Your security team must track which users read or modify objects in Cloud Storage for compliance. Admin Activity audit logs are already collected, but Data Access audit logs are still missing. What is the most appropriate way to start collecting both DATA_READ and DATA_WRITE logs for the Cloud Storage service at the project level while minimizing operational overhead?
Update the project IAM policy to include an auditConfig for service "storage.googleapis.com" with log types DATA_READ and DATA_WRITE.
Enable the Cloud Audit Logs API and grant all users the Cloud Audit Logs Viewer role.
Enable uniform bucket-level access on the bucket and turn on Object Viewer logging in the bucket's permissions tab.
Create a log sink to route existing _Default bucket entries to BigQuery for long-term storage.
Data Access audit logs are disabled by default. To enable them, you add an auditConfig block to the project's IAM policy (or use the IAM-&-Admin > Audit Logs page) that specifies the service name and the log types. Setting the auditConfig for the service storage.googleapis.com with logType values DATA_READ and DATA_WRITE instructs Cloud Logging to record who reads or writes Cloud Storage objects. The other options do not activate Data Access logging: merely enabling an API, creating a sink, or changing bucket-level settings will not turn on these audit logs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an auditConfig in GCP IAM policy?
Open an interactive chat with Bash
What is the difference between Admin Activity audit logs and Data Access audit logs?
Open an interactive chat with Bash
Does enabling Cloud Audit Logs API automatically enable Data Access logs?
Open an interactive chat with Bash
What are Admin Activity audit logs and Data Access audit logs in GCP?
Open an interactive chat with Bash
What is an auditConfig block in GCP IAM policies?
Open an interactive chat with Bash
How do you minimize operational overhead when enabling Data Access audit logs in GCP?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Ensuring successful operation of a cloud solution
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .