Taicheng's Profile

Audit Logging

Google Cloud services write audit logs that record administrative activities and accesses within your Google Cloud resources.

To view audit logs, you must have the appropriate IAM permissions and roles:

Enable data access logging for cloudsql:

> gcloud projects get-iam-policy myproject123 > /tmp/policy.yaml 

# Append to policy.yaml
auditConfigs:
- auditLogConfigs:
  - logType: DATA_READ
  - logType: DATA_WRITE
  service: cloudsql.googleapis.com
  - exemptedMembers:
    - 123456789123-compute@developer.gserviceaccount.com

> gcloud projects set-iam-policy myproject123 /tmp/policy.yaml

Taicheng