Alerting on IAM changes in GCP
Hari Chaudhary
Configuration change alert
IAM role change alerts
VPC network changes
Cloud Storage IAM permission changes
SQL instance configuration changes
VPC network route changes
VPC network firewall rule changes
Custom Role changes
Audit configuration changes
Disclaimer: This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the intended recipient(s). If you are not the intended recipient(s), please notify the sender by e-mail and delete the original message. Any misuse of this email is unlawful. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. L&T Financial Services, has taken every reasonable precaution to minimize risks of virus transmitting through email, however L&T Financial Services disclaims all responsibility and liability (including errors, loss and negligence) as a result of any virus in this e-mail. We recommend you to carry out your own virus checks and take any required precautions before opening the e-mail or attachment. Messages sent to or from this e-mail address may be stored on the L&T Financial Services e-mail system and L&T Financial Services reserves the right to monitor and review the content of all messages sent to or from this e-mail address.
Ruben (Google Cloud Support)
Hello Hari,
The path to move forward is indeed the use of log based metrics, you only need to find exactly the filter for what you are trying to achieve.
For example I have set up a metric with the filter [1] to detect when a change is made to the roles of an user in a project.
Please have a look at our documentation regarding creating charts and alerts [2] and creating counter metrics [3].
Have a nice day!
[1] protoPayload.serviceData.policyDelta.bindingDeltas.action=ADD
[2] - https://cloud.google.com/logging/docs/logs-based-metrics/charts-and-alerts
[3] - https://cloud.google.com/logging/docs/logs-based-metrics/counter-metrics#creating_a_counter_metric