google-cloud-platform - How/Where to log, audit, and alert on changes to Google Cloud Function code?
问题描述
How would our organization log, audit, and alert on any code changes (add, change, delete) to Google Cloud Functions to survive an external audit? We've figured out how to do so on AWS (combination of CloudTrail and CloudWatch Events/Amazon EventBridge) and Azure (Audit log and Alerts under the Monitor service, although this is not as reliable as the AWS solution because some events do not seem to be picked up. Azure even has this nice new service in preview called Application Change Analysis, but it does not alert, and it goes away when a function is deleted instead of reporting that it has been deleted.)
But how do we do the same thing with Google Cloud Functions? How would we log and audit the creation/update/deletion of Cloud Functions and Cloud Function code? How would we go even further and receive an alert whenever any of those conditions occur, just like we have proven can happen with AWS and (kind of, at least) with Azure? Thank you!
解决方案
您可以使用Cloud Function 审核日志。您可以将日志导出到 PubSub,然后,您可以对事件执行您想要的操作:
- 将它们存储在 BigQuery 中以获取历史记录
- 发送警报(电子邮件、松弛消息,...)
- Act:例如,执行回滚到存储在源存储库中的先前代码
- ...
一切都取决于您的安全流程以及您想对这些事件做什么。
推荐阅读
- javascript - 开关盒上的断点就像被省略了
- javascript - JS函数属性和内存
- wordpress - 发送邮件,但就在 wordpress 帖子更新时
- android - 在 Android webview 中禁用输入控件
- android - 如何在没有 Internet 连接的情况下在 Android Studio 中的 html 文件中显示 PDF 文件
- python-3.x - keras自定义层K.reshape无法将输入数组从形状(15,4)广播到形状(1,4)
- c# - 必应地图 API 2 点之间的距离
- javascript - 使用ajax,php在单击同一页面上获取ID
- python - 将 np.linalg.norm 与“nuc”范数一起使用时,“矩阵的范数顺序无效”
- html - 我想将我的消息推送到一个数组中并在 HTML 上显示