Vertex AI Audit Logging with Terraform: Track Every AI Call from Prompt to Response 📋

GCP doesn't log Vertex AI data access by default. Two Terraform resources change that - Cloud Audit Logs for metadata, log sinks for long-term retention. Here's the full setup. You've deployed your Vertex AI endpoint ( Post 1 ) and added safety filters ( Post 2 ). Your app is generating responses in production. Then your compliance team asks: "Can you prove who called which model, when, and what was sent?" GCP gives you two logging layers for this. Cloud Audit Logs capture metadata about every Vertex AI API call - who, when, which model, whether it succeeded. Request-response logging captures the actual prompt and response bodies into BigQuery. Both are disabled by default. Terraform makes sure they're enabled before your first production call. 🎯 🧱 Two Logging Layers, Two Problems They Solve Layer What It Captures Where It Goes Terraform Resource Cloud Audit Logs Caller identity, model ID, method, timestamp, authorization Cloud Logging google_project_iam_audit_config Request-Response L