Bigtable Instances Should Have Audit Logging Enabled
More Info:
DATA_READ, DATA_WRITE and ADMIN_READ logs should be enabled on Cloud Bigtable InstancesRisk Level
MediumAddress
Operational Maturity, SecurityCompliance Standards
HITRUSTTriage and Remediation
Remediation
Using Console
Using Console
To remediate the “Bigtable Instances Should Have Audit Logging Enabled” misconfiguration in GCP using the GCP console, you can follow the below steps:
- Open the Google Cloud Console and select the project in which the Bigtable instance is created.
- In the left navigation menu, select “Bigtable” under the “Storage” section.
- Select the Bigtable instance for which you want to enable audit logging.
- In the Bigtable instance details page, click on the “Edit” button at the top of the page.
- Scroll down to the “Cloud Audit Logs” section and click on the “Add logging” button.
- In the “Add logging” dialog box, select the logs that you want to enable for the Bigtable instance. You can select from the following logs:
- Admin Activity
- Data Access
- System Event
- Once you have selected the logs, click on the “Save” button to enable audit logging for the Bigtable instance.
Using CLI
Using CLI
To remediate the misconfiguration of Bigtable Instances not having audit logging enabled in GCP using GCP CLI, you can follow the below steps:
- Open the Cloud Shell by clicking on the Activate Cloud Shell button in the top right-hand corner of the Google Cloud Console.
-
Run the following command to enable audit logging for Bigtable instances:
Replace
INSTANCE_IDwith the ID of the Bigtable instance for which you want to enable audit logging. -
After running the above command, you will receive a confirmation message that the instance has been updated with audit logging enabled.
-
Verify that the audit logging is enabled for the Bigtable instance by running the following command:
This command will return
Trueif audit logging is enabled for the instance. - Repeat the above steps for all the Bigtable instances in your GCP project to ensure that audit logging is enabled for all of them.
Using Python
Using Python
To remediate the misconfiguration of Bigtable Instances not having Audit Logging enabled in GCP using Python, follow these steps:
- Import the necessary libraries and authenticate the GCP credentials using the
google-cloud-bigtablelibrary andApplication Default Credentials (ADC):
- Retrieve the list of Bigtable instances in the project using the
list_instances()method:
- Loop through each instance and check if Audit Logging is enabled or not using the
get_iam_policy()method:
- If Audit Logging is not enabled, add the
group:[email protected]member to theroles/bigtable.adminrole using thebinding.members.append()method:
- Update the IAM policy for the instance using the
set_iam_policy()method:
- The final code would look like this:
- Run the code and verify that Audit Logging is enabled for all Bigtable instances in the project.