From a536f4fdfa182290c311eebcdf4ac86a158fbc67 Mon Sep 17 00:00:00 2001
From: Andrew Bolyachevets <Andriy.Bolyachevets@gov.bc.ca>
Date: Wed, 8 Jan 2025 09:25:08 -0800
Subject: [PATCH] create audit log sink (#209)

---
 gcp/project_setup/gcp_cloudsql_instance.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gcp/project_setup/gcp_cloudsql_instance.sh b/gcp/project_setup/gcp_cloudsql_instance.sh
index 8583a6ca..35d0c261 100755
--- a/gcp/project_setup/gcp_cloudsql_instance.sh
+++ b/gcp/project_setup/gcp_cloudsql_instance.sh
@@ -14,6 +14,14 @@ gcloud config set project "${TARGET_PROJECT_ID}-${ENV}"
 
 gcloud services enable servicenetworking.googleapis.com --project="${TARGET_PROJECT_ID}-${ENV}"
 
+# create the dataset only once
+# bq mk --location=$REGION --dataset ${HOST_PROJECT_ID}-${ENV}:cloudsql_audit_logs_${TAG}
+
+gcloud logging sinks create cloudsql_audit_logs_${TAG} \
+bigquery.googleapis.com/projects/${HOST_PROJECT_ID}-${ENV}/datasets/cloudsql_audit_logs_${TAG} \
+--log-filter="logName=\"projects/${TARGET_PROJECT_ID}-${ENV}/logs/cloudaudit.googleapis.com%2Fdata_access\" AND resource.type=\"cloudsql_database\" AND protoPayload.serviceName=\"cloudsql.googleapis.com\" AND protoPayload.methodName=\"cloudsql.instances.query\"" \
+--use-partitioned-tables
+
 gcloud sql instances create "${INSTANCE_NAME}-${TAG}" \
     --database-version=$POSTGRES_VERSION \
     --region=$REGION \