Policy: GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-iam

(((resource.type = iam_role AND protoPayload.authorizationInfo.permission != iam.roles.get AND protoPayload.authorizationInfo.permission != iam.roles.list) OR (resource.type = audited_resource AND (  protoPayload.authorizationInfo.permission = serviceusage.apiKeys.create OR protoPayload.authorizationInfo.permission = serviceusage.apiKeys.delete OR protoPayload.authorizationInfo.permission = serviceusage.apiKeys.update)) OR (resource.type = service_account AND protoPayload.authorizationInfo.permission != iam.serviceAccounts.get AND protoPayload.authorizationInfo.permission != iam.serviceAccounts.list AND protoPayload.authorizationInfo.permission != iam.serviceAccounts.getIamPolicy AND protoPayload.authorizationInfo.permission != iam.serviceAccountKeys.get AND protoPayload.authorizationInfo.permission != iam.serviceAccountKeys.list) OR (resource.type = project AND protoPayload.authorizationInfo.permission=resourcemanager.projects.setIamPolicy)) AND severity>=INFO AND severity<ERROR)