Yandex Audit Trails overview
Yandex Audit Trails lets you collect audit logs of Yandex Cloud resources and upload them to a Object Storage bucket or Cloud Logging log group:
- Uploading audit logs to a bucket.
- Uploading audit logs to Cloud Logging.
- Uploading audit logs to a data stream.
Collecting audit logs lets you use analytical tools and rapidly respond to events that occur to Yandex Cloud services:
- Searching audit logs in a bucket.
- Searching audit logs in a log group.
- Exporting audit logs to SIEM systems.
- Alert settings in Yandex Monitoring.
Yandex Cloud services whose audit logs are collected by Audit Trails:
- Yandex Application Load Balancer
- Yandex Audit Trails
- Yandex Certificate Manager
- Yandex Cloud DNS
- Yandex Cloud Logging
- Yandex Compute Cloud
- Yandex Identity and Access Management
- Yandex Key Management Service
- Yandex Lockbox
- Yandex Managed Service for ClickHouse
- Yandex Managed Service for GitLab
- Yandex Managed Service for MongoDB
- Managed Service for Kubernetes
- Yandex Managed Service for MySQL
- Yandex Managed Service for PostgreSQL
- Yandex Managed Service for Redis
- Yandex Network Load Balancer
- Yandex Object Storage
- Yandex Cloud Organization
- Yandex Resource Manager
- Yandex Virtual Private Cloud
- Yandex Managed Service for YDB
- Yandex Query
The following events are logged:
- Logins by federated users.
- Creating/deleting service accounts.
- Creating/deleting keys of service accounts.
- Editing user roles and service accounts.
- Creating/deleting resources.
- Editing resource settings.
- Stopping/restarting a resource.
- Changing access policies.
- Creating/editing security groups.
- Actions with encryption keys and secrets.
Current service limits
The audit log doesn't capture authentication errors. For example, if a user makes an API call without an IAM token, this information will not be included in the audit logs.
The log captures authorization errors. For example, if a user attempts to create a resource without sufficient privileges, the log will include an error message.
The service has quotas and limits.
If you upload audit logs to a log group or a data stream, make sure their size is both within the Audit Trails limits and the Yandex Cloud Logging and Yandex Data Streams limits. If the limits are exceeded, information in event audit logs that are large in size will be incomplete.
We also recommend uploading audit logs to the Object Storage bucket.
Note
The retention period of audit logs in a trail with the error status is limited. There is no guarantee that logs that are older than 28 days will be delivered once the trail returns to the active status.