In case something bad happened, it is crucible to be able to (verifiably) reconstruct what happened, especially who did what.

Enable Audit Log signing in Airlock IAM (disabled by default):

  • Use different key material for audit logging for different stages (test, acceptance, production): individual audit log key material is automatically generated when creating an IAM instance using the instance manager.
  • Do not copy the audit log configuration from test environments to the production environments
  • Protect the audit log configuration (including the private key for signing) as much as possible (ownership, permissions, restrict access to IAM host)
  • Regularly store the audit log files in a safe place (e.g. a log server)

See Logging configuration for further information.

Use personal admin accounts in IAM Adminapp:

  • Do not use a shared "admin" account in productive systems
  • Create a personal Adminapp account for each administrator / help desk user, so his/her name is logged to the audit log.

Enable web server access logs:

See Logging configuration to see how to enable access logs in IAM.