Reputation: 91
How to log and audit Azure Functions code and configuration changes
How can code and configuration changes to Azure Functions be logged and audited? I'm trying to create ways to track and guard against malicious insiders making unauthorized changes to the functionality of Azure Functions. In AWS I can create a CloudTrail trail that logs all write events to Lambda functions and write them to an S3 bucket; the Events are also visible in the Event history section of the CloudTrail console. However, I can't seem to find a way to do something similar for Azure Functions, especially in Azure Stack. I've scoured the Activity Log and the Monitor to no avail. Any help or ideas would be greatly appreciated. Thanks!
Upvotes: 1
Views: 1328
Answers (1)
Reputation: 441
Azure has a new feature called Change Analysis https://aka.ms/changeanalysis
If you are logged in you probably can go directly here https://portal.azure.com/?feature.customportal=false#blade/Microsoft_Azure_ChangeAnalysis/ChangeAnalysisBladeV2
This feature is also incorporated into the activity log and you can view the changes that were done. The only issue is it's only for 14 days. They are working on creating allowing export to Log Analytics so it could go back further.
You can create alerts on the activity log. The updates you are referring too should trigger an activity log
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-alerts
Upvotes: 3
Related Questions
- Save Azure Functions invocation Traces in files
- How can I access my Azure Functions' logs?
- Azure Function Logs Location Locally
- What is the simplest way to set up logging for an azure function?
- Azure Functions Logging
- Azure Function & Container Audit
- How to do logging in azure functions and api management
- Application Insight Logging for Azure Functions in C#
- Monitor local Azure Functions?
- Azure function logging doesn't appear to be working