Guardrails for GitHub →
Mods
GCP

Policy: GCP > Turbot > Event Handlers > Logging > Unique Writer Identity

Choose the writer identity used for Guardrails Event Handlers logging sink in the Project. If Enforce: Default Service Account, the default writer identity, serviceAccount:cloud-logs@system.gserviceaccount.com, is used. (This is the default setting.) If Enforce: Unique Identity, a new service account is created matching the pattern: serviceAccount:service-${projectNumber}@gcp-sa-logging.iam.gserviceaccount.com and it will then be used for creating the logging sink.

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Policy Packs

This policy setting is used by the following policy packs:

Policy Specification

Schema Type
string
Default
Enforce: Default Service Account
Valid Values [YAML]
  • Enforce: Default Service Account
    
  • Enforce: Unique Identity
    

Category

In Your Workspace

Developers