To help you get the most out of the security tools offered in Google Cloud, this Course covers how to properly manage IAM, service accounts, and audit logs.
Learning Objectives
- How you can manage identity and access management in GCP
- Learn about service accounts, what they mean, and how you can manage them
- Audit logs and how to review them
Intended Audience
This Course is intended for cloud administrators. If you are a cloud security practitioner or are involved in any sort of development with GCP, you will also benefit from taking this Course.
Prerequisites
- Completion of Google Cloud Platform Fundamentals course on Cloud Academy or practical working experience with GCP infrastructure
- Basic proficiency with command-line tools and Linux operating system environments
Now let me show you how to access the audit logs for your GCP project. The service that provides this interface is called Google Cloud Operations suite. Operations suite includes a centralized logging interface where you can view the various types of logs from different services in GCP in a single place.
To get to the interface, you can use the navigation menu or search for “Logging”. Here you can see all the different logs. You can filter the logs using these dropdown menus here. You can filter by resource. You can filter by log name. Or you can filter by the severity of error. When you find the logs that you are interested in, you can click this icon to zoom in. You can scroll through the various entries and expand the different sections to read the details.
By default, it will only return entries made in the last hour, but you can change that as well. Just click down here on “Edit time”. And then you can set the time period for the records you are interested in. Here I am selecting records from the last 7 days. So you can see that you have lots of options for finding exactly the records you are interested in.
Now another way to view activity is available from the main console. So if I return to the main screen, and then click on the “Activity” tab here. You can get a simplified summary of the activity logs. You see the abbreviated versions of the same entries as in the log explorer, such as stopping and starting of VMs. You can also see entries for activities like creating and deleting service accounts, setting IAM policies, and so on.
There are filter options on this screen as well. You can filter by country. You can filter by activity type. So I can just show billing-related entries. And then I can also add configuration changes. And you can also filter on resource types, such as specific services like VMs.
So now you know how to find and read the logs. Google Cloud Operations suite makes it easy to search and find the events you are interested in to assist with both troubleshooting and auditing your system.
Daniel began his career as a Software Engineer, focusing mostly on web and mobile development. After twenty years of dealing with insufficient training and fragmented documentation, he decided to use his extensive experience to help the next generation of engineers.
Daniel has spent his most recent years designing and running technical classes for both Amazon and Microsoft. Today at Cloud Academy, he is working on building out an extensive Google Cloud training library.
When he isn’t working or tinkering in his home lab, Daniel enjoys BBQing, target shooting, and watching classic movies.