Add logging sync to push stackdriver logs to a bucket.

environments/gprd/main.tf

@@ -1083,3 +1083,31 @@ module "bastion" {
 
   service_account_email = "${var.service_account_email}"
 }
+
+##################################
+#
+#  Logging for StackDriver
+#
+##################################
+
+resource "google_storage_bucket" "log" {
+  name = "gitlab-${var.environment}-logging-archive"
+}
+
+resource "google_logging_project_sink" "log" {
+  name = "${var.environment}-logging-sink"
+
+  destination = "storage.googleapis.com/${google_storage_bucket.log.name}"
+  filter      = "resource.type = gce_instance"
+
+  # Use a unique writer (creates a unique service account used for writing)
+  unique_writer_identity = true
+}
+
+resource "google_project_iam_binding" "log" {
+  role = "roles/storage.objectCreator"
+
+  members = [
+    "${google_logging_project_sink.log.writer_identity}",
+  ]
+}

environments/gstg/main.tf

@@ -1051,10 +1051,28 @@ module "bastion" {
 
 ##################################
 #
-#  Pubsub for logging
+#  Logging for StackDriver
 #
 ##################################
 
-resource "google_pubsub_topic" "mytopic" {
-  name = "${var.environment}-logging"
+resource "google_storage_bucket" "log" {
+  name = "gitlab-${var.environment}-logging-archive"
+}
+
+resource "google_logging_project_sink" "log" {
+  name = "${var.environment}-logging-sink"
+
+  destination = "storage.googleapis.com/${google_storage_bucket.log.name}"
+  filter      = "resource.type = gce_instance"
+
+  # Use a unique writer (creates a unique service account used for writing)
+  unique_writer_identity = true
+}
+
+resource "google_project_iam_binding" "log" {
+  role = "roles/storage.objectCreator"
+
+  members = [
+    "${google_logging_project_sink.log.writer_identity}",
+  ]
 }