Iam
Allows management of audit logging config for a given service for a Google Cloud Platform Organization.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.IamAuditConfig;
import com.pulumi.gcp.organizations.IamAuditConfigArgs;
import com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var config = new IamAuditConfig("config", IamAuditConfigArgs.builder()
.auditLogConfigs(IamAuditConfigAuditLogConfigArgs.builder()
.exemptedMembers("user:joebloggs@hashicorp.com")
.logType("DATA_READ")
.build())
.orgId("your-organization-id")
.service("allServices")
.build());
}
}Content copied to clipboard
Import
IAM audit config imports use the identifier of the resource in question and the service, e.g.
$ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig config "your-organization-id foo.googleapis.com"Content copied to clipboard
Properties
Link copied to clipboard
Service which will be enabled for audit logging. The special value allServices covers all services. Note that if there are google\_organization\_iam\_audit\_config resources covering both allServices and a specific service then the union of the two AuditConfigs is used for that service: the log_types specified in each audit_log_config are enabled, and the exempted_members in each audit_log_config are exempted.