| bucket_force_destroy |
|
bool |
false |
|
| bucket_labels |
Set of labels which will be added to the audit log bucket |
map(string) |
false |
|
| bucket_region |
The region where the new bucket will be created, valid values for Multi-regions are (EU, US or ASIA) alternatively you can set a single region or Dual-regions follow the naming convention as outlined in the GCP bucket locations documentation https://cloud.google.com/storage/docs/locations#available-locations |
string |
US |
false |
| custom_filter |
Customer defined Audit Log filter which will supersede all other filter options when defined |
string |
false |
|
| enable_ubla |
Boolean for enabling Uniform Bucket Level Access on the audit log bucket. Default is true |
bool |
false |
|
| existing_bucket_name |
The name of an existing bucket you want to send the logs to |
string |
false |
|
| existing_sink_name |
The name of an existing sink to be re-used for this integration |
string |
false |
|
| folders_to_exclude |
List of root folders to exclude in an organization-level integration. Format is 'folders/1234567890' |
list(string) |
false |
|
| google_workspace_filter |
Filter out Google Workspace login logs from GCP Audit Log sinks. Default is false |
bool |
false |
|
| include_root_projects |
Enables logic to include root-level projects if excluding folders. Default is true |
bool |
false |
|
| k8s_filter |
Filter out GKE logs from GCP Audit Log sinks. Default is true |
bool |
false |
|
| labels |
Set of labels which will be added to the resources managed by the module |
map(string) |
false |
|
| lacework_integration_name |
|
string |
false |
|
| lifecycle_rule_age |
Number of days to keep audit logs in Lacework GCS bucket before deleting. Leave default to keep indefinitely |
number |
false |
|
| org_integration |
If set to true, configure an organization level integration |
bool |
false |
|
| organization_id |
The organization ID, required if org_integration is set to true |
string |
false |
|
| prefix |
The prefix that will be use at the beginning of every generated resource |
string |
false |
|
| project_id |
A project ID different from the default defined inside the provider |
string |
false |
|
| pubsub_subscription_labels |
Set of labels which will be added to the subscription |
map(string) |
false |
|
| pubsub_topic_labels |
Set of labels which will be added to the topic |
map(string) |
false |
|
| required_apis |
|
map(any) |
false |
|
| service_account_name |
The Service Account name (required when use_existing_service_account is set to true) |
string |
false |
|
| service_account_private_key |
The private key in JSON format, base64 encoded (required when use_existing_service_account is set to true) |
string |
false |
|
| use_existing_service_account |
Set this to true to use an existing Service Account |
bool |
false |
|
| wait_time |
Amount of time to wait before the next resource is provisioned. |
string |
false |
|
| writeConnectionSecretToRef |
The secret which the cloud resource connection will be written to |
writeConnectionSecretToRef |
false |
|