gigamcp/ docs

Audit stream

Forward every audit event written by gigamcp to a Kinesis Data Stream you own. From there you can fan out to Splunk, Datadog, Sumo Logic, Elastic Cloud, Snowflake, or your own Lambda — anything that can read from Kinesis.

Why a stream and not webhooks?

  • Order + replay: Kinesis preserves ordering per partition key (we use tenantId); 24h replay is built-in (configurable to 7d / 365d).
  • Back-pressure: a slow consumer never blocks gigamcp; bursts buffer in Kinesis.
  • One IAM grant: instead of rotating webhook secrets you grant our publisher rolekinesis:PutRecords once.

Setup

  1. In your AWS account, create a Kinesis Data Stream:
    aws kinesis create-stream \
  --stream-name gigamcp-audit \
  --shard-count 1 \
  --stream-mode-details StreamMode=ON_DEMAND
  2. Create an IAM role that trusts our publisher account (arn:aws:iam::123456789012:role/gigamcp-audit-publisher — use the value from your CSM) and grants kinesis:PutRecords on the stream:
    {
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": ["kinesis:PutRecords", "kinesis:DescribeStreamSummary"],
    "Resource": "arn:aws:kinesis:eu-west-1:<your-acct>:stream/gigamcp-audit"
  }]
}
  3. On the gigamcp side, open Enterprise → Audit stream as the workspace owner, paste the stream ARN, and press Save.
  4. Trigger any audit-emitting action (invite a member, mint an API key) and confirm a record arrives in Kinesis within a few seconds.

Event format

Each Kinesis record is a single JSON object on one line:

{
  "id": "01HMV…",
  "tenantId": "01HMV…",
  "occurredAt": "2026-04-28T07:14:55.123Z",
  "actorKind": "user" | "api_key" | "system",
  "actorUserId": "01HMV…" | null,
  "actorApiKeyId": "01HMV…" | null,
  "action": "tenant.member.invited",
  "resourceType": "membership",
  "resourceId": "01HMV…",
  "metadata": { ... },
  "ip": "203.0.113.7",
  "userAgent": "Mozilla/5.0 …"
}

Region considerations

Cross-region PutRecordsworks but adds latency (50–150 ms) and AWS data-transfer cost. For best results put the stream in the same region as your gigamcp deployment; the Audit stream page warns you when there's a mismatch.

Delivery semantics

  • At-least-once. We retry transient throughput-exceeded errors up to 5 times.
  • Best-effort. The stream is a fan-out; the source-of-truth audit log lives in gigamcp's Postgres and is never blocked by Kinesis. If the stream is offline for > 24h, replay isn't possible from our side — you can always export the missing window via the GDPR-export API.
  • No PII redaction. Events contain user ids, ip addresses, and metadata as written by gigamcp. You're responsible for downstream redaction if your compliance posture requires it.

Disconnecting

Press Disconnect on the Audit stream page. The next event after the change is no longer published; the Kinesis stream itself is yours and we never delete it.