You are exporting application logs to Cloud Storage. You encounter an error message that the log sinks don't support uniform bucket-level access policies. How should you resolve this error?
A.
Change the access control model for the bucket
B.
Update your sink with the correct bucket destination.
C.
Add the roles/logging.logWriter Identity and Access Management (IAM) role to the bucket for the log sink identity.
D.
Add the roles/logging.bucketWriter Identity and Access Management (IAM) role to the bucket for the log sink identity.
https://cloud.google.com/logging/docs/export/troubleshoot
Unable to grant correct permissions to the destination:
Even if the sink was successfully created with the correct service account permissions, this error message displays if the access control model for the Cloud Storage bucket was set to uniform access when the bucket was created.
For existing Cloud Storage buckets, you can change the access control model for the first 90 days after bucket creation by using the Permissions tab. For new buckets, select the Fine-grained access control model during bucket creation. For details, see Creating Cloud Storage buckets.
Uniform Bucket-Level Access (UBLA) is a feature in Google Cloud Storage that allows you to use Identity and Access Management (IAM) to manage access to a bucket's content. When it is enabled, Access Control Lists (ACLs) cannot be used. If you're encountering an error message indicating that the log sinks don't support uniform bucket-level access policies, it's possible that your bucket is using UBLA and the logging mechanism doesn’t support it.
A. Change the access control model for the bucket appears to be the most relevant choice to address the error related to UBLA support. By reverting from UBLA to the fine-grained access control model, you might resolve the issue if the log sinks indeed do not support UBLA. Always ensure to validate changes and ensure that they comply with your organization’s security policies
To resolve the error message that the log sinks don’t support uniform bucket-level access policies when exporting application logs to Cloud Storage, you should change the access control model for the bucket. This will allow you to enable uniform bucket-level access, which is required for log sinks to function properly.
By changing the access control model for the bucket, you can ensure that the necessary permissions are granted and that the log sinks can support uniform bucket-level access policies.
A is the answer.
https://cloud.google.com/logging/docs/export/troubleshoot#errors_exporting_to_cloud_storage
- Unable to grant correct permissions to the destination:
Even if the sink was successfully created with the correct service account permissions, this error message displays if the access control model for the Cloud Storage bucket was set to uniform access when the bucket was created.
Answer is (A).
If bucket-level access policies are not supported, Fine-grained is being used.
The recommended architecture is Uniform bucket-level access. Therefore, Change the access control model for the bucket.
Ref : https://cloud.google.com/storage/docs/access-control
A: can't export logs to a bucket with uniform bucket-level access
(B sounds halfway decent as well, but you'd still need another bucket without uniform bucket-level access, so it's incomplete)
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mikesp
Highly Voted 1Â year, 11Â months agoArizonaClassics
Highly Voted 6Â months, 3Â weeks agoXoxoo
Most Recent 7Â months, 2Â weeks agoAzureDP900
1Â year, 5Â months agozellck
1Â year, 7Â months agomT3
1Â year, 11Â months agoTaliesyn
1Â year, 11Â months ago