Access Control Logs

In this guide, you will:

  • Learn how to retrieve and analyze access logs to investigate control failures in the Guardrails console.

Controls enforce policies that maintain cloud resource compliance and the proper functioning of Guardrails. Healthy controls in OK, Alarm, or Skipped states signify a stable environment. However, when errors occur, logs offer a valuable source of information to diagnose and resolve issues effectively.

Control logs are essential for tracking activities and operations within a Guardrails-managed environment. They provide detailed insights into changes, access attempts, and failures, enabling you to identify the root causes of control issues. By analyzing these logs, you can gain a deeper understanding of control failures, take corrective actions, or share the necessary details with the product support team to ensure operational efficiency.

Prerequisites

  • Turbot/Operator permissions at the Turbot resource level.
  • Familiarity with the Guardrails console.

Step 1: Login to Guardrails Console

Log in to the Guardrails console.

Step 2: Navigate to Control

Navigate to the control page to inspect the failure details. Select VIEW LOG.

Note

Handling... signifies the control is in the execution state. You can still view the logs by selecting VIEW LOG. This example demonstrates a control in the ERROR state. However, logs can be viewed for analysis at any state of the control.

Step 3: Select Log Level

From the Level: dropdown filter, choose Debug and above.

Step 4: Copy Logs

Select the Copy to clipboard button and save the logs in a .txt file.

Important

If debug logs are unavailable, rerun the control to generate the logs. Refer Step 5 based on need.

Step 5: Rerun Control

If the logs are incomplete or display Internal Error, rerun the control to generate a fresh log.

Support

If you encounter any issues, please Open a Support Ticket and attach the relevant information to assist you more efficiently:

  • The .txt file containing the copied control failure logs.
  • A screenshot of the control.