GCPcloud~30 mins

Audit logging in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Audit Logging Setup in Google Cloud Platform

📖 Scenario: You are a cloud administrator responsible for tracking changes and access in your Google Cloud Platform (GCP) project. Audit logs help you see who did what and when, which is important for security and troubleshooting.

🎯 Goal: Set up audit logging for a GCP project by creating a log sink that exports admin activity logs to a Cloud Storage bucket.

📋 What You'll Learn

Create a Cloud Storage bucket named exactly audit-log-bucket

Create a log sink named exactly admin-activity-sink

Configure the sink to export ADMIN_ACTIVITY logs

Set the sink destination to the audit-log-bucket

Print the sink's full name to confirm creation

💡 Why This Matters

🌍 Real World

Audit logging is essential in cloud environments to track user actions and system changes for security and compliance.

💼 Career

Cloud administrators and DevOps engineers often configure audit logging to meet organizational policies and troubleshoot issues.

Progress0 / 4 steps

Create a Cloud Storage bucket

Create a Cloud Storage bucket named audit-log-bucket using the gsutil command.

GCP

# Your code here

Need a hint?

Use gsutil mb followed by the bucket URL to create the bucket.

Define the log sink name and destination

Create variables SINK_NAME set to admin-activity-sink and DESTINATION set to storage.googleapis.com/audit-log-bucket.

GCP

gsutil mb gs://audit-log-bucket/
# Define sink name and destination
# Your code here

Need a hint?

Assign the exact strings to the variables SINK_NAME and DESTINATION.

Create the log sink for admin activity logs

Use the gcloud logging sinks create command with $SINK_NAME as the sink name, $DESTINATION as the destination, and filter for logName: "cloudaudit.googleapis.com%2Factivity" to capture admin activity logs.

GCP

gsutil mb gs://audit-log-bucket/
SINK_NAME=admin-activity-sink
DESTINATION=storage.googleapis.com/audit-log-bucket
# Create the log sink for admin activity logs
# Your code here

Need a hint?

Use gcloud logging sinks create with the sink name, destination, and a filter for admin activity logs.

Print the full sink name

Print the full sink name using gcloud logging sinks describe $SINK_NAME --format='value(name)'.

GCP

gsutil mb gs://audit-log-bucket/
SINK_NAME=admin-activity-sink
DESTINATION=storage.googleapis.com/audit-log-bucket
gcloud logging sinks create $SINK_NAME $DESTINATION --log-filter='logName="projects/'$(gcloud config get-value project)'/logs/cloudaudit.googleapis.com%2Factivity"'
# Print the sink's full name
# Your code here

Need a hint?

Use gcloud logging sinks describe with --format='value(name)' to print only the sink name.