โ03-21-2023 06:19 AM
I've searched in the databricks provider and online and couldn't find out if it is possible to set the `Verbose Audit Logs` to `enabled` using Terraform. Can anybody clarify if it is possible?
โ03-27-2023 04:06 AM
I've searched and there is no such resource as `databricks_workspace_cluster_policy`
Rather this should work:
resource "databricks_cluster_policy" "audit_logs_policy" {
name = "Audit Logs Policy"
definition = jsonencode({
"audit_logs": {
"audit_enabled": true,
"audit_logs_level": "ALL"
"log_all_clusters": true,
"log_all_users": true,
}
})
}
output "audit_policy_id" {
value = databricks_cluster_policy.audit_logs_policy.id
}
This cluster policy will need to be applied to the cluster created inside the workspace.
โ03-22-2023 09:09 PM
@Nicholas Glenโ :
Yes, it is possible to enable verbose audit logs in Databricks Workspace Settings using Terraform.
You can use the databricks_workspace_cluster_policy resource to create or update a cluster policy that enables verbose audit logs. Here's an example code snippet:
resource "databricks_workspace_cluster_policy" "example_policy" {
policy_id = "example_policy"
policy_name = "Example Policy"
policy_json = jsonencode({
"audit_logs": {
"log_all_users": true,
"log_all_clusters": true,
"audit_enabled": true,
"audit_logs_level": "ALL"
}
})
}
In this example, we're creating a new cluster policy with the ID example_policy that enables verbose audit logs for all users and clusters. The policy_json field specifies the JSON representation of the policy, which is a nested object with an audit_logs field that contains the settings for audit logging.
You can then attach this policy to a workspace by using the databricks_workspace_resource
resource with the policy field set to the ID of the policy:
resource "databricks_workspace_resource" "example_workspace" {
name = "example_workspace"
path = "/"
policy {
policy_id = databricks_workspace_cluster_policy.example_policy.policy_id
}
}
This attaches the example_policy policy to the workspace with the name example_workspace.
Note that enabling verbose audit logs can generate a large amount of log data, so make sure you have adequate storage and log management in place.
โ03-27-2023 04:06 AM
I've searched and there is no such resource as `databricks_workspace_cluster_policy`
Rather this should work:
resource "databricks_cluster_policy" "audit_logs_policy" {
name = "Audit Logs Policy"
definition = jsonencode({
"audit_logs": {
"audit_enabled": true,
"audit_logs_level": "ALL"
"log_all_clusters": true,
"log_all_users": true,
}
})
}
output "audit_policy_id" {
value = databricks_cluster_policy.audit_logs_policy.id
}
This cluster policy will need to be applied to the cluster created inside the workspace.
โ03-26-2023 09:58 PM
Hi @Nicholas Glenโ
Thank you for posting your question in our community!
To assist you better, please take a moment to review the answer and let me know if it best fits your needs.
Please help us select the best solution by clicking on "Select As Best" if it does.
Your feedback will help us ensure that we are providing the best possible service to you. Thank you!
โ09-21-2023 07:26 PM
The switch you're looking for is enableVerboseAuditLogs in databricks_workspace_conf
resource: {
databricks_workspace_conf: {
this: {
custom_config: {
enableIpAccessLists: true,
enableVerboseAuditLogs: true,
},
},
},
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโt want to miss the chance to attend and share knowledge.
If there isnโt a group near you, start one and help create a community that brings people together.
Request a New Group