From a3290f2204342647f99d6d443d93fdfc438c2ce2 Mon Sep 17 00:00:00 2001 From: Simone Ruffilli Date: Tue, 24 Oct 2023 22:09:00 +0200 Subject: [PATCH] FAST: Add access transparency logs to the default sinks (#1810) * Adds access transparency logs to the default sinks --- fast/stages/0-bootstrap/README.md | 2 +- fast/stages/0-bootstrap/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fast/stages/0-bootstrap/README.md b/fast/stages/0-bootstrap/README.md index c2391013c8..1a9f1bbbd8 100644 --- a/fast/stages/0-bootstrap/README.md +++ b/fast/stages/0-bootstrap/README.md @@ -595,7 +595,7 @@ The remaining configuration is manual, as it regards the repositories themselves | [iam](variables.tf#L167) | Organization-level custom IAM settings in role => [principal] format. | map(list(string)) | | {} | | | [iam_bindings_additive](variables.tf#L174) | Organization-level custom additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | | | [locations](variables.tf#L189) | Optional locations for GCS, BigQuery, and logging buckets created here. | object({…}) | | {} | | -| [log_sinks](variables.tf#L203) | Org-level log sinks, in name => {type, filter} format. | map(object({…})) | | {…} | | +| [log_sinks](variables.tf#L203) | Org-level log sinks, in name => {type, filter} format. | map(object({…})) | | {…} | | | [org_policies_config](variables.tf#L232) | Organization policies customization. | object({…}) | | {} | | | [outputs_location](variables.tf#L257) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | string | | null | | | [project_parent_ids](variables.tf#L272) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent. | object({…}) | | {…} | | diff --git a/fast/stages/0-bootstrap/variables.tf b/fast/stages/0-bootstrap/variables.tf index 75a43c6012..af171b3417 100644 --- a/fast/stages/0-bootstrap/variables.tf +++ b/fast/stages/0-bootstrap/variables.tf @@ -208,7 +208,7 @@ variable "log_sinks" { })) default = { audit-logs = { - filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" + filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\" OR protoPayload.metadata.@type=\"type.googleapis.com/google.cloud.audit.TransparencyLog\"" type = "logging" } vpc-sc = {