Enable Audit Manager

Enable Audit Manager so that you can audit Google Cloud folders and projects using built-in or custom frameworks.

Before you begin

To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. To learn how to grant roles, see Manage access to projects, folders, and organizations.

Enable Audit Manager

  1. If required, update the Restrict service usage organization policy constraint to include the Audit Manager API (auditmanager.googleapis.com).

  2. To enable Audit Manager, complete one of the following:

    • To enable Audit Manager on a project, enable the Audit Manager API.

      Go to Enable access to API

    • To enable Audit Manager on your organization, run the following command:

      gcloud beta services enable auditmanager.googleapis.com \
         --organization=ORGANIZATION_ID
      

      Replace ORGANIZATION_ID with your Google Cloud organization ID.

      For more information, see Enable services.

    The Audit Manager service agent is created when you enable Audit Manager. When you enable Audit Manager at the project level, the service agent is service-PROJECT_NUMBER@gcp-sa-audit-manager.iam.gserviceaccount.com. When you enable Audit Manager at the organization level, the service agent is service-org-ORGANIZATION_ID@gcp-sa-audit-manager.iam.gserviceaccount.com.

  3. Configure Audit Manager to support VPC Service Controls service perimeters.

Audit Manager doesn't support the jurisdictional console.

What's next