Logging GCP – Audit Logging for GCP Services
As is well documented, there are three types of audit logs in GCP. The Admin Activity and the System Logs are automatically turned on by default. The data access audit logs are not, and need to be individually turned on for each service.
What if you wanted to turn on these logs for ALL services at one go?
Here is simple terraform to accomplish that.
resource "google_organization_iam_audit_config" "config" {
org_id = "your-organization-id"
service = "allServices"
audit_log_config {
log_type = "DATA_READ"
}
audit_log_config { log_type = "ADMIN_READ" }
}
Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Strategy? Set up a time with Anuj Varma.
Leave a Reply