the parameter values in the request payload with the details of your principal.
curl -X POST \-H "Content-Type: application/json" \-H "X-Auth-Token: $SCW_SECRET_KEY" https://api.scaleway.com/iam/v1alpha1/policies \-d '{"name": "policy-audit-trail","description": "This policy grants read access to Audit Trail in my Organization to the user matching the userID defined below","organization_id": "123e4567-e89b-12d3-a456-426614174000","rules": [{"permission_set_names": ["AuditTrailReadOnly"],"organization_id": "123e4567-e89b-12d3-a456-426614174000"}],"user_id": "987f6543-21ba-43dc-b678-567812345678"}'Parameter Description name
REQUIRED The name of your new policy description
The description of your policy organization_id
The ID of your Scaleway Organization rules
The rules of your policy permission_set_names
The permission sets you want to grant. You can either list all permission sets using the IAM API or find a complete list in the permission sets documentation page organization_id
The ID of the Scaleway Organization where you want your permission sets to apply. You can add one as the scope of your policy user_id
The ID of the user you are granting access to NoteTo learn more about IAM policies, refer to our dedicated IAM policies reference page.
-
Run the following command to retrieve the list of Scaleway products for which you have Audit Trail events.
curl --request GET \--url https://api.scaleway.com/audit-trail/v1alpha1/$REGION/fr-par/products \--header "X-Auth-Token: $SCW_SECRET_KEY" -
Run the following command to list your Audit Trail events.
curl --request GET \--url "https://api.scaleway.com/audit-trail/v1alpha1/regions/$REGION/events?organization_id=123e4567-e89b-12d3-a456-426614174000" \--header "X-Auth-Token: $SCW_SECRET_KEY"NoteOnly events that happened within the last hour will be returned in the output. If no events appear, make sure that you have created Scaleway resources in the targeted region. Find out more about troubleshooting Audit Trail issues in our dedidcated documentation.
- You have your Organization and your Project ID
- You have created an API key
- You have installed
curl
- You have created an API key and that the API key has sufficient IAM permissions to perform the actions described on this page
- You have created Scaleway products integrated with Audit Trail
Technical information
Regions
Scaleway's infrastructure spans different regions and Availability Zones.
Audit Trail is available in the Paris, and Amsterdam regions, which are represented by the following path parameters:
- fr-par
- nl-ams
Technical limitations
Audit Trail is only integrated with Secret Manager. Find out about product integration with Audit Trail in our dedicated documentation.
Going further
For more information about Audit Trail, you can check out the following pages:
- Audit Trail Documentation
- Scaleway Slack Community join the #audit-trail channel
- Contact our support team.