Auditing Google Professional Data Engineer GCP

  1. Home
  2. Auditing Google Professional Data Engineer GCP
  • Audit ensures systems are working as designed
  • Auditing involves
    • gathering data
    • identify discrepancy
    • act on issues raised
  • perform regular audits
  • May be needed for regulatory compliance
  • GCP offers audit logs
  • Important to audit who has the ability to change Cloud IAM policies
  • Analyzing logs and answer “Who did what, where, and when?”
  • For data, use Cloud Logging in two immutable log streams: Admin Activity and Data Access audit logs.
  • For metadata, use Data Catalog
  • Admin Activity logs has administrative actions details, changes done in configuration or metadata of resources.
  • Data Access logs record user-authenticated API calls that create, modify, or read user-provided data.
  • Create Cloud Monitoring alerts to trigger as per specific conditions.
  • Audit logs may have sensitive information, so restrict access to the logs by using IAM roles.
  • Cloud Logging keeps audit logs for log retention period only.
  • Exporting logs to a BigQuery dataset