Audit Logging Policies
Manage audit logging for your CoreWeave buckets
Audit logging policies
Audit logs allow organizations to see granular details about all actions performed on their CoreWeave resources. Audit logging policies govern how an organization collects, stores, and analyzes that data.
CoreWeave audit logs contain only audits for resources stored directly with CoreWeave.
Enabling and controlling audit logs
CoreWeave creates an audit logging bucket by default for each customer, named cw-<Org ID>-audit-logs, where <Org ID> is replaced by your organization ID. For example, if your organization ID is 12345a, your audit logging bucket would be called cw-12345a-audit-logs.
Audit access permissions
Required access permissions s3:PutObject and s3:ListBucket must be configured manually for this bucket. CoreWeave users with admin permissions can use curl commands to grant CoreWeave access via the /bucket/settings and /organization/settings API endpoints.
Below is an example bucket policy allowing CoreWeave to write data to a customer's buckets:
{"Statement": [{"Action": ["s3:ListBucket","s3:PutObject"],"Effect": "Allow","Principal": {"CW": ["arn:aws:iam::coreweave:static/audit-logs"]},"Resource": ["arn:aws:s3:::cw-<Org ID>-audit-logs","arn:aws:s3:::cw-<Org ID>-audit-logs/*"]}],"Version": "2012-10-17"}
For step-by-step instructions on how to enable audit logging for a bucket, please see the Object Storage API Reference and Bucket Policies reference pages.