google-cloud-platform stackdriver google-iam

How to list role changes in GCP stackdriver?

Is there a filter for stackdriver that logs when a service account or user get a role assigned or removed and who did it?

Someone or something is removing roles in IAM but I don't know if it's a human error or if something else.

Solution

For adding a role you can check this one

protoPayload.serviceData.policyDelta.bindingDeltas.action="ADD"

When a role gets deleted use this one

protoPayload.serviceData.policyDelta.bindingDeltas.action="REMOVE"

Add this line if you suspect a user or service account

protoPayload.authenticationInfo.principalEmail="USER_OR_SERVICEACCOUNT_EMAIL"

Terraform - GCP - Import project IAM member
Getting random "User not found in file /etc/passwd" error on Cloud Run Job
Change time format in GCP Logs Explorer
Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error
Deploying a pelican site to Google Cloud Run with Dockerfile not working
Is there a good explanation of resource labels versus metric labels?
Why do I set the resource type when writing the metric but not when creating a descriptor?
google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s)
GA4 Data Not Retained for More Than 60 Days Despite BigQuery Table Expiration Set to 'Never
How to list all enabled API services for Google Cloud Platform project
Google Cloud calendar API connection error
Downloading a folder from cloud storage in GitHub action and move it inside a docker container is not working
How to fix CloudRun error 'The request was aborted because there was no available instance'
Google Cloud Build with Dockerfile and copy files
Firebase CLI console: Cannot find module @google-cloud/tasks
Does Cloud SQL have a query console or is CLI the only option?
How to use Google Cloud Shell with the new Windows Terminal
Why does GKE kubernetes cluster need a version?
Unable to Read Mounted GCSFuse Directory After Adding --implicit-dirs Option
Error: 10: Developer console is not set up correctly (Not Using Firebase) (One Tap sign-up)
Connection between Private GKE and Cloud SQL
Kubernetes cluster architecture
Validating PubSub message against AVRO JSON schema with multiple union types
Can i run cloud run jobs locally
How to log SSL/TLS Handshake details on Google Cloud Load Balancer
Utilizing Gemini: Through Vertex AI or through Google/generative-ai?
How to use Puppeteer in 2nd gen Cloud Functions?
GCP Logging: who created a Project?
Connection broken: IncompleteRead in Google Cloud Run
How do I query firestore data that is inside collections in said document?