audit-archiver
audit-archiver consumes audit log messages from the Kafka topics that ingress-rpc writes to and archives them to S3-compatible storage for long-term retention, debugging, and compliance.
Package
Section titled “Package”- Crate name:
audit-archiver - Source:
bin/audit-archiver - Library:
crates/infra/audit(audit-archiver-lib)
Architecture
Section titled “Architecture”The archiver runs a configurable pool of workers that consume messages from Kafka topics and write them in batches to S3:
Kafka topics → audit-archiver (worker pool) → S3 bucketThe service supports a noop-archive mode for testing where messages are consumed and logged but not written to S3.
Features
Section titled “Features”| Feature | Description |
|---|---|
| Worker pool | Configurable pool of up to 80 concurrent workers |
| S3 archival | Writes audit logs to S3-compatible object storage |
| Noop mode | noop-archive mode for testing without S3 writes |
| Metrics | Exposes Prometheus metrics on port 9002 |
| Batch processing | Groups messages into batches for efficient writes |
| Port | Protocol | Purpose |
|---|---|---|
| 9002 | HTTP | Prometheus metrics |
Key Dependencies
Section titled “Key Dependencies”audit-archiver-lib— Core archival logicrdkafka— Kafka consumeraws-sdk-s3— S3 clienttokio— Async runtime
cargo build --bin audit-archiver --release./target/release/audit-archiver [OPTIONS]