Log whenever somebody connects to prod SSH using IAP

terraform/environments/production/bi.tf

@@ -190,6 +190,11 @@ resource "google_compute_firewall" "metabase-ssh-ipv4" {
     ports    = [22]
   }
 
+
+  log_config {
+    metadata = "INCLUDE_ALL_METADATA"
+  }
+
   # Only allows connections using IAP
   source_ranges = local.iap_ipv4_ranges
   target_tags   = module.metabase.target_tags

terraform/environments/production/gateways.tf

@@ -109,6 +109,10 @@ resource "google_compute_firewall" "gateways-ssh-ipv4" {
     ports    = [22]
   }
 
+  log_config {
+    metadata = "INCLUDE_ALL_METADATA"
+  }
+
   # Only allows connections using IAP
   source_ranges = local.iap_ipv4_ranges
   target_tags   = module.gateways[0].target_tags

terraform/environments/production/main.tf

@@ -196,6 +196,10 @@ resource "google_compute_firewall" "ssh-ipv4" {
     ports    = [22]
   }
 
+  log_config {
+    metadata = "INCLUDE_ALL_METADATA"
+  }
+
   # Only allows connections using IAP
   source_ranges = local.iap_ipv4_ranges
   target_tags = concat(

terraform/environments/production/relays.tf

@@ -146,6 +146,10 @@ resource "google_compute_firewall" "relays-ssh-ipv4" {
     ports    = [22]
   }
 
+  log_config {
+    metadata = "INCLUDE_ALL_METADATA"
+  }
+
   # Only allows connections using IAP
   source_ranges = local.iap_ipv4_ranges
   target_tags   = module.relays[0].target_tags