HashiCorp Cloud Platform
Enable audit log streaming to Datadog
Public beta available
HCP audit log streaming is currently in beta. This documentation supports testing and development scenarios. Do not use this feature in secure production environments.
This page describes how to stream an organization’s HCP audit logs to Datadog, where you can review them. Enable audit log streaming from the HCP portal or use the HCP Terraform provider hcp_log_streaming_destination
resource.
Requirements
Whether you use the HCP UI or the Terraform provider, enabling audit log streaming requires an HCP user account with owner or admin permissions for an organization. For more information, refer to users.
Terraform provider method
To configure and enable audit logging streaming with Terraform instead of the HCP UI, the following software and provider versions are required.
- Terraform v1.1.5 or later. For the best experience, we recommend using the latest release.
- HashiCorp Cloud Platform (HCP) Provider version 0.86.0 or higher.
You must also configure the HCP provider to authenticate using an organizational-level service principal and service principal key. Refer to the Authenticate with HCP guide in the Terraform registry for more information.
Workflow
You can enable audit log streaming from HCP to Datadog using the dedicated HCP workflow. You also have the option to create and manage your organization's infrastructure using the HCP provider in the Terraform Registry.
Complete the following steps to enable audit log streaming:
- Outside of HCP, create a Datadog API and optional application key.
- Enable audit log streaming.
- View the audit logs
Create a Datadog API key
To enable audit log streaming to Datadog, you must configure the Terraform provider with an API key and optional application key that identifies your unique Datadog organization. You can create these keys in the Organization Settings in Datadog.
Refer to API and Application Keys in the Datadog documentation for more information.
Enable audit log streaming
To enable audit log streaming to Datadog, complete the following steps.
- Sign in to the HCP Portal.
- Select the organization you want to stream audit logs from.
- Click Audit log streaming.
- Click Create streaming destination.
- Select Datadog.
- Complete the required configuration fields:
- Destination name. This label appears in list of audit log streams for the HCP organization.
- API key. The value of your Datadog API key.
- Datadog site region. This value must match your Datadog dashboard's region.
- Click Test connection to generate a test log that HCP sends to Datadog.
- Click Save.
View the audit logs
To view audit logs, visit the Log Explorer on Datadog. You can search and filter logs from the HCP
service. You can also apply filters by HCP organization or product. Logs appear after you generate them.