Cloud TPU Audit Logs

This page provides supplemental information for using cloud audit logging with Cloud TPU.

Audit logs help you determine who did what, where, and when. Specifically, audit logs track how your Cloud TPU resources are modified and accessed within your Google Cloud Platform projects.

Logged information

Cloud Audit Logging returns two types of logs:

  • Admin Activity log: Contains log entries for Cloud TPU API calls that modify the state or metadata of Cloud TPU resources in the system, such as creation and deletion of TPU Nodes or cancellation and deletion of TPU operations.
  • Data Access log: Contains log entries for operations that perform read-only actions in the Cloud TPU API, specifically get and list APIs.

Log settings

Admin Activity logs are recorded by default. These logs do not count towards your log ingestion quota.

Data Access logs are not recorded by default. These logs count towards your log ingestion quota. You can enable and configure aspects for data access-types through the Google Cloud Platform Console or programmatically using the API or Cloud SDK.

Log access

The following users can view Admin Activity logs:

The following users can view Data Access logs:

  • Project owners.
  • Users with the Private Logs Viewer IAM role.
  • Users with the logging.privateLogEntries.list IAM permission.

Project owners can grant, change, and revoke access to project members.

Viewing logs

You can view a summary of the audit logs for your project from the Google Cloud Platform Console ACTIVITY menu. A more detailed version of the logs can be found in the Logs Viewer.

You can also filter logs in the Logs Viewer.

Cloud TPU audit-logs are logged to the generic Audited Resource.

Was this page helpful? Let us know how we did:

Send feedback about...