๋กœ๊ทธ ๋ณด๊ธฐ

์ถ”์ฒœ์ž ๋กœ๊ทธ๋Š” ๊ถŒ์žฅ์‚ฌํ•ญ ๋ฐ ํ†ต๊ณ„ ์ƒํƒœ์— ๋Œ€ํ•œ ๋ณ€๊ฒฝ ์‚ฌํ•ญ์„ ๊ธฐ๋กํ•ฉ๋‹ˆ๋‹ค.

๊ถŒํ•œ

ID ๋ฐ ์•ก์„ธ์Šค ๊ด€๋ฆฌ ๊ถŒํ•œ๊ณผ ์—ญํ• ์— ๋”ฐ๋ผ ์‚ฌ์šฉ์ž๊ฐ€ ๋ณด๊ณ  ๋‚ด๋ณด๋‚ผ ์ˆ˜ ์žˆ๋Š” ๋กœ๊ทธ๊ฐ€ ๊ฒฐ์ •๋ฉ๋‹ˆ๋‹ค.

์ถ”์ฒœ์ž ๋กœ๊ทธ๋ฅผ ๋ณด๋ ค๋ฉด ๋กœ๊ทธ๊ฐ€ ํฌํ•จ๋œ ํ”„๋กœ์ ํŠธ์— ๋‹ค์Œ IAM ์—ญํ•  ์ค‘ ํ•˜๋‚˜๊ฐ€ ์žˆ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

  • ๊ธฐ๋ณธ ์—ญํ•  ์ค‘ ํ•˜๋‚˜(ํ”„๋กœ์ ํŠธ ์†Œ์œ ์ž, ํ”„๋กœ์ ํŠธ ํŽธ์ง‘์ž ๋˜๋Š” ํ”„๋กœ์ ํŠธ ๋ทฐ์–ด).
  • Cloud Logging ๋กœ๊ทธ ๋ทฐ์–ด ์—ญํ• 
  • logging.logEntries.list IAM ๊ถŒํ•œ์ด ์žˆ๋Š” ์ปค์Šคํ…€ IAM ์—ญํ• 

๋กœ๊ทธ ๋ณด๊ธฐ

๊ถŒ์žฅ์‚ฌํ•ญ ๋กœ๊ทธ

๊ถŒ์žฅ ์ž‘์—… ๋กœ๊ทธ๋ฅผ ๋ณด๋ ค๋ฉด ๋‹ค์Œ ์•ˆ๋‚ด๋ฅผ ๋”ฐ๋ฅด์„ธ์š”.

  1. Google Cloud ์ฝ˜์†”์—์„œ Google Cloud Observability ๋กœ๊น… > ๋กœ๊ทธ(๋กœ๊ทธ ํƒ์ƒ‰๊ธฐ) ํŽ˜์ด์ง€๋กœ ์ด๋™ํ•ฉ๋‹ˆ๋‹ค.

    ๋กœ๊ทธ ํƒ์ƒ‰๊ธฐ ํŽ˜์ด์ง€๋กœ ์ด๋™

  2. ํŽ˜์ด์ง€ ์ƒ๋‹จ์—์„œ ๊ธฐ์กด Google Cloud ํ”„๋กœ์ ํŠธ๋ฅผ ์„ ํƒํ•˜๊ฑฐ๋‚˜ ์ƒˆ ํ”„๋กœ์ ํŠธ๋ฅผ ๋งŒ๋“ญ๋‹ˆ๋‹ค.

  3. ์ฒซ ๋ฒˆ์งธ ๋“œ๋กญ๋‹ค์šด ๋ฉ”๋‰ด์—์„œ ์ถ”์ฒœ์ž๋ฅผ ์„ ํƒํ•ฉ๋‹ˆ๋‹ค.

  4. ํ•ญ๋ชฉ ์„ธ๋ถ€์ •๋ณด๋ฅผ ๋ณด๋ ค๋ฉด ๋กœ๊ทธ ํ•ญ๋ชฉ์„ ํŽผ์นฉ๋‹ˆ๋‹ค. ๋‹ค์Œ ์˜ˆ์‹œ์—์„œ๋Š” ์‚ฌ์šฉํ•œ ๊ถŒ์žฅ์‚ฌํ•ญ์„ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.

    {
 insertId:  "t51fxaa1"
 jsonPayload: {
  @type:  "type.googleapis.com/google.cloud.recommender.logging.v1.ActionLog"
  actor:  "user@gmail.com"
  recommendationName:   "projects/my-recommender-project/locations/global/recommenders/google.iam.policy.Recommender/recommendations/r1"
  state:  "CLAIMED"
  stateMetadata: {
    my_metadata: "Some metadata."
  }
 }
 logName:  "projects/my-recommender-project/logs/recommender.googleapis.com%2Factions"
 receiveTimestamp:  "2019-07-01T21:55:06.950795284Z"
 resource: {
  labels: {
   location:  "global"
   project_id:  "my-recommender-project"
   recommender_id:  "google.iam.policy.Recommender"
  }
  type:  "recommender"
 }
 severity:  "INFO"
 timestamp:  "2019-07-01T21:55:06.529Z"
}

ํ†ต๊ณ„ ๋กœ๊ทธ

ํ†ต๊ณ„ ์ž‘์—… ๋กœ๊ทธ๋ฅผ ๋ณด๋ ค๋ฉด ๋‹ค์Œ ์•ˆ๋‚ด๋ฅผ ๋”ฐ๋ฅด์„ธ์š”.

  1. Google Cloud ์ฝ˜์†”์—์„œ Google Cloud Observability ๋กœ๊น… > ๋กœ๊ทธ(๋กœ๊ทธ ํƒ์ƒ‰๊ธฐ) ํŽ˜์ด์ง€๋กœ ์ด๋™ํ•ฉ๋‹ˆ๋‹ค.

    ๋กœ๊ทธ ํƒ์ƒ‰๊ธฐ ํŽ˜์ด์ง€๋กœ ์ด๋™

  2. ํŽ˜์ด์ง€ ์ƒ๋‹จ์—์„œ ๊ธฐ์กด Google Cloud ํ”„๋กœ์ ํŠธ๋ฅผ ์„ ํƒํ•˜๊ฑฐ๋‚˜ ์ƒˆ ํ”„๋กœ์ ํŠธ๋ฅผ ๋งŒ๋“ญ๋‹ˆ๋‹ค.

  3. ์ฒซ ๋ฒˆ์งธ ๋“œ๋กญ๋‹ค์šด ๋ฉ”๋‰ด์—์„œ InsightType์„ ์„ ํƒํ•ฉ๋‹ˆ๋‹ค.

  4. ํ•ญ๋ชฉ ์„ธ๋ถ€์ •๋ณด๋ฅผ ๋ณด๋ ค๋ฉด ๋กœ๊ทธ ํ•ญ๋ชฉ์„ ํŽผ์นฉ๋‹ˆ๋‹ค. ๋‹ค์Œ ์˜ˆ์‹œ์—์„œ๋Š” ํ—ˆ์šฉ๋œ ํ†ต๊ณ„๋ฅผ ๋ณด์—ฌ์ค๋‹ˆ๋‹ค.

    {
 insertId:  "t51fxaa1"
 jsonPayload: {
  @type:  "type.googleapis.com/google.cloud.recommender.logging.v1.InsightActionLog"
  actor:  "user@gmail.com"
  insight:   "projects/my-recommender-project/locations/global/insightTypes/google.iam.policy.Insight/insights/i1"
  state:  "ACCEPTED"
  stateMetadata: {
    my_metadata: "Some metadata."
  }
 }
 logName:  "projects/my-recommender-project/logs/recommender.googleapis.com%2Factions"
 receiveTimestamp:  "2019-07-01T21:55:06.950795284Z"
 resource: {
  labels: {
   location:  "global"
   project_id:  "my-recommender-project"
   insight_type_id:  "google.iam.policy.Recommender"
  }
  type:  "recommender_insight_type"
 }
 severity:  "INFO"
 timestamp:  "2019-07-01T21:55:06.529Z"
}