This feature is in Private Preview.
Astro audit logs record Astro control plane administrative activities and events. You can use the audit logs to determine who did what, where, and when. You can also use audit logs to ensure your organization is meeting its security and regulatory requirements. For example, you can use audit logs to determine when users were added to your organization or to individual Workspaces.
Available audit log data
The following categories of event data are available in the audit log:
- API events: The data generated by user actions in the Cloud UI, Astro CLI, or from internal processing actions in the Astro control plane.
- Airflow UI access: The data generated when users access the Airflow UI.
- Astronomer container registry access: The data generated when users access the Astronomer container registry with the Astro CLI.
The audit log file is provided as a JSON file. Every entry in the audit log file corresponds to an event, and event attributes provide additional information about the specific event.
The following table lists the common fields shared by all three categories of event data.
|A unique identifier that identifies the initiator of the request. The value can be user ID or an API key.|
|A unique identifier that identifies the subject of the request. The value can be |
|A unique identifier that identifies your organization. This is the value displayed in the Cloud UI Settings page.|
|The date and time the event occurred.|
|The IP address of the originating request.|
|The application used to make the request.|
|A unique identifier for the request.|
API event fields
The following table lists the fields that are unique to API events.
|The name of the API event. For example, |
|The type of client making the request. The values are |
|The input for the API request.|
|Raw graphQL for the event.|
The following table maps some common
operationName attributes to their corresponding
|The Organization is updated.|
|A new user is invited to an organization.|
|A user has accepted their invite to an organization.|
|A user is deleted from an organization.|
|A user is assigned a new role.|
|A user is removed from an organization.|
|A Workspace is created.|
|A Workspace is updated.|
|A Workspace is deleted.|
|A user is added to a Workspace, or a user role is updated.|
|A user is removed from a workspace.|
|A new Deployment is created.|
|A Deployment is updated.|
|A Deployment variable is updated.|
|An API key is created for a Deployment.|
|An API key is deleted for a Deployment.|
|The code for a Deployment is updated.|
Use your analytics or audit tool to view additional attribute mapping information.
Airflow UI access event fields
The following table lists the fields that are unique to Airflow UI access events.
|The URL for the canonical name record in the Airflow webserver that runs in the Astro control dataplane. For example, |
|The relative path of the page being accessed. For example, |
|The HTTP method for the request.|
Astronomer container registry access event fields
The following table lists the fields that are unique to Astronomer container registry access events.
|A unique identifier that identifies the Deployment on which the event occurred.|
|The path to the image in the registry.|
|The HTTP method for the request.|
Export audit logs
Audit logs are retained for 90 days. Organization Owner permissions are required to export audit logs.
In the Cloud UI, click the Settings tab.
Select the number days of audit data to export in the Audit Logs area and then click Export.
The extracted audit log data is saved as a JSON file in your
downloadsdirectory with the default filename
You can also export logs using the Astro CLI.
Run the following command to enable the feature:
astro config set -g beta.audit_logs true
Run the following command to export audit logs as a GZIP file to your current directory:
astro organization audit-logs --organization-name=<your-organization-name>