In the Service Account Name field, enter the name of the service account email address you selected when configuring Google IAM service account impersonation.If you selected IAM Role, enter fill out following field:.In the Secret Key field, enter the exact value of the private_key associated with the service account configured for your Pub/Sub topic.If you selected User Credentials, fill out the following fields:.Valid values are User Credentials and IAM Role. In the Access Method area, select how Fastly will access Google resources for purposes of log delivery.In the Topic field, enter the Pub/Sub topic to which logs should be sent.In the Email field, enter the email address of the service account configured for your Pub/Sub topic.In the Project ID field, enter the ID of your Google Cloud Platform project.
See the example format section for details. In the Log format field, enter the data to send to Google Cloud Pub/Sub.Read our guide on changing log placement for more information. Valid values are Format Version Default, waf_debug (waf_debug_log), and None. In the Placement area, select where the logging call should be placed in the generated VCL.
In the Name field, enter a human-readable name for the endpoint.Fill out the Create a Google Cloud Pub/Sub endpoint fields as follows:.In the Google Cloud Pub/Sub area, click Create endpoint.Review the information in our guide to setting up remote log streaming.Open the file with a text editor and make a note of the private_key and client_email.
Upon saving the configuration, a JSON file will be downloaded to your computer, containing the credentials for the GCS service account you just created. When configuring key-based access, you must select the JSON format. If you elect to use key-based access, refer to Google's guide on generating a service account credential. Our guide to creating an Google IAM role provides further details on configuring this feature. If you elect to use Google IAM service account impersonation to avoid storing keys with Fastly, you may use the same service account created above. Configuring Google IAM service account impersonation You can use either role-based, service account impersonation, or key-based access to allow Fastly to send logs to Google Pub/Sub. When creating the service account for logging to Google Pub/Sub, the service account must be assigned the Pub/Sub Publisher role to publish to the topic you created for Fastly logging.įastly requires access to write logs to your Pub/Sub topic.