Skip to content

Commit

Permalink
adding self-hosting and auditing pages to ESC docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@interurban
interurban committed Feb 28, 2025
1 parent f7a6b37 commit a592d18
Show file tree
Hide file tree
Showing 4 changed files with 111 additions and 0 deletions.
17 changes: 17 additions & 0 deletions content/docs/esc/administration/_index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
title: Administration
title_tag: Pulumi ESC administration
meta_desc: Learn about managing Pulumi ESC organizations, self-hosting options, audit logs, and identity and access management features.
menu:
esc:
parent: esc-home
identifier: pulumi-esc-admin
weight: 9
---

Pulumi ESC is built upon [Pulumi Cloud](/docs/pulumi-cloud/), our managed cloud service for individuals and teams that allows you to manage and secure infrastructure at scale. Learn how to configure organizations, monitor audit logs, manage identity and access and enable self-hosting.

- [Pulumi Cloud organizations](/docs/pulumi-cloud/admin/organizations/): Set up and manage organizations for team collaboration and secrets and configuration management.
- [Audit logs](/docs/esc/administration/audit-logs/): Access and configure audit logs to track activities and ensure compliance.
- [Identity and access management](/docs/pulumi-cloud/access-management/): Control access to resources with identity and access management.
- [Self-hosting Pulumi ESC](/docs/esc/administration/self-hosting/): Explore how to self-host ESC and Pulumi Cloud to meet your organization’s specific needs.
73 changes: 73 additions & 0 deletions content/docs/esc/administration/audit-logs.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
---
title_tag: Audit Logs | Pulumi ESC
meta_desc: Pulumi ESC audit logs allow you to account for user activity within your organization.
title: Audit Logs
h1: Pulumi ESC audit logs
meta_image: /images/docs/meta-images/docs-meta.png
menu:
esc:
name: Audit Logs
parent: pulumi-esc-admin
weight: 1
---

{{% notes "info" %}}
Audit Logs are available to organizations using the Enterprise and Business Critical editions.
To learn more about editions, visit the [pricing page](/pricing/).
{{% /notes %}}

Audit logs enable you to track the activity of users within your ESC environments. Logs are immutable and record all user activity, providing critical visibility for security and compliance in your organization.

ESC audit logs allow you to:

- Monitor who accessed or modified secrets
- Track environment creation and configuration changes
- Ensure compliance with security policies
- Provide attributable records for security forensics

All ESC activities are recorded in Pulumi Cloud audit log system, capturing the timestamp, user identity, specific action taken, and source IP address for each event. You can download a CSV format or use Pulumi Cloud REST for exporting audit log events.

## View Audit Logs

To view audit logs as an organization admin:

1. Navigate to the organization's **Settings** tab.
1. Navigate to **Audit Logs** tab.

This will show the most recent events in descending order. You can also filter logs by a particular user by selecting their profile picture.

![View ESC audit logs in the ESC console](/docs/esc/assets/pulumi-view-audit-logs.png)

## ESC audit log events

| Event | Description |
|--------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Environment Created | indicates the creation of an environment |
| Environment Updated | indicates the updating of an environment |
| Environment Deleted | indicates the deletion of an environment |
| Environment Open | indicates the opening of an environment |
| Environment Read | indicates the reading of an open environment |
| Environment Read Open | indicates the opening and reading of an environment |
| Environment Unauthorized Open | indicates the attempt to open an environment the user does not have permission to |
| Environment Tag Created | indicates the creation of an environment tag |
| Environment Tag Updated | indicates the updating of an environment tag |
| Environment Tag Deleted | indicates the deletion of an environment tag |
| Environment Version Retracted | indicates the retracting of an environment version |
| Environment Version Tag Open | indicates the opening of an environment at a specific version tag |
| Environment Version Tag Created | indicates the creation of an environment version tag |
| Environment Version Tag Read | indicates the reading of an environment version tag |
| Environment Version Tag Update | indicates the updating of an environment version tag |
| Environment Version Tag Delete | indicates the deletion of an environment version tag |
| Environment Decrypted | indicates the decryption of an environment |
| Environment Clone | indicates the cloning of an environment |
| Environment Restored | indicates the restoring of an environment |
| Environment Schedule Created | indicates the creation of an environment schedule |
| Environment Schedule Updated | indicates the updating of an environment schedule |
| Environment Schedule Deleted | indicates the deletion of an environment schedule |
| Environment Rotated | indicates the rotation of secrets in an environment |

For a full list of Pulumi Cloud audit log events see the [Pulumi Cloud audit logs](/docs/pulumi-cloud/admin/audit-logs/) documentation.

## Automating and manually exporting logs

Pulumi ESC leverages the same audit log infrastructure as the Pulumi Cloud platform. For detailed information on exporting, and managing audit logs, see the [Pulumi Cloud Audit Logs](/docs/pulumi-cloud/admin/audit-logs/) documentation.
21 changes: 21 additions & 0 deletions content/docs/esc/administration/self-hosting.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
title_tag: "Self-hosting the Pulumi ESC"
meta_desc: Pulumi Business Critical Edition gives you the option to self-host Pulumi within your organization's infrastructure.
title: Self-hosting
h1: Self-hosting Pulumi ESC
meta_image: /images/docs/meta-images/docs-meta.png
menu:
esc:
parent: pulumi-esc-admin
weight: 2
---

{{% notes type="info" %}}
Self-hosting is only available with **Pulumi Business Critical**. If you would like to evaluate the self-hosted Pulumi Cloud with ESC, sign up for the [30-day trial](/product/self-hosted#self-hosted-trial) or [contact us](/contact/).
{{% /notes %}}

Pulumi ESC, as part of the fully managed Pulumi Cloud service, provides secrets and configuration management capabilities without the overhead of infrastructure management. As a managed service, Pulumi handles all aspects of availability, scaling, and maintenance.

The self-hosted version of ESC provides the same secrets and configuration management capabilities as the managed service. While self-hosting requires that your organization manages deployment, data backups, and keeping the service running and up to date, it allows you to run ESC fully within your own environment.

For comprehensive information about self-hosting the Pulumi ESC, please refer to the [Self-hosting the Pulumi Cloud](/docs/pulumi-cloud/admin/self-hosted/) documentation, which provides an overview of the deployment topology, step-by-step deployment instructions and maintenance and upgrade procedures.
Binary file added content/docs/esc/assets/pulumi-view-audit-logs.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit a592d18

Please sign in to comment.