Cloud Audit Logging

How Cloud Audit Logs help you to keep track of what is happening in your Cloud?

In an era where businesses are moving most of their projects to Google Cloud, you must monitor what happens to your resources on GCP. This entails having a record of which resources are created, accessed, and modified, by whom and at what time, on your Cloud. Cloud Audit Logs is a logging service on GCP that generates records of the actions that happen to your projects on GCP. It is a well-regulated service with both automatic and user-activated functions depending on whether user data is involved or not. It generally helps you keep track of what is happening in your Cloud. So how does it do this?

Actions to create or modify resources on GCP, such as creating a Cloud Storage bucket, result in the generation of an audit trail displayed on the Activity tab of your project. This audit trail comprises audited events of this action, including the user who created the bucket, the timestamp, and the created resource. A trail can only be seen after you refresh the Activity tab. Log entries matching audit logs are also created on the GCP console under Logging and specified by type as audit logs. 

Up to this point, it is straightforward, that this is an automatic function. Cloud Audit Logs draws the line when adding and operating files in this bucket; no activity logs or log entries will be written. Why is this important? Creating files within the bucket involves dealing with user data. This data is protected, and you need special access privileges to visualize. Before activity logs and log entries on this action are written, you need additional audit logging.    

Cloud Audit Logs types

Cloud Audit Logs has three types of audit logs that you can enable. When you alter the configuration or metadata of resources, for example, creating a bucket for Cloud storage or creating a VM instance on Compute, Admin Read (Admin Activity) audit logs record this action. Admin Activity logs are automatic, and no charges are imposed on them. Even when Cloud logging API is disabled, these logs will still be written. For Cloud Audit Logs to generate activity logs for data accessed within these buckets, you need to enable Data Read logs on the IAM & Admin section. When you access data on this resource, the audit log will display a call to the resource’s GET API requesting this data. For audit logs on new data created within this resource, you need to enable Data Write logs in the same way. Similar information will be generated on the activity tab. 

Data Write and Data read logs are automatically enabled for BigQuery but have to be enabled for other resources. These two are liable to charges, and special access privileges must be created for them in IAM when they are being enabled. GCP has its System Logs that are written when it alters the configuration of resources. 

By enabling Cloud Audit Logs, you ensure that your business’ Cloud resources are protected from insider risk. If there are issues with your account, GCP support will use Cloud Audit logs to diagnose the problem.