Google Cloud (Stackdriver) Logging Folder Sink

google_logging_folder_sink (Terraform)

The Folder Sink in Cloud (Stackdriver) Logging can be configured in Terraform with the resource name google_logging_folder_sink. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

SnidermanIndustries/checkov-fork

resource "google_logging_folder_sink" "folder_sink_good_1" {
  name   = "my-sink"
  description = "some explaination on what this is"
  folder = "folder-name"
  destination = google_storage_bucket.log_bucket_good.name
  filter = "resource.type = gce_instance AND severity >= WARNING"

melscoop-test/check

resource "google_logging_folder_sink" "folder_sink_good_1" {
  name   = "my-sink"
  description = "some explaination on what this is"
  folder = "folder-name"
  destination = google_storage_bucket.log_bucket_good.name
  filter = "resource.type = gce_instance AND severity >= WARNING"

gilyas/infracost

resource "google_logging_folder_sink" "basic" {
  name        = "my-sink"
  description = "what it is"
  folder      = "fake"

  destination = "storage.googleapis.com/fake"

infracost/infracost

resource "google_logging_folder_sink" "basic" {
  name        = "my-sink"
  description = "what it is"
  folder      = "fake"

  destination = "storage.googleapis.com/fake"

Parameters

• description optional - string

A description of this sink. The maximum length of the description is 8000 characters.

• destination required - string

The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: "storage.googleapis.com/[GCS_BUCKET]" "bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]" "pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]" The writer associated with the sink must have access to write to the above resource.

• disabled optional - bool

If set to True, then this sink is disabled and it does not export any log entries.

• filter optional - string

The filter to apply when exporting logs. Only log entries that match the filter are exported.

• folder required - string

The folder to be exported to the sink. Note that either [FOLDER_ID] or "folders/[FOLDER_ID]" is accepted.

• id optional computed - string
• include_children optional - bool

Whether or not to include children folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder are included.

• name required - string

The name of the logging sink.

• writer_identity optional computed - string

The identity associated with this sink. This identity must be granted write access to the configured destination.

• bigquery_options list block
  • use_partitioned_tables required - bool

  Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.

• exclusions list block
  • description optional - string

  A description of this exclusion.

  • disabled optional - bool

  If set to True, then this exclusion is disabled and it does not exclude any log entries

  • filter required - string

  An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries

  • name required - string

  A client-assigned identifier, such as "load-balancer-exclusion". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.

Explanation in Terraform Registry

Manages a folder-level logging sink. For more information see:

• API documentation
• How-to Guides
  • Exporting Logs