Skip to content

gcp-gcs-logs-off

Bucket should log access

It is recommended to enable access logging on your Cloud Storage bucket. This could help in case you need to perform forensics.

Examples

Insecure Example

resource "google_storage_bucket" "sensitive-data" {
  name          = "secrets.example.com"
  location      = "US"
}

Secure Example

resource "google_storage_bucket" "sensitive-data" {
  name          = "secrets.example.com"
  location      = "US"

  logging {
    log_bucket = "secret.example.com-access-logs"
    log_object_prefix =  "log/secrets-"
  }
}

More information