Required Sink / Bucket is global, need to regionalize it

[Freek van Polen]

Hi,

The Cloud Logging _Required bucket in our project is set to global, and uneditable. The _Required sink is also uneditable. This is problematic for us since we need to keep sensitive information strictly within the EU, and the Audit logs being produced by our project might contain such.

I was able to create a new bucket for the _Default sink that is set to europe-west-3, and route the sink there, but no such luck for the _Required sink / bucket. Is this possible at all? Is this something I should have set when creating the project? What can I do about it now?

Cheers & Thanks!
Freek

PS. I am organisation and project owner, so I have, or can give myself, any permission that might be needed, though I'm not sure that would be the solution?

[Mary Koes]

Hi Freek,

I'm a product manager with Cloud Logging. The _Required bucket is locked by design but here's some more context on it and why we store it globally. 

The  _Required bucket receives logs defined by the  _Required sink. If you inspect the log sink from the log router page, you’ll see it includes a filter to capture certain audit logs.

Specifically, this is the filter for Admin Activity audit logs, System Event audit logs, and Access Transparency logs, not your application log data nor Data Access audit logs. The _Required sink and _Required bucket are locked meaning they can’t be changed or deleted. The _Required bucket is also global so let’s take a minute to look at what each of these logs mean:

As you can see from the example, each of these logs contain critical information answering how Google Cloud APIs are used by your Google Cloud users or Google employees. This record is important to providing you a secure experience, which is why we store logs in the _Required bucket free of charge for 400 days and don’t allow the data to be modified.

If you have additional questions or feedback on this, I'd be happy to connect with you offline.

Best,

Mary

--
© 2020 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Stackdriver Discussion Google Group (google-stackdr...@googlegroups.com) to participate in discussions with other members of the GoogleStackdriver community.
---
You received this message because you are subscribed to the Google Groups "Google Stackdriver Discussion Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-stackdriver-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-stackdriver-discussion/3c8b9b94-2a9c-4de7-aad9-3f4e69430abfn%40googlegroups.com.