This page describes how to configure audit logs in Pinecone. Audit logs provide a detailed record of user, service account, and API actions that occur within Pinecone. Pinecone supports Amazon S3 as a destination for audit logs.
To enable and manage audit logs, you must be an organization owner. This feature is in public preview and available only on Enterprise plans.
Before you can enable audit logs, you need to create an IAM policy and role in Amazon S3. To start, ensure you have the following:
In the AWS IAM console:
ListBucket
: Permission to list some or all of the objects in an S3 bucket.PutObject
: Permission to add an object to an S3 bucket.arn:aws:s3:::example-bucket-name
arn:aws:s3:::example-bucket-name/*
In the AWS IAM console:
In the navigation pane, click Roles.
Click Create role.
In the Trusted entity type section, select AWS account.
Select Another AWS account.
Enter the Pinecone AWS VPC account ID: 713131977538
Click Next.
Select the policy you created.
Click Next.
Specify the role name. For example: “Pinecone”.
Click Create role.
Click the role you created.
On the Summary page for the role, find the ARN.
For example: arn:aws:iam::123456789012:role/PineconeAccess
Copy the ARN.
You will need to enter the ARN into Pinecone later.
Once you enable audit logs, Pinecone will start writing logs to the S3 bucket. In your bucket, you will also see a file named audit-log-access-test
, which is a test file that Pinecone writes to verify that it has the necessary permissions to write logs to the bucket.
Logs are written to the S3 bucket approximately every 30 minutes. Each log batch will be saved into its own file as a JSON blob, keyed by the time of the log to be written. Only logs since the integration was created and enabled will be saved.
For more information about the log schema and captured events, see Security overview - Audit logs.
You can edit the details of the audit log integration in the Pinecone console:
If you disable audit logs, logs not yet saved will be lost. You can disable audit logs in the Pinecone console:
If you remove the audit log integration, logs not yet saved will be lost. You can remove the audit log integration in the Pinecone console:
This page describes how to configure audit logs in Pinecone. Audit logs provide a detailed record of user, service account, and API actions that occur within Pinecone. Pinecone supports Amazon S3 as a destination for audit logs.
To enable and manage audit logs, you must be an organization owner. This feature is in public preview and available only on Enterprise plans.
Before you can enable audit logs, you need to create an IAM policy and role in Amazon S3. To start, ensure you have the following:
In the AWS IAM console:
ListBucket
: Permission to list some or all of the objects in an S3 bucket.PutObject
: Permission to add an object to an S3 bucket.arn:aws:s3:::example-bucket-name
arn:aws:s3:::example-bucket-name/*
In the AWS IAM console:
In the navigation pane, click Roles.
Click Create role.
In the Trusted entity type section, select AWS account.
Select Another AWS account.
Enter the Pinecone AWS VPC account ID: 713131977538
Click Next.
Select the policy you created.
Click Next.
Specify the role name. For example: “Pinecone”.
Click Create role.
Click the role you created.
On the Summary page for the role, find the ARN.
For example: arn:aws:iam::123456789012:role/PineconeAccess
Copy the ARN.
You will need to enter the ARN into Pinecone later.
Once you enable audit logs, Pinecone will start writing logs to the S3 bucket. In your bucket, you will also see a file named audit-log-access-test
, which is a test file that Pinecone writes to verify that it has the necessary permissions to write logs to the bucket.
Logs are written to the S3 bucket approximately every 30 minutes. Each log batch will be saved into its own file as a JSON blob, keyed by the time of the log to be written. Only logs since the integration was created and enabled will be saved.
For more information about the log schema and captured events, see Security overview - Audit logs.
You can edit the details of the audit log integration in the Pinecone console:
If you disable audit logs, logs not yet saved will be lost. You can disable audit logs in the Pinecone console:
If you remove the audit log integration, logs not yet saved will be lost. You can remove the audit log integration in the Pinecone console: