google-cloud-platformevent-arc

Eventarc Audit Log Scope Limited to Current Project


In GCP, I have a log sink which centralizes logs onto a GCP Project. I also have an EventArc trigger that listens for Cloud Resource Manager events, specifically the createProject method

EventArc Trigger

Are Eventarc triggers limited to only the current projects logs? Or can it access all logs from all logs bucket in a GCP Project

The logs show up in Cloud Logging (only when I set the scope to include all buckets and not limit it to the current project), however no Eventarc triggers are generated off of this.

Cloud Logging

Is this a limitation of Eventarc or am I missing something here?


Solution

  • Since the createProject method is among the very first logs that gets generated in a newly created project, EventArc triggers will NOT pick them up since the trigger would have to be created after the project has been created. Triggers might take a few minutes to become active before they can process logs.

    In my case, I was able to create a Logs Router at an organization / folder level to overcome this issue, the Logs Router would include all child elements and would capture specific logs from the Cloud Resource Manager.