1. Home
  2. Training Library
  3. Google Cloud Platform
  4. Courses
  5. Logging and Monitoring Access Control on GCP

Logs Explorer and Command Line Permissions

Contents

keyboard_tab
Course Introduction
1
Introduction
PREVIEW2m 23s
Cloud Monitoring Access Control
3
Course Conclusion
9

The course is part of this learning path

Start course
Overview
Difficulty
Intermediate
Duration
19m
Students
105
Ratings
5/5
starstarstarstarstar
Description

This course looks at logging and monitoring access control on Google Cloud Platform. We start by looking at monitoring IAM, and you'll also learn about the IAM permissions and roles that apply specifically to monitoring. A demonstration from the GCP cloud console will show you how to grant monitoring permissions through role assignments.

Then we'll move on to monitoring access control via VPC Service Controls as well as covering cloud logging access control. We’ll start with an overview, before taking a closer look at specific IAM roles and permissions that are used to grant access to Cloud Logging. Finally, we'll look at Logs Explorer permissions and show which permissions you need to export logs.

Learning Objectives

  • Get a solid understanding of monitoring and logging access control on GCP
  • Learn about the IAM permissions and roles for monitoring
  • Learn how to monitor access control using VPC Service Controls
  • Understand the roles and permissions used to grant access to cloud logging
  • Learn Logs Explorer permissions for exporting logs

Intended Audience

This course is intended for anyone who wants to learn how to configure logging and monitoring access control on the GCP platform.

Prerequisites

To get the most out of this course, you should have some experience of using GCP, as well as knowledge of IAM principles.

Transcript

The newer interface for analyzing logs data on Google Cloud Platform is called the Logs Explorer. Allows you to retrieve, view, and analyze logs from your queries. To use Logs Explorer, you need to have certain permissions.

The table that you see on your screen highlights these permissions.

The column on the left shows a specific activity that you might wish to perform, using Logs Explorer. The right-hand column highlights the necessary permissions to perform the associated activity.

As far as the command-line goes, gcloud logging commands are controlled entirely with IAM permissions. You must have the serviceusageservices.use permission to use any of the gcloud logging commands. I should also mention that, on top of having the necessary IAM role, you also need to have the IAM role that corresponds to the location of whatever log you are working with:

Join me in the next lesson, where we will wrap things up by taking a quick look at access to exported logs.

About the Author
Avatar
Thomas Mitchell
Instructor
Students
39356
Courses
50
Learning Paths
16

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.