You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Audit logs provide a complete record of who did what, when, and where on GCP. They are essential for security monitoring, incident investigation, and compliance. Access Transparency goes further by showing you when Google employees access your data.
GCP produces four types of audit logs:
| Log Type | Content | Enabled By Default? | Cost |
|---|---|---|---|
| Admin Activity | Resource configuration changes (create, update, delete) | Yes | Free |
| Data Access | Reads of resource data and metadata | No (must enable) | Charged |
| System Event | Google-initiated system actions (live migration, maintenance) | Yes | Free |
| Policy Denied | Requests denied by VPC Service Controls or organisation policies | Yes | Free |
Admin Activity logs record all write operations — creating, modifying, and deleting resources:
{
"logName": "projects/my-project/logs/cloudaudit.googleapis.com%2Factivity",
"resource": {
"type": "gce_instance",
"labels": {
"instance_id": "1234567890",
"zone": "europe-west2-a"
}
},
"protoPayload": {
"methodName": "v1.compute.instances.delete",
"authenticationInfo": {
"principalEmail": "alice@example.com"
},
"requestMetadata": {
"callerIp": "203.0.113.45"
}
},
"timestamp": "2024-03-15T14:30:00Z"
}
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.