Skip to main content
Version: v1.4

Gcp-Audit-Log

Description

Terraform module for configuring an integration with Google Cloud Platform Organziations and Projects for Audit Logs analysis

Specification

Properties

NameDescriptionTypeRequiredDefault
bucket_force_destroyboolfalse
bucket_labelsSet of labels which will be added to the audit log bucketmap(string)false
bucket_regionThe region where the new bucket will be created, valid values for Multi-regions are (EU, US or ASIA) alternatively you can set a single region or Dual-regions follow the naming convention as outlined in the GCP bucket locations documentation https://cloud.google.com/storage/docs/locations#available-locationsstringUSfalse
custom_filterCustomer defined Audit Log filter which will supersede all other filter options when definedstringfalse
enable_ublaBoolean for enabling Uniform Bucket Level Access on the audit log bucket. Default is trueboolfalse
existing_bucket_nameThe name of an existing bucket you want to send the logs tostringfalse
existing_sink_nameThe name of an existing sink to be re-used for this integrationstringfalse
folders_to_excludeList of root folders to exclude in an organization-level integration. Format is 'folders/1234567890'list(string)false
google_workspace_filterFilter out Google Workspace login logs from GCP Audit Log sinks. Default is falseboolfalse
include_root_projectsEnables logic to include root-level projects if excluding folders. Default is trueboolfalse
k8s_filterFilter out GKE logs from GCP Audit Log sinks. Default is trueboolfalse
labelsSet of labels which will be added to the resources managed by the modulemap(string)false
lacework_integration_namestringfalse
lifecycle_rule_ageNumber of days to keep audit logs in Lacework GCS bucket before deleting. Leave default to keep indefinitelynumberfalse
org_integrationIf set to true, configure an organization level integrationboolfalse
organization_idThe organization ID, required if org_integration is set to truestringfalse
prefixThe prefix that will be use at the beginning of every generated resourcestringfalse
project_idA project ID different from the default defined inside the providerstringfalse
pubsub_subscription_labelsSet of labels which will be added to the subscriptionmap(string)false
pubsub_topic_labelsSet of labels which will be added to the topicmap(string)false
required_apismap(any)false
service_account_nameThe Service Account name (required when use_existing_service_account is set to true)stringfalse
service_account_private_keyThe private key in JSON format, base64 encoded (required when use_existing_service_account is set to true)stringfalse
use_existing_service_accountSet this to true to use an existing Service Accountboolfalse
wait_timeAmount of time to wait before the next resource is provisioned.stringfalse
writeConnectionSecretToRefThe secret which the cloud resource connection will be written towriteConnectionSecretToReffalse

writeConnectionSecretToRef

NameDescriptionTypeRequiredDefault
nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse