kubevela
/
kubevela.github.io
mirror of https://github.com/kubevela/kubevela.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubevela.github.io/docs/end-user/components/cloud-services/terraform/gcp-audit-log.md

50 lines
3.7 KiB
Markdown
Raw Blame History

---
title: Gcp-Audit-Log
---
## Description
Terraform module for configuring an integration with Google Cloud Platform Organziations and Projects for Audit Logs analysis
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
bucket_force_destroy | | bool | false |
bucket_labels | Set of labels which will be added to the audit log bucket | map(string) | false |
bucket_region | The region where the new bucket will be created, valid values for Multi-regions are (EU, US or ASIA) alternatively you can set a single region or Dual-regions follow the naming convention as outlined in the GCP bucket locations documentation https://cloud.google.com/storage/docs/locations#available-locations|string|US|false| | string | false |
custom_filter | Customer defined Audit Log filter which will supersede all other filter options when defined | string | false |
enable_ubla | Boolean for enabling Uniform Bucket Level Access on the audit log bucket. Default is true | bool | false |
existing_bucket_name | The name of an existing bucket you want to send the logs to | string | false |
existing_sink_name | The name of an existing sink to be re-used for this integration | string | false |
folders_to_exclude | List of root folders to exclude in an organization-level integration. Format is 'folders/1234567890' | list(string) | false |
google_workspace_filter | Filter out Google Workspace login logs from GCP Audit Log sinks. Default is false | bool | false |
include_root_projects | Enables logic to include root-level projects if excluding folders. Default is true | bool | false |
k8s_filter | Filter out GKE logs from GCP Audit Log sinks. Default is true | bool | false |
labels | Set of labels which will be added to the resources managed by the module | map(string) | false |
lacework_integration_name | | string | false |
lifecycle_rule_age | Number of days to keep audit logs in Lacework GCS bucket before deleting. Leave default to keep indefinitely | number | false |
org_integration | If set to true, configure an organization level integration | bool | false |
organization_id | The organization ID, required if org_integration is set to true | string | false |
prefix | The prefix that will be use at the beginning of every generated resource | string | false |
project_id | A project ID different from the default defined inside the provider | string | false |
pubsub_subscription_labels | Set of labels which will be added to the subscription | map(string) | false |
pubsub_topic_labels | Set of labels which will be added to the topic | map(string) | false |
required_apis | | map(any) | false |
service_account_name | The Service Account name (required when use_existing_service_account is set to true) | string | false |
service_account_private_key | The private key in JSON format, base64 encoded (required when use_existing_service_account is set to true) | string | false |
use_existing_service_account | Set this to true to use an existing Service Account | bool | false |
wait_time | Amount of time to wait before the next resource is provisioned. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |
Reference in New Issue View Git Blame Copy Permalink