diff --git a/terraform/modules/k3d_k3s/audit/audit.yaml b/terraform/modules/k3d_k3s/audit/audit.yaml
new file mode 100644
index 0000000..8038f74
--- /dev/null
+++ b/terraform/modules/k3d_k3s/audit/audit.yaml
@@ -0,0 +1,14 @@
+apiVersion: audit.k8s.io/v1
+kind: Policy
+
+# Prevent requests in the RequestReceived stage from generating audit events.
+omitStages:
+  - "RequestReceived"
+
+rules:
+  # Log all resources in core and extensions at the Metadata level.
+  - level: Metadata
+    # Long-running requests like watches that fall under this rule will not
+    # generate an audit event in RequestReceived.
+    omitStages:
+      - "RequestReceived"