diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml
index 054e0321c2..926a0daefc 100644
--- a/heat/templates/configmap-etc.yaml
+++ b/heat/templates/configmap-etc.yaml
@@ -138,6 +138,7 @@ data:
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
   api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
   policy.json: {{ toJson .Values.conf.policy | b64enc }}
+  api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
 {{- range $key, $value := $envAll.Values.conf.rally_tests.templates }}
   {{ printf "test_template_%d" $key }}: {{ $value.template | b64enc }}
 {{- end }}
diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml
index cf45cc553c..528a772690 100644
--- a/heat/templates/deployment-api.yaml
+++ b/heat/templates/deployment-api.yaml
@@ -102,6 +102,10 @@ spec:
               mountPath: /etc/heat/policy.json
               subPath: policy.json
               readOnly: true
+            - name: heat-etc
+              mountPath: /etc/heat/api_audit_map.conf
+              subPath: api_audit_map.conf
+              readOnly: true
 {{ if $mounts_heat_api.volumeMounts }}{{ toYaml $mounts_heat_api.volumeMounts | indent 12 }}{{ end }}
       volumes:
         - name: pod-etc-heat
diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml
index 9f30ba62d2..e085f77a9b 100644
--- a/heat/templates/deployment-cfn.yaml
+++ b/heat/templates/deployment-cfn.yaml
@@ -102,6 +102,10 @@ spec:
               mountPath: /etc/heat/policy.json
               subPath: policy.json
               readOnly: true
+            - name: heat-etc
+              mountPath: /etc/heat/api_audit_map.conf
+              subPath: api_audit_map.conf
+              readOnly: true
 {{ if $mounts_heat_cfn.volumeMounts }}{{ toYaml $mounts_heat_cfn.volumeMounts | indent 12 }}{{ end }}
       volumes:
         - name: pod-etc-heat
diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml
index 1d58d5ff3d..b350cb4574 100644
--- a/heat/templates/deployment-cloudwatch.yaml
+++ b/heat/templates/deployment-cloudwatch.yaml
@@ -98,6 +98,10 @@ spec:
               mountPath: /etc/heat/policy.json
               subPath: policy.json
               readOnly: true
+            - name: heat-etc
+              mountPath: /etc/heat/api_audit_map.conf
+              subPath: api_audit_map.conf
+              readOnly: true
 {{ if $mounts_heat_cloudwatch.volumeMounts }}{{ toYaml $mounts_heat_cloudwatch.volumeMounts | indent 12 }}{{ end }}
       volumes:
         - name: pod-etc-heat
diff --git a/heat/values.yaml b/heat/values.yaml
index 84e9ebe1a9..77938afed3 100644
--- a/heat/values.yaml
+++ b/heat/values.yaml
@@ -283,17 +283,17 @@ conf:
                 length: 40
   paste:
     pipeline:heat-api:
-      pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app
+      pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken audit context apiv1app
     pipeline:heat-api-standalone:
       pipeline: cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
     pipeline:heat-api-custombackend:
       pipeline: cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
     pipeline:heat-api-cfn:
-      pipeline: cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app
+      pipeline: cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken audit context apicfnv1app
     pipeline:heat-api-cfn-standalone:
       pipeline: cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
     pipeline:heat-api-cloudwatch:
-      pipeline: cors versionnegotiation osprofiler ec2authtoken authtoken context apicwapp
+      pipeline: cors versionnegotiation osprofiler ec2authtoken authtoken audit context apicwapp
     pipeline:heat-api-cloudwatch-standalone:
       pipeline: cors versionnegotiation ec2authtoken context apicwapp
     app:apiv1app:
@@ -334,6 +334,9 @@ conf:
       paste.filter_factory: heat.common.auth_password:filter_factory
     filter:custombackendauth:
       paste.filter_factory: heat.common.custom_backend_auth:filter_factory
+    filter:audit:
+      paste.filter_factory: keystonemiddleware.audit:filter_factory
+      audit_map_file: /etc/heat/api_audit_map.conf
     filter:request_id:
       paste.filter_factory: oslo_middleware.request_id:RequestId.factory
     filter:osprofiler:
@@ -471,6 +474,33 @@ conf:
       enable_proxy_headers_parsing: true
     oslo_messaging_rabbit:
       rabbit_ha_queues: True
+  audit_api_map:
+    DEFAULT:
+      target_endpoint_type: None
+    path_keywords:
+      stacks: stack
+      resources: resource
+      preview: None
+      detail: None
+      abandon: None
+      snapshots: snapshot
+      restore: None
+      outputs: output
+      metadata: server
+      signal: None
+      events: event
+      template: None
+      template_versions: template_version
+      functions: None
+      validate: None
+      resource_types: resource_type
+      build_info: None
+      actions: None
+      software_configs: software_config
+      software_deployments: software_deployment
+      services: None
+    service_endpoints:
+      orchestration:service/orchestration
   logging:
     loggers:
       keys: