Skip to content
Products
Platform
Developer Tools
Portal

Understand STACKIT Audit Log

Last updated on

The STACKIT Audit Log is a centralized service that records administrative and access events across your cloud products. Use these logs for compliance and security monitoring to track infrastructure changes.

The system records every action taken by users, service accounts, or the STACKIT platform. This helps you answer these key questions:

  • What happened? (Event name)

  • When did it happen? (Timestamp)

  • Who started it? (Initiator)

  • Where did it occur? (Target organization or project)

Service coverage

Section titled “Service coverage”

Most managed services in STACKIT generate audit events when a user or system modifies a resource.

CategorySpecific products or servicesExamples of logged events
Compute & RuntimeSTACKIT Kubernetes Engine (SKE), Compute EngineCreating or deleting clusters, scaling VM instances, or changing firewall rules.
DatabasesPostgreSQL Flex, MongoDB Flex, MariaDB, SQLServer Flex, RedisCreating database instances, manual backups, or changing access credentials.
Security & IdentitySTACKIT IAM, KMS, Secrets ManagerRole assignments (RBAC), rotating keys, or creating service accounts.
StorageObject Storage, Block StorageCreating buckets, changing access permissions (ACLs), or deleting volumes.
NetworkLoad Balancer, DNSCreating listeners, updating DNS records, or modifying ingress rules.
ManagementResource Manager, BillingCreating or deleting projects, and changing billing account details.

Core platform events

Section titled “Core platform events”

The STACKIT Audit Log captures events from the following STACKIT platform services:

  • Membership service: Track when you add, remove, or update memberships at the organization, folder, and project levels.

  • Resource Manager: Monitor the creation, deletion, or update of organizations, folders, and projects.

  • Service Account service: View events for creating or deleting service accounts, as well as creating or revoking access tokens.

Use Cases

Section titled “Use Cases”

  • Default visibility: Admin activities are recorded by default. You do not need to set this up manually. You can view, search, and download your history for 90 days via the Audit Log API or the STACKIT Portal.

  • Regulatory compliance: The service provides a security-relevant set of records to document your sequence of actions for auditors.

  • Complete history: The log collects activities from both human users and automated system tasks within the STACKIT platform.

Functions

Section titled “Functions”

  • Improve traceability: Trace changes to identify who performed an action and when. This provides transparency for your entire team.

  • Support governance: Meet compliance regulations by keeping audit trails that prove you followed specific security policies.

  • Resolve problems: Troubleshoot system issues by tracking the progression of events to find a root cause.

  • Optimize performance: Use log insights to identify bottlenecks or inefficient manual processes that you could automate.