There is no practical recommendation to use data_access_logs_enabled in any realistic scenario. I suggest we remove it.
An earlier version implemented this variable by default and rolled it back when customers were unhappy with the surprise large bill caused by data access logs; it was later switched to false by default and requires explicit enablement. However, my argument is that this variable has no use because we would never recommend turning on all data access logs for all services, it generates an enormous amount of noise and cost. The choice to enable data_access_logs should be based on the requirements of specific workloads, in the context of data sensitivity and regulatory requirements. (not a foundation-wide control)
Terraform Resources
Remove all references to [`data_access_logs_enabled`](https://github.com/search?q=repo%3Aterraform-google-modules%2Fterraform-example-foundation+data_access_logs_enabled&type=code)
TL;DR
There is no practical recommendation to use
data_access_logs_enabled
in any realistic scenario. I suggest we remove it.An earlier version implemented this variable by default and rolled it back when customers were unhappy with the surprise large bill caused by data access logs; it was later switched to false by default and requires explicit enablement. However, my argument is that this variable has no use because we would never recommend turning on all data access logs for all services, it generates an enormous amount of noise and cost. The choice to enable data_access_logs should be based on the requirements of specific workloads, in the context of data sensitivity and regulatory requirements. (not a foundation-wide control)
Terraform Resources
Detailed design
No response
Additional information
No response