I need to know who modified(added or deleted) the roles for some specific IAM user in GCP. I could not get these details in GCP logging even after adding data write in audit logging for IAM permissions.
Are we missing something here?
Asked
Active
Viewed 2,057 times
3
saurabh umathe
- 315
- 2
- 17
-
@saurabh_umathe was my answer useful? – Gabriel Robledo Ahumada May 10 '22 at 16:02
-
Thanks @GabrielRobledoAhumada, Though this command returning all the IAM details, I could tweak it to get the data I want.Thanks again. – saurabh umathe May 14 '22 at 07:59
1 Answers
3
You need to query either your Cloud project, folder, billing account, or organization for audit logs.
Here you have an example of a query to a Cloud project and filtering just the logs where a particular user is involved:
gcloud logging read "logName : projects/$YOUR_PROJECT_ID/logs/cloudaudit.googleapis.com AND \
protoPayload.response.bindings.members:user@domain.com" --project=$YOUR_PROJECT_ID
Take a look at the official documentation for more information.
Gabriel Robledo Ahumada
- 1,542
- 2
- 14