mongodb audit logs in terraform

#996
Raw
Author
Anonymous
Created
Jan. 22, 2024, 7:53 p.m.
Expires
Never
Size
2.1 KB
Hits
124
Syntax
Terraform
Private
✗ No
resource "mongodbatlas_auditing" "developers_read_write" {
  enabled    = true
  project_id = module.atlas_project.id
  audit_authorization_success = true

  ## configure what gets audited: https://www.mongodb.com/docs/manual/tutorial/configure-audit-filters/
  ## summary: 
  ## 1- include only events from user with "adminAtlas" role performed on "admin" database
  ## 2- either keep CRUD operations (atype "authCheck")
  ## 3- or listed system audit events (atype {audited events})
  audit_filter = jsonencode({
    "$and" : [
      {
        "roles" : {
          "$elemMatch" : {
            "role" : "atlasAdmin",
            "db" : "admin"
          }
        }
      },
      {
        "$or" : [
          {
            "atype" : "authCheck",
            "param.command" : {
              "$in" : [
                "aggregate",
                "mapReduce",
                "delete",
                "eval",
                "findAndModify",
                "insert",
                "update",
                "resetError"
              ]
            }
          },
          {
            "atype" : {
              "$in" : [
                "createCollection",
                "createDatabase",
                "createIndex",
                "renameCollection",
                "dropCollection",
                "dropDatabase",
                "dropIndex",
                "createUser",
                "dropUser",
                "dropAllUsersFromDatabase",
                "updateUser",
                "grantRolesToUser",
                "revokeRolesFromUser",
                "createRole",
                "updateRole",
                "dropRole",
                "dropAllRolesFromDatabase",
                "grantRolesToRole",
                "revokeRolesFromRole",
                "grantPrivilegesToRole",
                "revokePrivilegesFromRole",
                "enableSharding",
                "shardCollection",
                "addShard",
                "removeShard",
                "shutdown",
                "applicationMessage"
              ]
            }
          }
        ]
      }
    ]
  })
}