This document describes audit logging for Connect. Google Cloud services write audit logs that record administrative activities and accesses within your Google Cloud resources. For more information, see Cloud Audit Logs overview.
This page was last generated on 2024-05-23 18:35:17 UTC.
Service name
Connect audit logs use the service name gkeconnect.googleapis.com
.
Methods by permission type
Connect audit logs are enabled by turning on audit logging for gkehub.googleapis.com
.
Methods that check DATA_READ
, DATA_WRITE
, and ADMIN_READ
permission types are Data Access audit logs.
Methods that check ADMIN_WRITE
permission types are Admin Activity audit logs.
Permission type | Methods |
---|---|
DATA_READ | google.cloud.gkeconnect.v1.EgressService.Egress google.cloud.gkeconnect.v1beta1.EgressService.Egress |
Audit logs per API interface
For information about which permissions are evaluated and how for each method, see the Identity and Access Management documentation for Connect.
google.cloud.gkeconnect.v1.EgressService
Details about audit logs associated with methods belonging to google.cloud.gkeconnect.v1.EgressService
.
google.cloud.gkeconnect.v1.EgressService.Egress
- Method: google.cloud.gkeconnect.v1.EgressService.Egress
- Audit log Type: Data Access
- Permissions:
gkehub.endpoints.connect - DATA_READ
- Method is a Long Running Operation or Streaming:
Streaming RPC
- Filter for this method:
protoPayload.methodName="google.cloud.gkeconnect.v1.EgressService.Egress"
google.cloud.gkeconnect.v1beta1.EgressService
Details about audit logs associated with methods belonging to google.cloud.gkeconnect.v1beta1.EgressService
.
google.cloud.gkeconnect.v1beta1.EgressService.Egress
- Method: google.cloud.gkeconnect.v1beta1.EgressService.Egress
- Audit log Type: Data Access
- Permissions:
gkehub.endpoints.connect - DATA_READ
- Method is a Long Running Operation or Streaming:
Streaming RPC
- Filter for this method:
protoPayload.methodName="google.cloud.gkeconnect.v1beta1.EgressService.Egress"
Kubernetes audit logging
In addition to Cloud Audit Logs, Kubernetes audit logging provides a way for administrators to retain, query, process, and alert on events that occur in registered clusters. Administrators can use the logged information to do forensic analysis and real-time alerting, or for cataloging how a fleet of clusters are being used and by whom.
The Connect Agent talks to the local API server running in the registered cluster, and each cluster will have its own set of Kubernetes audit logs. All actions that users perform from the UI through Connect are logged by that cluster.