Back to Blog

Auditing Your Team's Agility

By Noah Zoschke -

The goal of the cloud is to reduce the time it takes to get an idea, bug fix or security update live.

If you’re using modern DevOps tools like Convox, many of the big time wasters are solved:

  • An engineer can start and change the app in seconds with convox start

  • They can ship a patch to GitHub → CircleCI → Production → Slack Notification with Convox Integrations

  • They can scale the service with convox scale

  • They can apply infrastructure security updates with convox rack update

  • They can debug the live app with convox exec

  • They can inspect the app’s private database with convox proxy

A surprising new challenge appears with this level of agility: knowing who did what for collaboration, management and security purposes.

We just launched the Convox Audit Log to help.

Audit App Activity

The Audit Log shows all app activity like builds, deploys and updates to environment variables:

Visualize Your Team’s VelocityVisualize Your Team’s Velocity

Now your whole team can easily answer questions like “did the bugfix go out this morning?” and “did something change in production on Monday?”

Audit System Activity

The Audit Log also shows all DevOps activity like SSHing into a box, connecting to a sensitive database, or rolling out new AMIs:

Review Access to Private ResourcesReview Access to Private Resources

No More Haystacks…

On many systems, SSH and database access is hidden deep inside logs stuck on the servers. On AWS, resource access is buried deep inside the raw AWS CloudTrail events. Most teams simply ignore this information and don’t have visibility into who does what.

Looking For a Needle in a HaystackLooking For a Needle in a Haystack

Convox solves this by giving your team a single API to access and update resources and recording the most sensitive API calls.

The raw logs and trails are still there, you just won’t need to use them any more.

Audit All The Things…

You can read the Audit Log Docs to learn more about how it works.

Are there still things your team is doing that you wish you had more visibility into?

Have you tamed this problem in other ways?

We’d love to learn more about your problems and solutions and get your feedback on the Audit Log on Slack or GitHub.

You can also sign up for the newsletter for more announcements.