Skip to main content
Question

Gihtub audit log ingestion to Google Secops using Federated identity

  • November 18, 2025
  • 2 replies
  • 33 views
srajvansh
Forum|alt.badge.img+2

I am looking to setup github audit logs to be ingested into my Google Secops tenant. As per the documentation, the way to do so is using the AWS S3 V2 feed and this uses setting up IAM user with Access key as well as Secret Access Key.

 

Rather than using access key and secret access key, I would rather want to use a federated identity and setup AWS IAM role for the same. 

Has anyone done the same and provide some suggestions here?

 

really appreciate everyone’s responses here.

2 replies

matthewnichols
Community Manager
Forum|alt.badge.img+16
  • matthewnicholsCommunity Manager
  • Community Manager
  • November 18, 2025

Hi ​@srajvansh Thanks for your post and question. I am going to move this over to the Security Operations discussion forum for better visibility from SecOps practitioners. 

 

Also, have you checked out this blog and GitHub space? It might help provide some answers. If not, please let us know and we’ll dive in how else we can help. 

 

Community-Driven Detection Content for Google SecOps

 

srajvansh
Forum|alt.badge.img+2
  • srajvansh
  • Author
  • New Member
  • November 18, 2025

@matthewnichols , thanks for moving this over to the right spot. Yes, I have checked out the Github space and those are more of detection related.

 

This is more of like the ingestion side of house and also, just for reference this would going to AWS S3 bucket and using federated identity in AWS   than an IAM user with secret access keys.

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.