Answer-first summary for fast verification
Answer: Assign the Logs Configuration Writer role to developers in the staging Project
Option A is correct because the Logs Configuration Writer role provides the necessary permissions to create logs-based metrics without granting excessive privileges. Assigning this role at the project level ensures access is limited to the staging project only, adhering to the principle of least privilege. Options B and C are incorrect as they grant permissions at the folder level, which would include the production project, violating the least privilege principle. Option D is incorrect because the Logs Admin role is overly permissive for the task at hand. Reference: [Google Cloud Logging Documentation](https://cloud.google.com/logging/docs/logs-based-metrics).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are overseeing an application that produces a significant volume of logs within the staging Project. The organization is structured within GCP with an organization, two folders (dev and prod), and four projects (dev, test, staging, and production). The dev and test projects reside under the dev folder, while staging and production are under the prod folder. The goal is to create metrics from these logs for alerting purposes specifically for this application, adhering to the principle of least privilege. Which IAM solution best meets this requirement?
A
Assign the Logs Configuration Writer role to developers in the staging Project
B
Assign the Logs Admin role to developers in the prod Folder
C
Assign the Logs Configuration Writer role to developers in the prod Folder
D
Assign the Logs Admin role to developers in the staging Project