Context
Reads of CalCOFI parquet/DuckDB files on Google Cloud Storage (via DuckDB httpfs or direct download) are currently untracked.
Implementation
Enable Data Access Audit Logs
- GCP Console → IAM & Admin → Audit Logs
- Find "Cloud Storage" in the service list
- Check DATA_READ (and optionally DATA_WRITE)
- Save
This captures every storage.objects.get call with: bucket, object path, caller identity, timestamp, IP.
View Logs
Cloud Logging → Logs Explorer:
resource.type="gcs_bucket"
protoPayload.methodName="storage.objects.get"
Long-term Export to BigQuery
Cloud Logging → Log Router → Create Sink:
- Destination: BigQuery dataset (e.g.,
calcofi_logs.gcs_access)
- Filter:
resource.type="gcs_bucket"
Enables SQL queries over access patterns, e.g., daily unique users, most-accessed datasets.
Note
Audit logging incurs small GCP costs proportional to volume. Review pricing before enabling on high-traffic buckets.
Context
Reads of CalCOFI parquet/DuckDB files on Google Cloud Storage (via DuckDB
httpfsor direct download) are currently untracked.Implementation
Enable Data Access Audit Logs
This captures every
storage.objects.getcall with: bucket, object path, caller identity, timestamp, IP.View Logs
Cloud Logging → Logs Explorer:
Long-term Export to BigQuery
Cloud Logging → Log Router → Create Sink:
calcofi_logs.gcs_access)resource.type="gcs_bucket"Enables SQL queries over access patterns, e.g., daily unique users, most-accessed datasets.
Note
Audit logging incurs small GCP costs proportional to volume. Review pricing before enabling on high-traffic buckets.