configuring mongodb atlas audit filter in terraform

#989
Raw
Author
Anonymous
Created
Jan. 18, 2024, 8:05 p.m.
Expires
Never
Size
1.3 KB
Hits
118
Syntax
Terraform
Private
✗ No
resource "mongodbatlas_auditing" "this" {
  enabled    = true
  project_id = module.atlas_project.id

  ## configure what gets audited: https://www.mongodb.com/docs/manual/tutorial/configure-audit-filters/
  audit_filter = jsonencode({ "$and" : [{
    "$or" : [
      {
        "atype" : "authCheck",
        "param.command" : {
          "$in" : [
            "aggregate",
            "mapReduce",
            "delete",
            "eval",
            "findAndModify",
            "insert",
            "update",
            "resetError"
          ]
        }
      },
      {
        "atype" : {
          "$in" : [
            "createCollection",
            "createDatabase",
            "createIndex",
            "renameCollection",
            "dropCollection",
            "dropDatabase",
            "dropIndex",
            "createUser",
            "dropUser",
            "dropAllUsersFromDatabase"
          ]
        }
      }
    ]
    }]
  })

  # warning: enabling this feature impacts performance negatively
  # To capture read and write operations in the audit, you must also enable the 
  # audit system to log authorization successes using the auditAuthorizationSuccess parameter. 
  audit_authorization_success = true
}