Audit logs and access logs are critical tools for enterprises, providing visibility into system activities, enhancing security, ensuring compliance, and supporting operational efficiency. They are useful for:
- Security and Threat Detection
- Compliance and Legal Protection
- Operational Efficiency and Troubleshooting
- Accountability and Fraud Prevention
- Forensic Analysis and Incident Response
Wallet-as-a-Service (Palisade) keeps track of audit logs, allowing you to configure an endpoint where to receive a copy.
Customer configures an IAM role and a firehose endpoint in Organization settings. During the upload, the following environment specific IAM roles assume the customer configured IAM roles in order to perform PutRecordBatch on the configured firehose endpoint.
Once configured, Wallet-as-a-Service (Palisade) will buffer and upload logs in batch every 15 seconds.
The IAM role that grants access to Wallet-as-a-Service (Palisade) to upload logs to AWS Firehose must have following policies:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowFirehosePutRecordBatch",
"Effect": "Allow",
"Action": "firehose:PutRecordBatch",
"Resource": "arn:aws:firehose:REGION:ACCOUNT_ID:deliverystream/STREAM_NAME"
},
{
"Sid": "AllowStsGetCallerIdentity",
"Effect": "Allow",
"Action": "sts:GetCallerIdentity",
"Resource": "*"
}
]
}Additionally, in order to allow Wallet-as-a-Service (Palisade) to assume this role, it must have the following IAM trust relationship:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPalisadeAssumeRole",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::PALISADE_ACCOUNT_ID:PALISADE_IAM_RESOURCE_NAME"
},
"Action": "sts:AssumeRole"
}
]
}Please contact Wallet-as-a-Service (Palisade) support to get your respective PALISADE_ACCOUNT_ID and PALISADE_IAM_RESOURCE_NAME.
Example log object received by AWS Firehose:
{
"id": 21119,
"orgId": "dac59f97-5984-4298-bebd-92c94b6184b4",
"type": 1,
"userId": "c1e08d96-07a3-4561-846f-dd5a5c274e29",
"deviceId": null,
"requestId": "2aa53531-2124-4501-b9bb-2ed8208ff0e8",
"jsonData": "eyJ1cmwiOiAiL3YyL2JhbGFuY2VzIiwgIm1ldGhvZCI6ICJHRVQiLCAiaGVhZGVycyI6IHsiQWNjZXB0IjogImFwcGxpY2F0aW9uL2pzb24sIHRleHQvcGxhaW4sICovKiIsICJPcmlnaW4iOiAiaHR0cHM6Ly9hcHAuZGV2ZWxvcG1lbnQucGFsaXNhZGUuY28iLCAiUmVmZXJlciI6ICJodHRwczovL2FwcC5kZXZlbG9wbWVudC5wYWxpc2FkZS5jby8iLCAiUHJpb3JpdHkiOiAidT0xLCBpIiwgIlNlYy1DaC1VYSI6ICJcIkNocm9taXVtXCI7dj1cIjEzNlwiLCBcIkdvb2dsZSBDaHJvbWVcIjt2PVwiMTM2XCIsIFwiTm90LkEvQnJhbmRcIjt2PVwiOTlcIiIsICJVc2VyLUFnZW50IjogIk1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzE1XzcpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzYuMC4wLjAgU2FmYXJpLzUzNy4zNiIsICJYLVJlcXVlc3QtSWQiOiAiMmFhNTM1MzEtMjEyNC00NTAxLWI5YmItMmVkODIwOGZmMGU4IiwgIlNlYy1GZXRjaC1EZXN0IjogImVtcHR5IiwgIlNlYy1GZXRjaC1Nb2RlIjogImNvcnMiLCAiU2VjLUZldGNoLVNpdGUiOiAic2FtZS1zaXRlIiwgIkFjY2VwdC1FbmNvZGluZyI6ICJnemlwLCBkZWZsYXRlLCBiciwgenN0ZCIsICJBY2NlcHQtTGFuZ3VhZ2UiOiAiZW4tR0IsZW4tVVM7cT0wLjksZW47cT0wLjgiLCAiWC1BbXpuLVRyYWNlLUlkIjogIlJvb3Q9MS02ODMwOWI0Yy0zYTcyZWZjNDI0NGQ2ZDEzNjQ5OThmY2IiLCAiWC1Gb3J3YXJkZWQtRm9yIjogIjgwLjEuMjUzLjI0NSwxMC4wLjYuNDMiLCAiU2VjLUNoLVVhLU1vYmlsZSI6ICI/MCIsICJYLUZvcndhcmRlZC1Qb3J0IjogIjQ0MyIsICJYLUZvcndhcmRlZC1Qcm90byI6ICJodHRwcyIsICJBdXRob3JpemF0aW9uLUhhc2giOiAiNTE5ZGY0ZjdhYmUxODlkOWY3ODkxYzIyZDEyMGQ2NTQiLCAiU2VjLUNoLVVhLVBsYXRmb3JtIjogIlwibWFjT1NcIiIsICJYLUVudm95LUF0dGVtcHQtQ291bnQiOiAiMSIsICJYLUZvcndhcmRlZC1DbGllbnQtQ2VydCI6ICJCeT1zcGlmZmU6Ly9jbHVzdGVyLmxvY2FsL25zL2dhdGV3YXkvc2EvYXBpLWdhdGV3YXk7SGFzaD05NDUwNjdiYjMzNWMwZjEwOTYyZjNmYmFkZWJhOGQ4ZTE3ZGM1YWQ4MmI2ZWExYWZjZTAzNDdiZGU5N2ZmOTYwO1N1YmplY3Q9XCJcIjtVUkk9c3BpZmZlOi8vY2x1c3Rlci5sb2NhbC9ucy9pc3Rpby1zeXN0ZW0vc2EvaXN0aW8taW5ncmVzc2dhdGV3YXkiLCAiWC1FbnZveS1FeHRlcm5hbC1BZGRyZXNzIjogIjEwLjAuNi40MyJ9LCAicmVxdWVzdCI6IHsiYm9keSI6ICIifSwgInJlc3BvbnNlIjogeyJib2R5TGVuZ3RoIjogNjIsICJzdGF0dXNDb2RlIjogMjAwfSwgImR1cmF0aW9uTXMiOiAzLCAicmVtb3RlQWRkciI6ICI4MC4xLjI1My4yNDUifQ==",
"source": "api-gateway",
"receivedAt": "2025-05-23T15:59:08.764753Z",
"createdAt": "2025-05-23T15:59:08.757472Z"
}The orgId attribute is guaranteed to be non-nil and correspond to the customer's organization ID. The userId, deviceId and requestId may provide further information regarding the initiator of the request but they are not guaranteed to be present.
The property jsonData has the following internal JSON structure when base64 decoded:
{
"url": "/v2/users/info",
"method": "GET",
"headers": {
"Accept": "application/json, text/plain, */*",
"Origin": "https://app.palisade.co",
"Referer": "https://app.palisade.co/",
"Priority": "u=1, i",
"Sec-Ch-Ua": "\"Chromium\";v=\"136\", \"Google Chrome\";v=\"136\", \"Not.A/Brand\";v=\"99\"",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36",
"X-Request-Id": "e630143f-1df1-4116-966d-b1819d62683f",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-site",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "en-GB,en-US;q=0.9,en;q=0.8",
"X-Amzn-Trace-Id": "Root=1-6835a5e2-5291d44c2c702d3165875983",
"X-Forwarded-For": "80.1.253.245,10.0.6.43",
"Sec-Ch-Ua-Mobile": "?0",
"X-Forwarded-Port": "443",
"X-Forwarded-Proto": "https",
"Authorization-Hash": "37f53fd9408cf4920708dbc5731acace",
"Sec-Ch-Ua-Platform": "\"macOS\"",
"X-Envoy-Attempt-Count": "1",
"X-Forwarded-Client-Cert": "By=spiffe://cluster.local/ns/gateway/sa/api-gateway;Hash=4a74148afabd7bc011d206439ef2a2acdb2f4db3fce0a17097b4d65b1982b70a;Subject=\"\";URI=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway",
"X-Envoy-External-Address": "10.0.6.43"
},
"request": {
"body": ""
},
"response": {
"bodyLength": 199,
"statusCode": 200
},
"durationMs": 5,
"remoteAddr": "80.1.253.245"
}- Support for AWS Firehose only
- Logs are buffered for 15 seconds before sending to firehose