IP Filter Authorization Auditable Event Methods on Confluent Cloud

Included here are the auditable event methods for operations on IP filters that generate auditable event messages for the io.confluent.cloud/authorization event type. When an auditable event occurs, the auditable event method is triggered and a message is sent to the audit log and is stored as an audit log record.

For details about the IP Filtering feature and the use of IP filters and IP groups, see IP Filtering on Confluent Cloud.

Method name Action triggering an auditable event message
ip-filter.Authorize An IP filter denies access to Confluent Cloud resources in an organization.

Examples

ip-filter.Authorize

The ip-filter.Authorize event method is generated by the denial of a request to access Confluent Cloud resources in an organization from an IP address that is not covered in an IP group’s CIDR block included in an IP filter.

{
   "datacontenttype":"application/json",
   "data":{
      "serviceName":"crn://confluent.cloud/",
      "methodName":"ip-filter.Authorize",
      "cloudResources":[
         {
            "resource":{
               "type":"ORGANIZATION",
               "resourceId":"26bdbe6b-0c1b-4d25-a6e6-7bcc4d0932e3"
            }
         }
      ],
      "authenticationInfo":{
         "principal":{
            "confluentUser":{
               "resourceId":"u-123456"
            }
         },
         "result":"SUCCESS",
         "identity":"crn://confluent.cloud/organization=26fcbe6c-0c1b-4d65-a7e5-6acb4d082313/identity-provider=Confluent/identity=u-123456"
      },
      "authorizationInfo":{
         "result":"DENY",
         "ipfilterAuthorization":{
            "clientIp":"1.2.3.4",
            "resourceGroup":"MANAGEMENT"
         }
      },
      "requestMetadata":{
         "requestId":[
            "b0c6a8d763140e9e23789d2dce4b6ac5"
         ],
         "clientAddress":[
            {
               "ip":"1.2.3.4"
            }
         ]
      },
      "resourceName":"crn://confluent.cloud/organization=26fcbe6c-0c1b-4d65-a7e5-6acb4d082313"
   },
   "subject":"crn://confluent.cloud/organization=26fcbe6c-0c1b-4d65-a7e5-6acb4d082313",
   "specversion":"1.0",
   "id":"0e0376b2-9100-43d8-a387-bd53e8bebdb3",
   "source":"crn://confluent.cloud/",
   "time":"2023-12-01T18:14:20.929608274Z",
   "type":"io.confluent.cloud/authorization"
}