Cloud TPU audit logs

This page provides supplemental information for using Cloud Audit Logs with Cloud TPU.

Cloud Audit Logs help you determine who did what, where, and when. Specifically, audit logs track how your Cloud TPU resources are modified and accessed within your Google Cloud projects.

Logged information

Cloud Audit Logs return two types of logs:

  • Admin Activity log: Contains log entries for Cloud TPU API calls that modify the state or metadata of Cloud TPU resources in the system. Examples include: the creation and deletion of TPU Nodes or cancellation and deletion of TPU operations.
  • Data Access log: Contains log entries for operations that perform read-only actions in the Cloud TPU API. Examples include get and list APIs.

Log settings

Admin Activity logs are recorded by default. These logs do not count toward your log ingestion quota.

Data Access logs are not recorded by default. These logs count toward your log ingestion quota. You can enable and configure aspects for data access-types through the Google Cloud console or programmatically using the API or gcloud CLI.

Log access

The following users can view Admin Activity logs:

The following users can view Data Access logs:

  • Project owners.
  • Users with the Private Logs Viewer IAM role.
  • Users with the logging.privateLogEntries.list IAM permission.

Project owners can grant, change, and revoke access to other principals.

Viewing logs

You can view a summary of the audit logs for your project from the Google Cloud console ACTIVITY menu. A more detailed version of the logs can be found in the Logs Explorer.

You can also filter logs in the Logs Explorer.