Access to audit events of UAA (User Account and authentication) events in Swisscom cloud

Question

Is it possible to get access to events generated by User Account and Authentication (UAA) server in the context of Swisscom Application Cloud?

It is essential for me, to be able to have an audit trail of actions executed by authorised operators through the API (that would include cli and portal).

What I am looking for is an alternative of AWS CloudTrail for IAM module, that you can turn on for specific VPCs / regions there.

I have found this in the CF documentation (https://docs.cloudfoundry.org/loggregator/cc-uaa-logging.html) but that (as far as I understand it) requires infrastructure level access.

Thanks a lot for any hints.

Answer 1

We can't expose UAA logs to individual customers since it contains probably sensitive information about other users or the platform.

You should be able to retrieve the logs of your application in the application logs (which you can send to a syslog drain, i.e. the ELK/Elasticsearch service).

All API interactions should be covered by this log stream, according to the documentation:

Users make API calls to request changes in app state. Cloud Controller, the Cloud Foundry component responsible for the API, logs the actions that Cloud Controller takes in response.

For example:

2016-06-14T14:10:05.36-0700 [API/0]      OUT Updated app with guid cdabc600-0b73-48e1-b7d2-26af2c63f933 ({"name"=>"spring-music", "instances"=>1, "memory"=>512, "environment_json"=>"PRIVATE DATA HIDDEN"})

From https://docs.cloudfoundry.org/devguide/deploy-apps/streaming-logs.html