v0.5.0: GCP Audit Logs & Multi-Provider Architecture
๐ TFDrift-Falco v0.5.0: Multi-Cloud Arrives
Release Date: January 10, 2026
Major milestone: TFDrift-Falco scales beyond AWS to support Google Cloud Platform (GCP) with comprehensive audit log integration.
๐ฏ Multi-Cloud Vision
v0.5.0 brings TFDrift-Falco to the next level:
- AWS Leadership - Maintain our 400+ event AWS coverage
- GCP Parity - Launch with 100+ GCP events across 12+ services
- Extensible Foundation - Architecture ready for Azure, Kubernetes, and beyond
๐ฉ๏ธ What's New
100+ GCP Events with Falco gcpaudit Plugin
Full integration with Falco's GCP Audit Log parser:
- 100+ events across 12+ GCP services
- Resource detail extraction (project ID, zone, region)
- User identity correlation (principal email, service accounts)
- Change tracking with request/response capture
- Comprehensive validation and error handling
GCS Backend for Terraform State
Load and compare Terraform state directly from Google Cloud Storage:
providers:
gcp:
enabled: true
projects:
- my-gcp-project-123
state:
backend: "gcs"
gcs_bucket: "my-terraform-state"
gcs_prefix: "prod/terraform.tfstate"
Supports:
- Application Default Credentials (ADC)
- Service account key files
- Multi-bucket configurations
Multi-Provider Architecture
Event routing based on cloud provider:
aws_cloudtrailโ AWS parsergcpauditโ GCP parser- Extensible design for future providers
All events flow through a unified drift detection engine, enabling side-by-side monitoring of AWS and GCP infrastructure.
Storybook-Driven UI Development
Interactive component library for faster dashboard development:
npm run storybook
# Visit http://localhost:6006
# Browse UI components in isolation
# Test dark/light theme support
Perfect foundation for upcoming dashboard UI in v0.7.
๐ฌ Quick Start
Enable GCP support in your config:
providers:
gcp:
enabled: true
projects:
- my-gcp-project-123
state:
backend: "gcs"
gcs_bucket: "my-terraform-state"
gcs_prefix: "prod/terraform.tfstate"
Or use the quick-start script:
./scripts/gcp-quick-start.sh
๐ Service Coverage
| Service | Events | Coverage |
|---|---|---|
| Compute Engine | 30+ | Instances, Disks, Networks |
| Cloud Storage | 15+ | Buckets, Objects, IAM |
| Cloud SQL | 10+ | Instances, Databases |
| GKE | 10+ | Clusters, Node Pools |
| Cloud Run | 8+ | Services, Revisions |
| IAM | 8+ | Service Accounts, Roles |
| VPC/Networking | 10+ | Firewalls, Routes |
| Cloud Functions | 5+ | Functions, Triggers |
| BigQuery | 5+ | Datasets, Tables |
| Pub/Sub | 5+ | Topics, Subscriptions |
| KMS | 5+ | Keys, KeyRings |
| Secret Manager | 3+ | Secrets, Versions |
๐ Security & Compliance
- Falco Rule Integration - Use Falco rules to detect critical GCP changes
- Audit Trail - Full audit logs for compliance (SOC2, PCI-DSS, HIPAA, GDPR)
- Multi-Project Monitoring - Centralized monitoring across GCP projects
๐ Documentation
- GCP Setup Guide - 3,600+ lines with troubleshooting
- Architecture v1.1 - Multi-cloud patterns and best practices
- GCP Services Coverage - Complete service mapping reference
๐งช Testing
- 34 GCP parser tests (100% pass rate)
- Integration tests for multi-provider scenarios
- Resource type mapping validation
๐ค Contributors
Special thanks to the Falco community for the gcpaudit plugin, making GCP audit log integration seamless!
TFDrift-Falco v0.5.0 - Multi-Cloud Drift Detection for AWS & GCP
500 AWS Events โข 100 GCP Events โข Unified Multi-Cloud Engine โข Production Ready