Managing Storage with Google Cloud Storage
Indent storage integrates with Google Cloud Storage (GCS). Indent creates an audit log and reports that show which users request access to which Resource. You can view logs directly in the Dashboard and you can export them to a GCS your team controls.
Setup
- Sign in to your Indent space.
- If you haven't already, use our Quickstart to configure your space and onboard your team.
Step 1: Create a GCS Bucket
- Navigate to your Google Cloud Account Dashboard.
- Open Storage → Cloud Storage and create a new bucket..
- Select a Google Cloud Region you want to store your logs in.
- Configure the bucket based on your organization's policies.
Step 2: Create a Google Service Account to use with Indent
- Navigate to your Google Cloud Account Dashboard.
- Open IAM and Admin → Service Accounts in the sidebar and create a new Service Account.
- When prompted for a Service Account Role, select "Storage Object Admin."
- Assign your user permissions to access your GCS Bucket. What permissions does my user need?
- Create a JSON Service Account Key to use with your new Service Account.
Step 3: Add your Google Cloud Service Account credential to Indent
- Open the Credentials page in your Indent Space.
- Click New+, then in the dropdown select "GCP" as the credential type.
- Paste the JSON Service Account Key you created in the previous step in the Materials box.
- Click Create and your new credential is added to your Space.
Step 4: Connect the bucket to Indent's Access Manager Logs
- Log in to your Indent space and navigate to Providers → Inputs.
- You should see an input named "Access Manager Logs," click on the Input to open it.
- Select the "Configuration" section and click on the dropdown labelled "Sync Config."
- Enter the GCS URL for the bucket you created to use with Indent.
- Under "Credentials," select your
gcp
credential, then click "Save."
Congrats! You've just configured exporting logs to an GCS Bucket with Indent.
GCS Bucket Service Account Permissions
Your new Service Account needs permission to access your bucket and make changes to bucket objects. We recommend setting your Service Account up as a Storage Object Admin.
Minimum Google IAM Permissions
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.setIamPolicy
storage.objects.update
Optional: Create a new Input for GCS Logs
You can add additional inputs to send Indent logs to Google Cloud Storage (GCS_) buckets from your existing Space.
- Log in to your Indent space and navigate to Providers → Inputs
- Click New+ and enter a memorable name for your new Input, then click "Create Input."
- Select the "Configuration" section in your new Input and click on the dropdown labelled "Sync Config."
- Enter the GCS URL for the bucket you created to use with Indent.
- Under "Credentials," select your
gcp
credential, then click "Save."