Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

actually enable data access logs collection #249

Merged
merged 3 commits into from
Sep 29, 2020
Merged

actually enable data access logs collection #249

merged 3 commits into from
Sep 29, 2020

Conversation

umairidris
Copy link
Contributor

This is required for HIPAA alignment.

@umairidris umairidris requested review from bharathkkb, rjerrems and a team as code owners September 28, 2020 22:42
@daniel-cit
Copy link
Contributor

Thanks for catching this.

The example foundation can be deployed in the organization or in a folder, so two resource blocks with the same settings could be added, one for the organization deploy and one for the folder deploy:

resource "google_organization_iam_audit_config" "organization_config" {
  count   = var.data_access_logs_enabled && var.parent_folder == "" ? 1 : 0
  org_id  = var.org_id
  service = "allServices"
...

resource "google_folder_iam_audit_config" "folder_config" {
  count   = var.data_access_logs_enabled && var.parent_folder != "" ? 1 : 0
  folder  = "folders/${var.parent_folder}"
  service = "allServices"
...

@umairidris
Copy link
Contributor Author

Done, thanks!

@bharathkkb
Copy link
Member

bharathkkb commented Sep 28, 2020
edited
Loading

@daniel-cit Was there a reason why we removed this with #112?

@daniel-cit
Copy link
Contributor

@bharathkkb It was incorrectly removed in the large refactor in the logging part.

bharathkkb
bharathkkb approved these changes Sep 28, 2020
View reviewed changes
Copy link
Member

@bharathkkb bharathkkb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and I think this is one that Andy mentioned today @daniel-cit
/cc @rjerrems

@rjerrems rjerrems merged commit 6e887e0 into terraform-google-modules:master Sep 29, 2020
@umairidris umairidris deleted the data_access_logs branch September 29, 2020 02:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bharathkkb bharathkkb bharathkkb approved these changes

@rjerrems rjerrems Awaiting requested review from rjerrems rjerrems is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@umairidris @daniel-cit @bharathkkb @rjerrems