🚀Launch Week 13: June 8th - 12th, 2026🚀
← Changelog

gcp-notebooks v5.4.0 - Workbench Instance resource type and security controls

Jun 04, 2026GuardrailsMods

What's new?

  • Added security and lifecycle controls for the GCP > Notebooks > Instance resource type. New controls: Active (age / last modified, delete-only), Idle Shutdown, and Root Access as standalone setting controls, the Allowed family (Allowed > Custom, Allowed > Region, Allowed > Encryption at Rest, Allowed > Public IP), and Labels. Idle Shutdown and Root Access reconcile the Workbench gceSetup.metadata keys via a new Set Metadata action; Labels reconciles via patch; Allowed > Public IP and Allowed > Encryption at Rest are delete-only because the underlying fields are create-time on a Workbench Instance. Instance create / update / delete Cloud Audit Log events are now wired so the CMDB stays current.
  • Added the GCP > Notebooks > Instance resource type, modelled against the Notebooks API v2 (Vertex AI Workbench instances), with CMDB and Discovery controls. Guardrails now discovers and records Workbench instances per region, capturing the gceSetup configuration, labels, and lifecycle timestamps. The mod's permission set was reworked off the legacy Notebooks v1 notebooks.environments.* permissions, retaining the v2 notebooks.instances.* set.

Resource Types

Added

  • GCP > Notebooks > Instance

Control Types

Added

  • GCP > Notebooks > Instance > Active
  • GCP > Notebooks > Instance > Allowed
  • GCP > Notebooks > Instance > Allowed > Custom
  • GCP > Notebooks > Instance > Allowed > Encryption at Rest
  • GCP > Notebooks > Instance > Allowed > Public IP
  • GCP > Notebooks > Instance > Allowed > Region
  • GCP > Notebooks > Instance > CMDB
  • GCP > Notebooks > Instance > Discovery
  • GCP > Notebooks > Instance > Idle Shutdown
  • GCP > Notebooks > Instance > Labels
  • GCP > Notebooks > Instance > Root Access

Policy Types

Added

  • GCP > Notebooks > Instance > Active
  • GCP > Notebooks > Instance > Active > Age
  • GCP > Notebooks > Instance > Active > Last Modified
  • GCP > Notebooks > Instance > Allowed
  • GCP > Notebooks > Instance > Allowed > Custom
  • GCP > Notebooks > Instance > Allowed > Custom > Rules
  • GCP > Notebooks > Instance > Allowed > Encryption at Rest
  • GCP > Notebooks > Instance > Allowed > Encryption at Rest > Level
  • GCP > Notebooks > Instance > Allowed > Encryption at Rest > Level > Customer Managed Key
  • GCP > Notebooks > Instance > Allowed > Public IP
  • GCP > Notebooks > Instance > Allowed > Region
  • GCP > Notebooks > Instance > Allowed > Region > Regions
  • GCP > Notebooks > Instance > CMDB
  • GCP > Notebooks > Instance > Idle Shutdown
  • GCP > Notebooks > Instance > Idle Shutdown > Timeout
  • GCP > Notebooks > Instance > Labels
  • GCP > Notebooks > Instance > Labels > Template
  • GCP > Notebooks > Instance > Regions
  • GCP > Notebooks > Instance > Root Access

Action Types

Added

  • GCP > Notebooks > Instance > Delete
  • GCP > Notebooks > Instance > Router
  • GCP > Notebooks > Instance > Set Labels
  • GCP > Notebooks > Instance > Set Metadata