Skip to content

Latest commit

 

History

History
 
 

audit_config

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
metadata.yaml
metadata.yaml
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

Module audit_config

This optional module is used to configure audit log configs for a project.

Example Usage

module "audit_log_config" {
  source           = "terraform-google-modules/iam/google//modules/audit_config"

  project          = my-project
audit_log_config = [
    {
      service          = "pubsub.googleapis.com"
      log_type         = "DATA_READ"
      exempted_members = [
            "group:[email protected]",
            "serviceAccount:[email protected]",
            "user:[email protected]"
          ]
    },
    {
      service          = "storage.googleapis.com"
      log_type         = "DATA_WRITE"
      exempted_members = [
            "group:[email protected]",
            "serviceAccount:[email protected]",
            "user:[email protected]"
          ]
    },
    {
      service          = "pubsub.googleapis.com"
      log_type         = "DATA_WRITE"
      exempted_members = [
            "group:[email protected]",
            "serviceAccount:[email protected]",
            "user:[email protected]"
          ]
    }
  ]
}

Inputs

Name Description Type Default Required
audit_log_config List of objects to be added to audit log config list(object({ service : string, log_type : string, exempted_members : list(string) })) n/a yes
project Project to add the IAM policies/bindings string n/a yes

Outputs

Name Description
audit_log_config Map of log type and exempted members to be added to service