Description
GCP Access Transparency provides audit logs for all actions that Google personnel take in your Google Cloud resources.
Rationaleโ
Controlling access to your information is one of the foundations of information security. Since Google employees can access your organization's projects for support reasons, you should have logging in place to view who accessed your information, when, and why.
Impactโ
To use Access Transparency, your organization must have one of the following support levels: Premium, Enterprise, Platinum, or Gold. There will be subscription costs associated with support, as well as increased storage costs for storing the logs. You cannot turn Access Transparency off yourself, and you will need to submit a service request to Google Cloud Support.
Auditโ
From Google Cloud Consoleโ
Determine if Access Transparency is Enabledโ
- From the Google Cloud Home, open the Navigation menu in the top left. Hover over the IAM & Admin menu. Select
settingsin the middle of the column that opens. - The status will be under the heading
Access Transparency. Status should beEnabled.
Default Valueโ
By default, Access Transparency is not enabled.
Referencesโ
- https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/overview
- https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/enable
- https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/reading-logs
- https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/reading-logs#justification_reason_codes
- https://cloud.google.com/cloud-provider-access-management/access-transparency/docs/supported-services
Additional Informationโ
To enable Access Transparency for your Google Cloud organization, your organization must have one of the following customer support levels: Premium, Enterprise, Platinum, or Gold.