GKE Identity Service (AIS)

Workload location	Root and organization workloads
Audit log source	GKE Identity Service
Audited operations	Create STS token

Create STS token

Fields in the log entry that contain audit information
Audit metadata	Audit field name	Value
User or service identity	`identity`	For example, `"identity":"fop-shengjiang"`
Target (Fields and values that call the API)	`resource`	`"resource":"AIS STS token"`
Action (Fields containing the performed operation)	`action`	`"action":"Create"`
Event timestamp	`time`	For example, `"time":"2022-11-22T18:31:37.084205362+00:00"`
Source of action	`userAgent`	For example, `"userAgent":"Go-http-client/2.0"`
Outcome	`response`	For example, `"response":"Success"`
Other fields	Not applicable	Not applicable

Example log

{
  "action":"Create",
  "auditID":"vwWq8fQ-o9RTopgcZtAC_psm1aYyMKxkv47GOkdU",
  "description":"An AIS STS token is minted for fop-shengjiang (from fake-oidc-provider) and will be valid for 11h59m49.438314611s",
  "resource":"AIS STS token",
  "response":"Success",
  "time":"2022-11-22T18:31:37.084205362+00:00",
  "user":{
    "groups":[
      "group-claim-1",
      "group-claim-2"
      ],
    "identity":"fop-shengjiang",
    "issuer":"fake-oidc-provider"
    },
  "userAgent":"Go-http-client/2.0"
}