Skip to main content

Audit Logging - GCP Pub/Sub

Prerequisites

Before configuring the Audit log sink, complete the following steps in Google Cloud:

  1. Create a Pub/Sub topic and make a note of its topic name, for example, "test- auditlog".
  2. Set up a service account in the same project in Google Cloud that trusts the Temporal internal service account to let Temporal write information to your Google Cloud account.

Create an Audit Log sink

  1. In the Temporal Cloud UI, select Settings.
  2. On the Settings page, select Audit Logging.
  3. In the Audit Logging card, select Set Up Audit Log Integration.
  4. On the Set Up Audit Logs Integration page, select Pub/Sub.
  5. In the Service account email field, enter the service account email you created in the prerequisites.
  6. In the Topic name field, enter the topic name of the Pub/Sub topic you created in the prerequisites.
  7. There are two ways to configure the service account to write to the GCS sink. Select Manual to configure the account manually, or Deploy with Terraform to use Terraform.
  8. Follow the instructions in the Temporal Cloud UI for the method you chose.
  9. Click Create to configure the audit log. This may take a few minutes.

Temporal Cloud UI Setup for Audit Logging with GCP Pub/Sub

More information

For more details, see the documentation on audit logging.