GKE Identity Service (AIS)

Workload location

Root and organization workloads

Audit log source

GKE Identity Service

Audited operations

Create STS token

Create STS token

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity identity

For example,

"identity":"fop-shengjiang"

Target

(Fields and values that call the API)

resource "resource":"AIS STS token"

Action

(Fields containing the performed operation)

action "action":"Create"
Event timestamp time

For example,

"time":"2022-11-22T18:31:37.084205362+00:00"

Source of action userAgent

For example,

"userAgent":"Go-http-client/2.0"

Outcome response

For example,

"response":"Success"

Other fields Not applicable Not applicable

Example log

{
  "action":"Create",
  "auditID":"vwWq8fQ-o9RTopgcZtAC_psm1aYyMKxkv47GOkdU",
  "description":"An AIS STS token is minted for fop-shengjiang (from fake-oidc-provider) and will be valid for 11h59m49.438314611s",
  "resource":"AIS STS token",
  "response":"Success",
  "time":"2022-11-22T18:31:37.084205362+00:00",
  "user":{
    "groups":[
      "group-claim-1",
      "group-claim-2"
      ],
    "identity":"fop-shengjiang",
    "issuer":"fake-oidc-provider"
    },
  "userAgent":"Go-http-client/2.0"
}