Skip to main content

Audit Logging - GCP Pub/Sub

Manual Setup Prerequisites

note

These steps are only needed for manual setup. If you use Terraform for your deployment, you don't need to complete these prerequisites.

Before configuring the manual Audit log sink, complete the following steps in Google Cloud:

  1. Create a Pub/Sub topic and make a note of its topic name, for example, "test- auditlog".
  2. Set up a service account in the same project in Google Cloud and follow the instructions in the Temporal Cloud UI to configure the permissions for that account.

Create an Audit Log sink

  1. In the Temporal Cloud UI, select Settings.
  2. On the Settings page, select Audit Logging.
  3. In the Audit Logging card, select Set Up Audit Log Integration.
  4. On the Set Up Audit Logs Integration page, select Pub/Sub.
  5. In the Service account email field, enter the service account email you created in the prerequisites.
  6. In the Topic name field, enter the topic name of the Pub/Sub topic you created in the prerequisites.
  7. There are two ways to configure the service account to write to the Pub/Sub sink. Select Manual to configure the account manually, or Deploy with Terraform to use Terraform. If you use Terraform, you don't need to complete the prerequisite steps above.
  8. Follow the instructions in the Temporal Cloud UI for the method you chose.
  9. Click Create to configure the audit log. This may take a few minutes.

Temporal Cloud UI Setup for Audit Logging with GCP Pub/Sub

More information

For more details, see the documentation on audit logging.