Enterprise Spinnaker Audit Logging

Jan 31, 2017 by Isaac Mosquera

Although Spinnaker is used to deploy applications, under the covers it’s actually doing something much more powerful: Spinning up, managing and destroying cloud infrastructure.

This means that each time a company uses Spinnaker to deploy an update to an app, it’s actually deploying new virtual machines on AWS (or GCP, or Azure, etc.). Not only does this immutable infrastructure approach enable tremendous benefits like blue/green deployments, phased/canary deployments, and the ability to quickly roll deployments back, but it also gives Spinnaker the ability to act as a “system of record,” tying specific infrastructure to its corresponding applications, and even tracking which users within the company kicked off those deployments, which Jira (or other tracking) tickets corresponded to the change, and when the change was made.

Out of the box, however, while Spinnaker provides a strong snapshot of what actions it’s taking in realtime, it does not keep an audit trail.

Armory Spinnaker takes the open source version of Spinnaker one step further, providing a strong audit trail capability that makes the full deployment history stored and query-able.

Here’s a demo of our CTO Isaac showing how Spinnaker is connected to Splunk, and what kind of reporting/auditing capabilities are provided.

Here’s the transcript:

Daniel: All right. Hey, guys. It’s DROdio with Armory. We are actually here at a hotel room to visit a customer, doing a little bit of work. Ben is going to talk about the problem that we’re solving. And then Isaac is going to dive in. So go ahead and kick it off, Ben.

Ben: A big problem that several companies have alerted us to is this concept of an audit trail or record-keeping. Because Spinnaker deploys infrastructure and it has a good sense of what’s in production, it can be used as a system of record. But there’s no easy way within Spinnaker today to see a full history of what was changed by who and when. And Isaac has just done some feature development to solve that.

Daniel: Yeah, let’s take a look, Isaac. Show us what you’ve got.

Isaac: Sure. Here you’re just looking at a regular Spinnaker instance. And I’ll be clicking around, just doing “real” work and deploying something to production. Here I’m baking an image. I can go here into this multi-cloud. And then make another change here. I will type my-aws-account. Now what’s happening is obviously, within Spinnaker, there’s a whole bunch of events being passed around. But it’s not easy to kind of see from the naked eye, as Ben was saying. And there’s not really kind of like a dashboard that’s accessible for you to easily search it. So what we did was we quickly built a server that would grab all the events that are inside of echo. And echo comes with web hooks available. So you could be a webserver of your own. And then we funnel these off into Splunk. So let’s take a look at Splunk now. And what you see is a few events that happened a couple of minutes ago, 17 events that happened just a minute ago. And with each event, echo is really, really good at giving you a ton of detail. So you have which server group was actually deployed or modified. In this case, it was 0009. And you can see here that corresponds to the server group that I did modify, 009. It gives you the credentials which account which region it was in, again, what server group in that particular region as server groups can be modified per region. We’re not using authentication. But if you are using OAuth, your user would be your username. So that would be there too. So which user did what, additional information, application config, down to how did everything look at the time of execution. What was the description, like a human description of the actual change? So resizing the server group from 2 to whatever. Which instance in Spinnaker actually executed that change? So there’s an immense amount of detail that you can go through here and search and be able to use for auditing purposes. And with something like Splunk or any other database, you’re able to kind of put together a report so that you can show anybody what happened when and where.

Daniel: And I imagine anyone watching this is going to be familiar with Splunk. But for [inaudible – 03:22] familiar with it. It’s a login tool that also has great dashboard. So I would it’d be pretty easy to [inaudible – 03:28] dashboard and be able to see in real time in a very visually pleasing format if somebody wanted to do that too. Awesome.

If you’re interested in learning more about Spinnaker or Armory Spinnaker, let us know, and we’ll be happy to chat with you. Thanks.

Learn More

Share this post:

Recently Published Posts

Navigating AWS Deployment Targets with Armory

Jan 20, 2023

Many organizations look to Amazon Web Services (AWS) to host and deploy their applications in the cloud. However, they’re finding that their deployment tooling, often built as an extension of their legacy continuous integration (CI), is one of the main impediments to adopting cloud services.  Custom-scripted production pipelines built with in-house tooling need to be […]

Read more

Release Roundup – January 2023

Jan 11, 2023

Get the latest product news on Continuous Deployment-as-a-Service and the most recent release for Continuous Deployment Self Hosted, 2.28.2. Welcome to 2023!  Just like every organization, Armory is looking for ways to improve our practices and deliver more value (and faster!) to you, our customers. That’s why our engineering team is working to deliver features, […]

Read more

Learn Continuous Deployment with Armory and Wilco

Jan 6, 2023

Armory is excited to announce we have launched an interactive, narrative-driven developer experience that teaches continuous deployment concepts. And now you can try it out for yourself! Wilco, also known as the “flight simulator” for software developers, allows companies to create engaging interactive developer challenges (called quests) that enable developers to acquire and practice skills […]

Read more