Skip to main content

Export Torq Activity and Audit Logs to Amazon S3 Automatically

Set up automatic audit and activity log exports to Amazon S3, ensuring availability for external tools.

Updated over a month ago

Easily export Torq’s audit and activity logs directly to Amazon S3 (Simple Storage Service), no workflows or complex setup needed. This integration ensures reliable and streamlined log delivery for centralized monitoring, security analysis, compliance auditing, and long-term retention.

  • Seamless Configuration: An intuitive user interface allows you to easily configure export parameters, including event types, destinations, and integrations, without requiring complex workflow logic.

  • Advanced Filtering: Apply JQ filtering for tailored and efficient log exports.

  • Set-and-Forget Automation: After it’s set up, the log exporter runs in the background and handles log exports automatically.

  • Deduplication & Data Integrity: The exporter intelligently detects and filters out duplicate events, helping maintain clean and reliable data in your external system.

  • High Throughput Support: Capable of processing up to 200,000 events per minute, the exporter supports high-volume environments without compromising performance.

To enable audit and activity log export to Amazon S3 for your workspace, contact Torq support.

Prerequisites

Egress IPs

Verify that the following IP addresses are allowed for outbound (egress) log traffic:

  • US Region: 34.45.162.152, 35.224.195.100, 34.30.220.27, 34.55.144.128, 34.31.70.174

  • EU Region: 35.198.189.29, 34.159.57.189, 34.89.150.29, 34.159.167.193, 34.141.112.159

AWS Integration

Ensure you have an existing AWS integration configured. The integration must include the s3:PutObject permission to allow uploading objects to the specified S3 bucket.
For detailed guidance, refer to AWS S3 PutObject documentation.

Configuring Log Export to AWS

Follow these steps to export logs to Amazon S3:

  1. Navigate to Log Export: Go to Settings > Log Export and click Add.

  2. In the Export Log dialog, enter the following information:

    • Name: Enter a meaningful name for the log export.

    • Log Type: Choose the type of log to export:

      • Audit: Records user actions within Torq (e.g., logins, permission changes) for security, compliance, and traceability.

      • Activity: Captures system-level events from workflow executions (e.g., trigger runs, connector steps) for monitoring and debugging automation.

    • Destination: Select AWS S3.

    • Integration instance: Select the AWS S3 integration instance for the export.
      Ensure the integration includes the s3:PutObject permission.

    • Region: Choose the AWS S3 region for the export.

    • Bucket: Specify the AWS S3 bucket.

    • Path within Bucket (Optional): Specify the path within the S3 bucket.

    • JSON query (Optional): Expand the Advanced options section to define a JSON query for extracting specific information from the logs.
      For example, use .execution.status == "queued" to filter and export only activity log entries for queued workflows.

  3. Save and validate: Click Add to save the configuration. Torq validates the configuration by uploading a test file named verify-<uuid>.
    If validation fails (e.g., invalid integration instance, or insufficient permissions), an error message will appear in the configuration dialog.

Managing Log Exports

Once added, the log export appears in the list. From there you can:

  • Edit or delete the configuration.

  • Pause the export if needed.

Export Frequency

Log exports are triggered automatically:

  • When 50 log entries accumulate, or

  • Every 60 minutes, whichever comes first.

This enables efficient log transfer while reducing system overhead. To adjust the export frequency, contact Torq Support for assistance.

Using Workflows for Automatic Log Exports

You can use these steps to create and pull log export configurations right within your workflow.

For example, you might want to generate a quick report of all current log export setups, handy for staying up to date or keeping things audit-ready.

  • Create Log Export Configuration: Set up a new log export by picking the log type, destination, and AWS integration you want to use. You can also use a JSON query if you need to filter things down.
    To get the AWS integration ID, use the Get Integration by Name or List Integrations steps.

  • List Log Export Configurations: Get a full list of all the log exports set up in your workspace, details included.

  • Get Log Export Configuration: Retrieve detailed information for a specific log export by its ID.

Creating an Automatic Log Export for a Different Workspace

You can set up a log export for another workspace using the AWS integration from your current one, as long as you have an access token for the workspace you’re sending logs to.

  • Share the AWS Integration: Use the Create Share Request step to make the AWS integration available in the workspace where you want to export logs.

  • Get the AWS Integration ID: Run the Get Integration by Name step using the access token from the destination workspace. That’ll give you the AWS integration ID you need.

    To use an access token instead of selecting a Torq integration, click the three-dot menu next to the Integration field and choose Set values separately.

  • Set Up the Log Export Configuration: Use the Create Log Export Configuration step and fill in the details:

    • Log type (either audit or activity)

    • AWS integration ID from the destination workspace

    • The Amazon S3 destination

    • Access token for the destination workspace

Related Articles
Audit Logs & APIs: Streamline Auditing with Torq
Collect Torq Audit or Activity Logs - Workflow Template
Send Torq Audit and Activity Logs to Snowflake - Workflow Template
Send Torq Audit and Activity Logs to S3 Bucket on a Schedule - Workflow Template
Gather Torq Audit or Activity Logs - Workflow Template
Did this answer your question?