gcp-gcs-logs-off¶
Bucket should log access
It is recommended to enable access logging on your Cloud Storage bucket. This could help in case you need to perform forensics.
Examples¶
Insecure Example
resource "google_storage_bucket" "sensitive-data" {
name = "secrets.example.com"
location = "US"
}
Secure Example
resource "google_storage_bucket" "sensitive-data" {
name = "secrets.example.com"
location = "US"
logging {
log_bucket = "secret.example.com-access-logs"
log_object_prefix = "log/secrets-"
}
}