Access to Exported Logs

Contents

Course Introduction
1
Introduction
PREVIEW2m 23s
Cloud Monitoring Access Control
2
An Overview of Monitoring IAM
PREVIEW3m 30s
3
Permissions and Roles
PREVIEW3m 40s
4
VPC Service Controls
1m 15s
Course Conclusion
9
Conclusion
2m 10s

The course is part of these learning paths

Operations with GCP - Level 2
2
Developing for Google Kubernetes Engine
25
10
14
Architecting with Google Kubernetes Engine
22
8
13
Google Professional Cloud DevOps Engineer Exam Preparation
16
1
8
1
Google Professional Cloud Security Engineer Exam Preparation
16
2
9
1
more_horizSee 2 more
Start course
Overview
Difficulty
Intermediate
Duration
19m
Students
442
Ratings
4.5/5
starstarstarstarstar-half
Description

This course looks at logging and monitoring access control on Google Cloud Platform. We start by looking at monitoring IAM, and you'll also learn about the IAM permissions and roles that apply specifically to monitoring. A demonstration from the GCP cloud console will show you how to grant monitoring permissions through role assignments.

Then we'll move on to monitoring access control via VPC Service Controls as well as covering cloud logging access control. We’ll start with an overview, before taking a closer look at specific IAM roles and permissions that are used to grant access to Cloud Logging. Finally, we'll look at Logs Explorer permissions and show which permissions you need to export logs.

Learning Objectives

  • Get a solid understanding of monitoring and logging access control on GCP
  • Learn about the IAM permissions and roles for monitoring
  • Learn how to monitor access control using VPC Service Controls
  • Understand the roles and permissions used to grant access to cloud logging
  • Learn Logs Explorer permissions for exporting logs

Intended Audience

This course is intended for anyone who wants to learn how to configure logging and monitoring access control on the GCP platform.

Prerequisites

To get the most out of this course, you should have some experience of using GCP, as well as knowledge of IAM principles.

Transcript

While working with Cloud Logging in GCP, you’ll invariably find yourself in a spot where you need to export logs or get access to a set of exported logs. Before you can export any logs from Cloud Logging, you need to first create a sink. To do that, you need to have at least Logging Config Writer permissions. The Logging Admin and Logging Owner roles will also do.

After you’ve created a sink and it has begun exporting logs, it will have full access to ALL incoming log entries, including private log entries, Data Access audit logs, and Access Transparency logs.

The log entries that are exported, and access to the exported copies of the logs are controlled exclusively through IAM permissions and roles on the destinations where the logs are exported to. This includes Cloud Storage, Pub/Sub, and BigQuery.

To read more about exporting logs, visit the URL that you see on your screen.

 

About the Author
Avatar
Thomas Mitchell
Instructor
Students
84185
Courses
82
Learning Paths
62

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.

Covered Topics

Identity and Access ManagementComplianceNetworkingManagementSecurityMonitoringGoogle Cloud PlatformNetworking for GoogleSecurity for GoogleMonitoring for GoogleManagement for GoogleGoogle Virtual Private Cloud (VPC)Google Cloud Logging