Yandex Audit Trails overview
Written by
Yandex Audit Trails lets you collect audit logs of Yandex Cloud resources and upload them to a Object Storage bucket or Cloud Logging log group:
- Uploading audit logs to a bucket.
- Uploading audit logs to Cloud Logging.
- Uploading audit logs to a data stream.
Collecting audit logs lets you use analytical tools and rapidly respond to events that occur to Yandex Cloud services:
- Searching audit logs in a bucket.
- Searching audit logs in a log group.
- Exporting audit logs to SIEM systems.
- Alert settings in Yandex Monitoring.
Yandex Cloud services whose audit logs are collected by Audit Trails:
- Yandex Audit Trails
- Yandex Certificate Manager
- Yandex Cloud Logging
- Yandex Compute Cloud
- Yandex Identity and Access Management
- Yandex Key Management Service
- Yandex Lockbox
- Yandex Managed Service for ClickHouse
- Yandex Managed Service for GitLab
- Yandex Managed Service for MongoDB
- Yandex Managed Service for MySQL
- Yandex Managed Service for PostgreSQL
- Yandex Managed Service for Redis
- Yandex Network Load Balancer
- Yandex Object Storage
- Yandex Cloud Organization
- Yandex Resource Manager
- Yandex Virtual Private Cloud
- Yandex Managed Service for YDB
The following events are logged:
- Logins by federated users.
- Creating/deleting service accounts.
- Creating/deleting keys of service accounts.
- Editing user roles and service accounts.
- Creating/deleting resources.
- Editing resource settings.
- Stopping/restarting a resource.
- Changing access policies.
- Creating/editing security groups.
- Actions with encryption keys and secrets.
Current service limits
The audit log doesn't capture authentication errors. For example, if a user makes an API call without an IAM token, this information will not be included in the audit logs.
The log captures authorization errors. For example, if a user attempts to create a resource without sufficient privileges, the log will include an error message.
The service also has quotas and limits.