Network traffic is captured from a computer service and passed to a load balancer forwarding rule, which then determines how the capture of traffic is sent to other backend services. This is very similar to how you might load-balance inbound traffic to multiple web services; however, in this case, you are balancing mirrored traffic from computer services.

One of the benefits of using Pub/Sub is the ability to queue messages or retain messages for a period of time. This can be useful during outages or network issues with a third-party service where you are shipping the logs.

The Logging Agent relies on consuming host logs from applications on the VM and transforming them into JSON data to be consumed by the Google Logging API.

The s_request_id field is unique for each event that appears in the Usage Logs. s_request_id should be used to ensure Google Cloud has not mistakenly produced a duplicate log entry across multiple Usage Log files, which can occur.

A policy is made from the binding of members and roles, which are grouped into a single policy object. This is then applied to one or many resources within GCP.

Policies are not applied to members! This is one of the fundamental differences of GCP compared to AWS and Azure. You cannot query a member and determine all the permissions that a member may have. You can only query a resource to determine who has permissions for that resource; this is because the resource has the policy applied to it.

In the platform-as-a-service (PaaS) compute model, the underlying operating system is already managed with an application layer sitting on top of it that you can configure. Examples are Google Kubernetes Engine (GKE) and Cloud Run.

To understand the permissions a member may have, you have to query resources. This can have some benefits from an investigative perspective. It means if you know a specific resource was abused, you can simply query the permissions that resource has assigned and see all the members that can access it and what their permission level is on that resource.