Events

Event-driven messaging across your infrastructure. Publish and subscribe between services without managing brokers, queues, or polling loops.

One publish, many subscribers — wired to the rest of the platform.

  • Platform primitives publish lifecycle events automatically — no instrumentation needed
  • Subscribe Functions directly to topics — no queue polling or worker processes
  • All event delivery is logged and queryable in Logs

Sources

  • Platform primitives — Machines, Buckets, and Functions emit lifecycle events automatically
  • Custom publish — push any event from your application via API or SDK
  • Webhooks — receive events from external systems
  • Schedule — time-based events for periodic workflows
  • IAM activity — permission changes and access anomalies

Delivery

  • Guaranteed delivery with configurable retry policies
  • Failed-event queues for events that exhaust retries
  • Fan-out to multiple subscribers from a single publish
  • Filter subscriptions by event type, source, or payload

Logs

Structured log collection for everything on the platform. Stream, store, and query logs from all platform resources without external tooling.

Indexed within seconds — search live output or weeks of history from the same interface.

  • Log-based alerts can trigger Functions or publish Events on pattern matches
  • Structured logs parsed automatically; unstructured output indexed as plaintext
  • Access governed by IAM — scope read permissions per project or service

Sources

Collected automatically across the platform:

  • Functions — output captured on every invocation
  • Machines — system and application logs via the INET log agent
  • Buckets — access and audit logs per object operation
  • Platform — auth activity, IAM changes, and billing events
  • Events — full delivery history per event

Query & Retention

  • Full-text and structured search across all log sources
  • Filter by service, region, time range, or log level
  • Configurable retention per project
  • Export to a Bucket for long-term archival

Metrics

  • Built-in — CPU, memory, network, invocation rates, and request totals; no configuration required
  • Custom — push application metrics via the INET API or SDK
  • Alerting — trigger Functions or publish Events when a metric crosses a threshold

IAM

Fine-grained access control for every resource on the platform. Define who can do what — across projects, services, and API consumers — without a separate identity system.

Every API call is authorized against IAM policy. Access decisions are logged automatically.

  • Bucket access keys, Function service accounts, and Machine credentials managed through one interface
  • IAM policy changes publish Events — trigger workflows on permission updates
  • Every Secret read and rotation captured in Logs

Roles & Permissions

  • Built-in roles — ready to assign without configuration
  • Custom roles — per-resource permission sets for precise access control
  • Service accounts — non-human identities for CI/CD, Functions, and automation
  • Temporary credentials — short-lived access for delegated workflows

Keys & Tokens

  • API keys scoped to a project, service, or individual resource
  • Tokens for user-delegated access from third-party integrations
  • Key rotation with zero-downtime overlap
  • Full audit log of every key issuance, rotation, and revocation

Secrets

  • Secure storage — encrypted at rest; never exposed in logs or API responses
  • Injection — mount as environment variables or files into Functions and Machines
  • Versioning — every write creates a new version; roll back or pin per resource
  • Rotation — automatic rotation on a configurable schedule