Enable Audit Manager so that you can audit Google Cloud folders and projects using built-in or custom frameworks.
Before you begin
To enable APIs, you need the Service Usage Admin IAM role
(roles/serviceusage.serviceUsageAdmin), which contains the
serviceusage.services.enable permission. To learn how to grant
roles, see Manage access to projects, folders, and
organizations.
Enable Audit Manager
If required, update the Restrict service usage organization policy constraint to include the Audit Manager API (
auditmanager.googleapis.com).To enable Audit Manager, complete one of the following:
To enable Audit Manager on a project, enable the Audit Manager API.
To enable Audit Manager on your organization, run the following command:
gcloud beta services enable auditmanager.googleapis.com \ --organization=ORGANIZATION_IDReplace
ORGANIZATION_IDwith your Google Cloud organization ID.For more information, see Enable services.
The Audit Manager service agent is created when you enable Audit Manager. When you enable Audit Manager at the project level, the service agent is
service-PROJECT_NUMBER@gcp-sa-audit-manager.iam.gserviceaccount.com. When you enable Audit Manager at the organization level, the service agent isservice-org-ORGANIZATION_ID@gcp-sa-audit-manager.iam.gserviceaccount.com.Configure Audit Manager to support VPC Service Controls service perimeters.
Audit Manager doesn't support the jurisdictional console.