Managing Decision Logs
Enable and View Decision Logs
Decision logging can be enabled on each policy; once on, decision logs are generated by every authorizer that loads that policy. To enable decision logs, navigate to the Policies tab and open the instance for which you want to enable the logs.
Click on the "Decision logs" tab on the left-hand sidebar:
Enable the decision logs by toggling the "Record decision log" switch:
After making some calls to the authorizer, you'll be able to see the aggregated decision logs:
Decision Logs API Key
The decision logs API key is useful for using the API and CLI to retrieve decision logs data in a least-privileges context. To find it, click on Connections, look for the decision-logs
connection and click to expand it: