**********
NOTICE: This course is deprecated and has been replaced by https://cloudacademy.com/course/configuring-gcp-access-security-2685/
**********
Security is considered to be one of the biggest challenges when comparing cloud vs. in-house infrastructure. Due to lack of trust, loss of control, and the multi-tenant nature of the cloud, security controls and mechanisms are of the utmost importance.
Google Cloud Platform offers tools with a single dashboard and simple interfaces to implement security policies. Google Cloud Identity and Access Management (IAM) provides an easy way to manage GCP users and the permissions assigned to them. Besides human users, GCP provides a way to create non-human identities (service accounts) and attach those to cloud applications and VMs. The correct configuration and usage of service accounts and IAM are critical to GCP security. GCP also provides a centralized dashboard to view audit logs, which are useful in the case of a security breach.
To help you get the most out of the security tools offered in Google Cloud, this course covers how to properly manage IAM, service accounts, and audit logs.
Learning Objectives
- Understand how cloud security differs from on-premises security
- Configure identities and access levels in Google Cloud Platform using Cloud IAM
- Create, manage, and assign service accounts to GCP VMs
- View audit logs in the GCP console
Intended Audience
- Students preparing for GCP cloud certifications
- Cloud administrators and IT professionals
- Cloud security practitioners
- GCP developers
Prerequisites
- Completion of Google Cloud Platform Fundamentals course on Cloud Academy or practical working experience with GCP infrastructure
- Basic proficiency with command-line tools and Linux operating system environments
Welcome to the lecture on audit logs. In this lecture, we'll cover the basics of audit logs in Google Cloud Platform and learn how to view these logs in a GCP project. But first, what is an audit log? In a real-world GCP project, there are many users, many applications, and many cloud resources. All these components interact with each other in legitimate ways. For example, a user named Alice may try to access a GCP bucket that she is authorized to read. Similarly, a user named Bob may delete a VM that he's authorized to delete.
These are legitimate authorized operations, but what if the VM got deleted and Bob says he did not delete it? What if a user named Eve tried to access a bucket that she's not authorized to access? If there is no record of these types of events, it's impossible to backtrack and audit when some security-related incidents happen.
In the previous examples, if we had recorded every time a user accessed a data item in GCP or deleted a VM, we could identify the root problems using these logs. This is exactly what an audit log does. An audit log is a record of the critical events in a system, along with information such as when the event happened, who initiated it, and other information which can help in the case of a security breach.
There are thousands, and even millions, of such operations that can happen in a production Google Cloud project. GCP provides scalable logging and search tools, including a dashboard, where you can see these logs in a centralized place.
So, let's learn about the audit logs in GCP. The goal of the audit logs is to help an auditor know who did what and when. In GCP, there are three main types of audit logs: admin activity logs, data access logs, and system events logs. Admin activity logs are associated with administrative actions initiated by human users. Some examples of admin activity log entries include events such as a user creating a VM or a project owner adding users or changing access for existing users. Data access audit logs record actions associated with API calls, which read or modify metadata, resources, or actual data. Finally, the third type of audit log in GCP is system event audit logs. They capture administrative actions which are not initiated by human users, but by GCP's system infrastructure.
Abhishek Gupta has 10+ years of experience in the domain of high-performance computing, cloud, and security. Currently, he's leading an innovation team at the Schlumberger Software Technology Innovation Center and is also a visiting faculty member at Santa Clara University where he teaches a graduate course in cloud computing. Gupta has a Ph.D. in Computer Science from the University of Illinois at Urbana Champaign.