Control types for @turbot/gcp-appengine

• GCP > App Engine > API Enabled
• GCP > App Engine > Application > CMDB
• GCP > App Engine > Application > Discovery
• GCP > App Engine > CMDB
• GCP > App Engine > Discovery
• GCP > App Engine > Firewall Rule > Active
• GCP > App Engine > Firewall Rule > Approved
• GCP > App Engine > Firewall Rule > CMDB
• GCP > App Engine > Firewall Rule > Discovery
• GCP > App Engine > Instance > Active
• GCP > App Engine > Instance > Approved
• GCP > App Engine > Instance > CMDB
• GCP > App Engine > Instance > Discovery
• GCP > App Engine > Instance > Usage
• GCP > App Engine > Service > Active
• GCP > App Engine > Service > Approved
• GCP > App Engine > Service > CMDB
• GCP > App Engine > Service > Discovery
• GCP > App Engine > Service > Labels
• GCP > App Engine > Service > Usage
• GCP > App Engine > Version > Active
• GCP > App Engine > Version > Approved
• GCP > App Engine > Version > CMDB
• GCP > App Engine > Version > Discovery
• GCP > App Engine > Version > Usage

GCP > App Engine > API Enabled

Check whether GCP App Engine API is enabled.

API Enabled refers specifically to the API state of a service in a cloud project.
This control determines whether the API state is set as per desired level.

The GCP > App Engine > API Enabled control compares
the API state against the API Enabled policies,
raises an alarm, and takes the defined enforcement action.

GCP > App Engine > Application > CMDB

Record and synchronize details for the GCP App Engine application into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > App Engine > Application > Discovery

Discover GCP App Engine application resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > App Engine > CMDB

Record and synchronize details for the GCP App Engine into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > App Engine > Discovery

Discover GCP App Engine resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > App Engine > Firewall Rule > Active

Take an action when an GCP App Engine firewall rule is not active based on the
GCP > App Engine > Firewall Rule > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > App Engine > Firewall Rule > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > App Engine > Firewall Rule > Approved

Take an action when a GCP App Engine firewall rule is not approved based on GCP > App Engine > Firewall Rule > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

See Approved for more information.

GCP > App Engine > Firewall Rule > CMDB

Record and synchronize details for the GCP App Engine firewall rule into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > App Engine > Firewall Rule > Discovery

Discover GCP App Engine firewall rule resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > App Engine > Instance > Active

Take an action when an GCP App Engine instance is not active based on the
GCP > App Engine > Instance > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > App Engine > Instance > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > App Engine > Instance > Approved

Take an action when a GCP App Engine instance is not approved based on GCP > App Engine > Instance > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > App Engine > Instance > CMDB

Record and synchronize details for the GCP App Engine instance into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > App Engine > Instance > Discovery

Discover GCP App Engine instance resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > App Engine > Instance > Usage

The Usage control determines whether the number of GCP App Engine instance resources exceeds the configured usage limit for this version.

You can configure the behavior of this control with the GCP > App Engine > Instance > Usage policy, and set the limit with the GCP > App Engine > Instance > Usage > Limit policy.

GCP > App Engine > Service > Active

Take an action when an GCP App Engine service is not active based on the
GCP > App Engine > Service > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > App Engine > Service > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > App Engine > Service > Approved

Take an action when a GCP App Engine service is not approved based on GCP > App Engine > Service > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > App Engine > Service > CMDB

Record and synchronize details for the GCP App Engine service into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > App Engine > Service > Discovery

Discover GCP App Engine service resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > App Engine > Service > Labels

Take an action when an GCP App Engine service labels is not updated based on the GCP > App Engine > Service > Labels > * policies.

If the resource is not updated with the labels defined in GCP > App Engine > Service > Labels > Template, this control raises an alarm and takes the defined enforcement action.

See Labels for more information.

GCP > App Engine > Service > Usage

The Usage control determines whether the number of GCP App Engine service resources exceeds the configured usage limit for this application.

You can configure the behavior of this control with the GCP > App Engine > Service > Usage policy, and set the limit with the GCP > App Engine > Service > Usage > Limit policy.

GCP > App Engine > Version > Active

Take an action when an GCP App Engine version is not active based on the
GCP > App Engine > Version > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > App Engine > Version > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > App Engine > Version > Approved

Take an action when a GCP App Engine version is not approved based on GCP > App Engine > Version > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > App Engine > Version > CMDB

Record and synchronize details for the GCP App Engine version into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > App Engine > Version > Discovery

Discover GCP App Engine version resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > App Engine > Version > Usage

The Usage control determines whether the number of GCP App Engine version resources exceeds the configured usage limit for this service.

You can configure the behavior of this control with the GCP > App Engine > Version > Usage policy, and set the limit with the GCP > App Engine > Version > Usage > Limit policy.