Can you configure what resources to monitor or does Stackdriver Logging automatically display all resources in use?

Question

I'm interested in viewing logs in Stackdriver Logging using the filter: role_name:roles/owner

However, I can see that the IAM Role resource is not in the list of monitored resources. (This list refers to the first drop down box in Stackdriver Logging>Logs)

I understand from this documentation that there are many monitored resources.

I would like to know if these resources can be configured to be monitored (i.e. logged) or if Stackdriver logging automatically displays a list of resources in use by the project.

In the latter case, I would conclude that the resource IAM Role has not been configured to be monitored.

Answer 1

The resource type IAM role specifically relates to custom roles 1 created in your project. It doesn't apply to any default roles as those can never be edited by users. The audit logs for this resource type should track all changes made to those custom roles. But this resource type cannot be used to see when a specific user with a specific role (such as, roles/owner) performed any actions elsewhere on the Cloud Platform.

Answer 2

Any monitored resource for which there is an associated log entry will be presented in the menu.

Keep in mind that you can always switch to the advanced filter mode in the viewer and provide the filter (assuming you're looking for "iam_role" resources) as

resource.type = "iam_role"

---

It's not clear what question you're trying to answer by filtering on role_name. If you're looking for policy changes related to the role, they are recorded against the "project" resource type. You could look for

protoPayload.@type="type.googleapis.com/google.cloud.audit.AuditLog"
protoPayload.request.policy.bindings.role="roles/viewer"

You can also query for actions taken by a particular user, like

protoPayload.@type="type.googleapis.com/google.cloud.audit.AuditLog"
protoPayload.authenticationInfo.principalEmail="user@example.com"

---

FWIW, It is possible to exclude logs, which might cause the resource not to be presented if all of the associated logs are excluded, but this isn't allowed for the default-enabled audit logs.