Create a Google Cloud Storage Bucket Log Stream

Prerequisites

Before creating a new Google Cloud Storage (GCS) Bucket Log Stream, make sure you have set up and configured:

• Google Cloud Storage Bucket

• IAM Service Account

• Workload Identity Federation

Create a new Google Cloud Storage Bucket Log Stream

To create a new Log Stream for a Google Cloud Storage (GCS) Bucket, follow these steps:

1. Log into your Aembit Tenant.

2. Click Administration in the left sidebar.

3. At the top, select Administration ☰ Log Streams.

   Aembit displays the Log Streams page with a list of existing Log Streams.

   

4. Click + New, which displays the Log Streams pop out menu.

   

5. Fill out the following fields:

   • Name - The name of the new Log Stream you want to create.
   • Description - A text description for the new Log Stream.
   • Event Type - Select the type of event you want to stream to your GCS Bucket. Choose from: Access Authorization Events, Audit Logs, and Workload Events

6. Select GCS Bucket using Workload Identity Federation as the Destination Type.

7. Fill out the revealed fields:

8. Add your information for the Google Cloud Storage Bucket in the following fields:

   • Bucket Name - Name of the bucket.

   • Audience - The value from the Provider Details in your GCS Bucket Console.

     Aembit matches any audience value you specific for the provider, and can be either the default audience or a custom value.

   • Service Account Email - The email address of the Service Account (set at the time of Service Account creation).

   • Token Lifetime - The amount of time that the token will remain active.

9. Click Save.

   Aembit displays the Log Stream on the Log Streams page.