Answer-first summary for fast verification
Answer: Add the Logs Writer role to the service account.
To resolve the issue of not seeing any log entries from the Compute Engine instance in Cloud Logging, the recommended practice is to ensure that the service account attached to the instance has the necessary permissions to write logs. The correct approach is to add the Logs Writer role to the service account, which grants it the permissions needed to write logs to Cloud Logging. Exporting the service account key (Option A) is not recommended as it poses a security risk. Updating the instance to use the default Compute Engine service account (Option B) is unnecessary if the user-managed service account can be properly configured. Enabling Private Google Access (Option D) is unrelated to the issue of logging permissions.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are setting up Cloud Logging for a new application running on a Compute Engine instance with a public IP address, using a user-managed service account attached to the instance. The required agents are running, but no log entries appear in Cloud Logging. How do you resolve this issue while adhering to Google's recommended practices?
A
Export the service account key and configure the agents to use the key.
B
Update the instance to use the default Compute Engine service account.
C
Add the Logs Writer role to the service account.
D
Enable Private Google Access on the subnet that the instance is in.