Description
GCP Access Transparency provides audit logs for all actions that Google personnel take in your Google Cloud resources.
Rationaleβ
Controlling access to your information is one of the foundations of information security. Given that Google Employees do have access to your organizations' projects for support reasons, you should have logging in place to view who, when, and why your information is being accessed.
Impactβ
To use Access Transparency your organization will need to have at one of the following support level: Premium, Enterprise, Platinum, or Gold. There will be subscription costs associated with support, as well as increased storage costs for storing the logs. You will also not be able to turn Access Transparency off yourself, and you will need to submit a service request to Google Cloud Support.
Auditβ
From Google Cloud Consoleβ
Determine if Access Transparency is Enabledβ
- From the Google Cloud Home, click on the Navigation hamburger menu in the top left. Hover over the IAM & Admin Menu. Select
settingsin the middle of the column that opens. - The status will be under the heading
Access Transparency. Status should beEnabled
Default Valueβ
By default Access Transparency is not enabled.
Referencesβ
- https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/overview
- https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/enable
- https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/reading-logs
- https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/reading-logs#justification_reason_codes
- https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/supported-services
Additional Informationβ
To enable Access Transparency for your Google Cloud organization, your Google Cloud organization must have one of the following customer support levels: Premium, Enterprise, Platinum, or Gold.