Cloud storage bucket should have logging enabled

ID

gcp_cloud_storage_bucket_logging_not_enabled

Severity

low

Vendor

GCP

Resource

Logging

Tags

non-reachable

Description

Google Cloud SQL instances should have a backup configured because backups can help you restore your data in case of accidental deletion, corruption, or disaster.

To fix it, you must configure the logging property for the bucket.

Learn more about this topic at About Cloud SQL backups.

Examples

---
- name: create a bucket
  google.cloud.gcp_storage_bucket:
    name: ansible-storage-module
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present

Mitigation / Fix

---
- name: create a bucket
  google.cloud.gcp_storage_bucket:
    name: ansible-storage-module
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present
    logging:
      log_bucket: a_bucket_for_logs
      log_object_prefix: log