03-21-2023 06:19 AM
I've searched in the databricks provider and online and couldn't find out if it is possible to set the `Verbose Audit Logs` to `enabled` using Terraform. Can anybody clarify if it is possible?
03-27-2023 04:06 AM
I've searched and there is no such resource as `databricks_workspace_cluster_policy`
Rather this should work:
resource "databricks_cluster_policy" "audit_logs_policy" {
name = "Audit Logs Policy"
definition = jsonencode({
"audit_logs": {
"audit_enabled": true,
"audit_logs_level": "ALL"
"log_all_clusters": true,
"log_all_users": true,
}
})
}
output "audit_policy_id" {
value = databricks_cluster_policy.audit_logs_policy.id
}
This cluster policy will need to be applied to the cluster created inside the workspace.
03-22-2023 09:09 PM
@Nicholas Glen :
Yes, it is possible to enable verbose audit logs in Databricks Workspace Settings using Terraform.
You can use the databricks_workspace_cluster_policy resource to create or update a cluster policy that enables verbose audit logs. Here's an example code snippet:
resource "databricks_workspace_cluster_policy" "example_policy" {
policy_id = "example_policy"
policy_name = "Example Policy"
policy_json = jsonencode({
"audit_logs": {
"log_all_users": true,
"log_all_clusters": true,
"audit_enabled": true,
"audit_logs_level": "ALL"
}
})
}
In this example, we're creating a new cluster policy with the ID example_policy that enables verbose audit logs for all users and clusters. The policy_json field specifies the JSON representation of the policy, which is a nested object with an audit_logs field that contains the settings for audit logging.
You can then attach this policy to a workspace by using the databricks_workspace_resource
resource with the policy field set to the ID of the policy:
resource "databricks_workspace_resource" "example_workspace" {
name = "example_workspace"
path = "/"
policy {
policy_id = databricks_workspace_cluster_policy.example_policy.policy_id
}
}
This attaches the example_policy policy to the workspace with the name example_workspace.
Note that enabling verbose audit logs can generate a large amount of log data, so make sure you have adequate storage and log management in place.
03-27-2023 04:06 AM
I've searched and there is no such resource as `databricks_workspace_cluster_policy`
Rather this should work:
resource "databricks_cluster_policy" "audit_logs_policy" {
name = "Audit Logs Policy"
definition = jsonencode({
"audit_logs": {
"audit_enabled": true,
"audit_logs_level": "ALL"
"log_all_clusters": true,
"log_all_users": true,
}
})
}
output "audit_policy_id" {
value = databricks_cluster_policy.audit_logs_policy.id
}
This cluster policy will need to be applied to the cluster created inside the workspace.
03-26-2023 09:58 PM
Hi @Nicholas Glen
Thank you for posting your question in our community!
To assist you better, please take a moment to review the answer and let me know if it best fits your needs.
Please help us select the best solution by clicking on "Select As Best" if it does.
Your feedback will help us ensure that we are providing the best possible service to you. Thank you!
09-21-2023 07:26 PM
The switch you're looking for is enableVerboseAuditLogs in databricks_workspace_conf
resource: {
databricks_workspace_conf: {
this: {
custom_config: {
enableIpAccessLists: true,
enableVerboseAuditLogs: true,
},
},
},
Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections.
Click here to register and join today!
Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.