Audit Events Overview

WireMock Cloud generates audit events when you perform various actions within your account. For example, creating or deleting Mock APIs, changing settings or logging in and many more. For our enterprise customers we provide the ability to push these audit events to an AWS S3 bucket stored within your AWS account.

​

Usage

The audit event feature is only available to users on our Enterprise or Enterprise Trial plans and you will need to be an organisation administrator to create and manage audit event destinations.

To create and manage your S3 bucket destination, navigate to the Organisation Page on your account. On this page you will see the Audit Events section.

This is where you will create and manage your S3 audit event destination. To set up an S3 audit event destination you will need to configure your AWS account with an S3 bucket and a role to allow WireMock Cloud to push audit events to that bucket.

​

Configure Your AWS Account

The first step in setting up your S3 audit event destination is to configure your AWS account to allow WireMock Cloud to save audit events to your bucket. You can do this in the following way:

• Create the S3 bucket <your-company-name>-wiremock-cloud-audit-events (you can use any bucket name if you have your own naming convention but be sure to update the bucket name in the examples below)
• Create a policy called wiremock-cloud-put-audit-events with s3:PutObject on arn:aws:s3:::<your-company-name>-wiremock-cloud-audit-events/*

{
  "Version": "2012-10-17",
  "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "s3:PutObject"
        ],
        "Resource": "arn:aws:s3:::<your-company-name>-wiremock-cloud-audit-events/*"
      }
    ]
}

• Create an AWS account role for another AWS account
  • Specify account id 499333472133.
  • Do NOT require external ID or MFA.
  • Choose wiremock-cloud-put-audit-events as the policy (the one you created above)
  • Name it wiremock-cloud-put-audit-events
  • Set the trust policy as so:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::499333472133:root"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Once you have completed the steps above, you can navigate to the Organisation Page and continue the configuration there.

​

Configure Your WireMock Cloud Account

Now you have configured your AWS account with the new bucket and role, you can add those details to the Audit Events section on the Organisations page:

• Enter the bucket name into the Bucket name field
• Enter the full role arn into the Role ARN field

• Click on the Save button to add the S3 audit destination to your organisation

Once you have saved the audit destination, you will see some documentation you can copy to make sure the role permission and trust relationship you created above is correct. For a newly created audit destination you should see the status message - Status: Audit events are yet to be sent to this destination

​

Testing Your S3 Audit Event Destination

Now you saved the S3 audit event destination you can test it to make sure everything works end to end. Clicking on the Test button will make WireMock Cloud attempt to post a test file to the bucket you created above. If all works correctly the button will turn green and you should have a new file saved to your S3 bucket called test-wiremock-cloud-integration.txt. This file will contain the date and time the test was performed.

Should an error occur trying to post the file to your S3 bucket, an error will be displayed to help you diagnose the issue.

​

Deleting Your S3 Audit Event Destination

If you no longer require audit events to be sent to your S3 bucket you can delete the audit event destination from your organisation. This will stop audit events being set to your S3 bucket. To do this you can click on the Delete button. This will display a confirmation dialog to allow you to confirm the deletion.

Clicking on No will close the dialog and no action will be taken, clicking on Yes will delete your S3 audit event destination and no more audit events will be sent.

​

Sending Audit Events To Your S3 Bucket

WireMock Cloud will send audit events to your S3 bucket in batches every 10 minutes. There is a lookback window of 7 days for audit events. This means if you are setting up an S3 audit event destination and have been a customer for a while, the first batch of audit events sent to your bucket will span back 7 days prior to the date you setup the destination.

Once audit events are successfully being sent to your bucket you will see the status message update on the Organisation page:

If WireMock Cloud encounters an error while sending audit events to your S3 bucket, the status will be updated to highlight the error. If audit events have been successfully sent in the past, the error will also contain the date the last successful attempt was made:

Audit events are saved in your S3 bucket using the following structure:

|── 2025-02
|   |── 01
|   |   |── 2025-02-01T13-45-12-789Z-wjg0yr69.json
|   |── 02
|       |── 2025-02-02T13-32-12-789Z-16oe0mgo.json
|       |── 2025-02-02T14-29-12-789Z-9lrrjdm6.json
|── 2025-03
    |── 02
    |   |── 2025-03-02T13-23-12-789Z-kr731z1.json
    |── 03
        |── 2025-03-03T13-45-12-789Z-9odlj3w3.json
        |── 2025-03-03T14-29-12-789Z-38o4klr7.json

Each file follows the new line delimited JSON specification.

Audit events for the following items in WireMock Cloud are sent to your S3 bucket:

• Mock APIs
• Users
• Teams
• Organisations
• API Templates
• API Template Catalogues
• Data Sources
• Database Connections
• Keys
• Stub Mappings
• Mock API Settings
• Subscriptions
• Open API Git Integrations
• API Keys
• S3 Audit Destinations

More information about working with the audit event json can be found here.

​

Limits

You can read more about plan limits here.