Google Cloud (Stackdriver) Logging Organization Sink

This page shows how to write Terraform for Cloud (Stackdriver) Logging Organization Sink and write them securely.

code-icon

Fix issues in your cloud & app configurations

Test for misconfigurations of this resource in your cloud.

get-started-button

Terraform Example (google_logging_organization_sink)

Manages a organization-level logging sink. For more information see:

Parameters

  • description optional - string
    • A description of this sink. The maximum length of the description is 8000 characters.

  • destination required - string
    • The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: "storage.googleapis.com/[GCS_BUCKET]" "bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]" "pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]" The writer associated with the sink must have access to write to the above resource.

  • disabled optional - bool
    • If set to True, then this sink is disabled and it does not export any log entries.

  • filter optional - string
    • The filter to apply when exporting logs. Only log entries that match the filter are exported.

  • id optionalcomputed - string
  • include_children optional - bool
    • Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included.

  • name required - string
    • The name of the logging sink.

  • org_id required - string
    • The numeric ID of the organization to be exported to the sink.

  • writer_identity requiredcomputed - string
    • The identity associated with this sink. This identity must be granted write access to the configured destination.

Example Usage (from GitHub)

github-iconmelscoop-test/check
resource "google_logging_organization_sink" "org_sink_good_1" {
  name   = "my-sink"
  description = "some explaination on what this is"
  org_id = "123456789"
  destination = google_storage_bucket.log_bucket_good.name
  filter = "resource.type = gce_instance AND severity >= WARNING"
github-iconSnidermanIndustries/checkov-fork
resource "google_logging_organization_sink" "org_sink_good_1" {
  name   = "my-sink"
  description = "some explaination on what this is"
  org_id = "123456789"
  destination = google_storage_bucket.log_bucket_good.name
  filter = "resource.type = gce_instance AND severity >= WARNING"
github-icongilyas/infracost
resource "google_logging_organization_sink" "basic" {
  name        = "basic"
  description = "what it is"
  org_id      = "fake"

  destination = "storage.googleapis.com/fake"
github-iconinfracost/infracost
resource "google_logging_organization_sink" "basic" {
  name        = "basic"
  description = "what it is"
  org_id      = "fake"

  destination = "storage.googleapis.com/fake"
github-iconbridgecrewio/checkov
resource "google_logging_organization_sink" "org_sink_good_1" {
  name   = "my-sink"
  description = "some explaination on what this is"
  org_id = "123456789"
  destination = google_storage_bucket.log_bucket_good.name
  filter = "resource.type = gce_instance AND severity >= WARNING"

Frequently asked questions

What is Google Cloud (Stackdriver) Logging Organization Sink?

Google Cloud (Stackdriver) Logging Organization Sink is a resource for Cloud (Stackdriver) Logging of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Cloud (Stackdriver) Logging Organization Sink?

For Terraform, the melscoop-test/check, SnidermanIndustries/checkov-fork and gilyas/infracost source code examples are useful. See the Terraform Example section for further details.