In case something bad happened, it is crucible to be able to (verifiably) reconstruct what happened, especially who did what.
Enable Audit Log signing in Airlock IAM (disabled by default):
- Use different key material for audit logging for different stages (test, acceptance, production): individual audit log key material is automatically generated when creating an IAM instance using the instance manager.
- Do not copy the audit log configuration from test environments to the production environments
- Protect the audit log configuration (including the private key for signing) as much as possible (ownership, permissions, restrict access to IAM host)
- Regularly store the audit log files in a safe place (e.g. a log server)
See Logging configuration for further information.
Use personal admin accounts in IAM Adminapp:
- Do not use a shared "admin" account in productive systems
- Create a personal Adminapp account for each administrator / help desk user, so his/her name is logged to the audit log.
Enable web server access logs:
See Logging configuration to see how to enable access logs in IAM.