Skip to main content

Enterprise Spinnaker Audit Logging

Jan 31, 2017 by Isaac Mosquera

Although Spinnaker is used to deploy applications, under the covers it’s actually doing something much more powerful: Spinning up, managing and destroying cloud infrastructure.

This means that each time a company uses Spinnaker to deploy an update to an app, it’s actually deploying new virtual machines on AWS (or GCP, or Azure, etc.). Not only does this immutable infrastructure approach enable tremendous benefits like blue/green deployments, phased/canary deployments, and the ability to quickly roll deployments back, but it also gives Spinnaker the ability to act as a “system of record,” tying specific infrastructure to its corresponding applications, and even tracking which users within the company kicked off those deployments, which Jira (or other tracking) tickets corresponded to the change, and when the change was made.

Out of the box, however, while Spinnaker provides a strong snapshot of what actions it’s taking in realtime, it does not keep an audit trail.

Armory Spinnaker takes the open source version of Spinnaker one step further, providing a strong audit trail capability that makes the full deployment history stored and query-able.

Here’s a demo of our CTO Isaac showing how Spinnaker is connected to Splunk, and what kind of reporting/auditing capabilities are provided.

Here’s the transcript:

Daniel: All right. Hey, guys. It’s DROdio with Armory. We are actually here at a hotel room to visit a customer, doing a little bit of work. Ben is going to talk about the problem that we’re solving. And then Isaac is going to dive in. So go ahead and kick it off, Ben.

Ben: A big problem that several companies have alerted us to is this concept of an audit trail or record-keeping. Because Spinnaker deploys infrastructure and it has a good sense of what’s in production, it can be used as a system of record. But there’s no easy way within Spinnaker today to see a full history of what was changed by who and when. And Isaac has just done some feature development to solve that.

Daniel: Yeah, let’s take a look, Isaac. Show us what you’ve got.

Isaac: Sure. Here you’re just looking at a regular Spinnaker instance. And I’ll be clicking around, just doing “real” work and deploying something to production. Here I’m baking an image. I can go here into this multi-cloud. And then make another change here. I will type my-aws-account. Now what’s happening is obviously, within Spinnaker, there’s a whole bunch of events being passed around. But it’s not easy to kind of see from the naked eye, as Ben was saying. And there’s not really kind of like a dashboard that’s accessible for you to easily search it. So what we did was we quickly built a server that would grab all the events that are inside of echo. And echo comes with web hooks available. So you could be a webserver of your own. And then we funnel these off into Splunk. So let’s take a look at Splunk now. And what you see is a few events that happened a couple of minutes ago, 17 events that happened just a minute ago. And with each event, echo is really, really good at giving you a ton of detail. So you have which server group was actually deployed or modified. In this case, it was 0009. And you can see here that corresponds to the server group that I did modify, 009. It gives you the credentials which account which region it was in, again, what server group in that particular region as server groups can be modified per region. We’re not using authentication. But if you are using OAuth, your user would be your username. So that would be there too. So which user did what, additional information, application config, down to how did everything look at the time of execution. What was the description, like a human description of the actual change? So resizing the server group from 2 to whatever. Which instance in Spinnaker actually executed that change? So there’s an immense amount of detail that you can go through here and search and be able to use for auditing purposes. And with something like Splunk or any other database, you’re able to kind of put together a report so that you can show anybody what happened when and where.

Daniel: And I imagine anyone watching this is going to be familiar with Splunk. But for [inaudible – 03:22] familiar with it. It’s a login tool that also has great dashboard. So I would it’d be pretty easy to [inaudible – 03:28] dashboard and be able to see in real time in a very visually pleasing format if somebody wanted to do that too. Awesome.

If you’re interested in learning more about Spinnaker or Armory Spinnaker, let us know, and we’ll be happy to chat with you. Thanks.

Learn More

Recently Published Posts

July 26, 2021
|
by Phebe Vickers

A day in the life of a TAM

I’ve been asked what a Technical Account Manager (TAM) does so I wanted to take the opportunity to illustrate it by walking through a standard day in the life. Before we can look at what a day in a life of a TAM is, I should provide some background in what is a TAM and […]

Read more

June 29, 2021
|
by Nikema Prophet

Nikema’s Spinnaker Summit 2021 Recap

My Second Spinnaker Summit is in the Books! Last week I attended and spoke at my second Spinnaker Summit. Like last year’s summit, it was fully virtual. This time Spinnaker Summit was co-located with cdCon and took place on the Hopin platform. Last year, I spoke on a panel about Black professionals a few months […]

Read more

June 28, 2021
|
by Stephen Atwell

Announcing General Availability of Armory Policy Engine Plugin

Armory Policy Engine provides support for automating policy compliance with Spinnaker. Policy Engine Plugin is the latest version of Policy Engine and adds support for both advanced role-based access control (RBAC) use-cases and open source Spinnaker. The release of Policy Engine Plugin comes with new documentation, including a library of example policies from across Armory’s […]

Read more