Control types for @turbot/gcp-appengine
- GCP > App Engine > API Enabled
- GCP > App Engine > Application > CMDB
- GCP > App Engine > Application > Discovery
- GCP > App Engine > CMDB
- GCP > App Engine > Discovery
- GCP > App Engine > Firewall Rule > Active
- GCP > App Engine > Firewall Rule > Approved
- GCP > App Engine > Firewall Rule > CMDB
- GCP > App Engine > Firewall Rule > Discovery
- GCP > App Engine > Instance > Active
- GCP > App Engine > Instance > Approved
- GCP > App Engine > Instance > CMDB
- GCP > App Engine > Instance > Discovery
- GCP > App Engine > Instance > Usage
- GCP > App Engine > Service > Active
- GCP > App Engine > Service > Approved
- GCP > App Engine > Service > CMDB
- GCP > App Engine > Service > Discovery
- GCP > App Engine > Service > Labels
- GCP > App Engine > Service > Usage
- GCP > App Engine > Version > Active
- GCP > App Engine > Version > Approved
- GCP > App Engine > Version > CMDB
- GCP > App Engine > Version > Discovery
- GCP > App Engine > Version > Usage
GCP > App Engine > API Enabled
Check whether GCP App Engine API is enabled.
API Enabled refers specifically to the API state of a service in a cloud project.
This control determines whether the API state is set as per desired level.
The GCP > App Engine > API Enabled
control compares
the API state against the API Enabled policies,
raises an alarm, and takes the defined enforcement action.
tmod:@turbot/gcp-appengine#/control/types/appEngineApiEnabled
GCP > App Engine > Application > CMDB
Record and synchronize details for the GCP App Engine application into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-appengine#/control/types/applicationCmdb
GCP > App Engine > Application > Discovery
Discover GCP App Engine application resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-appengine#/control/types/applicationDiscovery
GCP > App Engine > CMDB
Record and synchronize details for the GCP App Engine into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-appengine#/control/types/appEngineCmdb
GCP > App Engine > Discovery
Discover GCP App Engine resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-appengine#/control/types/appEngineDiscovery
GCP > App Engine > Firewall Rule > Active
Take an action when an GCP App Engine firewall rule is not active based on theGCP > App Engine > Firewall Rule > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > App Engine > Firewall Rule > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-appengine#/control/types/firewallRuleActive
GCP > App Engine > Firewall Rule > Approved
Take an action when a GCP App Engine firewall rule is not approved based on GCP > App Engine > Firewall Rule > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
See Approved for more information.
tmod:@turbot/gcp-appengine#/control/types/firewallRuleApproved
GCP > App Engine > Firewall Rule > CMDB
Record and synchronize details for the GCP App Engine firewall rule into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-appengine#/control/types/firewallRuleCmdb
GCP > App Engine > Firewall Rule > Discovery
Discover GCP App Engine firewall rule resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-appengine#/control/types/firewallRuleDiscovery
GCP > App Engine > Instance > Active
Take an action when an GCP App Engine instance is not active based on theGCP > App Engine > Instance > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > App Engine > Instance > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-appengine#/control/types/instanceActive
GCP > App Engine > Instance > Approved
Take an action when a GCP App Engine instance is not approved based on GCP > App Engine > Instance > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-appengine#/control/types/instanceApproved
GCP > App Engine > Instance > CMDB
Record and synchronize details for the GCP App Engine instance into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-appengine#/control/types/instanceCmdb
GCP > App Engine > Instance > Discovery
Discover GCP App Engine instance resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-appengine#/control/types/instanceDiscovery
GCP > App Engine > Instance > Usage
The Usage control determines whether the number of GCP App Engine instance resources exceeds the configured usage limit for this version.
You can configure the behavior of this control with the GCP > App Engine > Instance > Usage
policy, and set the limit with the GCP > App Engine > Instance > Usage > Limit
policy.
tmod:@turbot/gcp-appengine#/control/types/instanceUsage
GCP > App Engine > Service > Active
Take an action when an GCP App Engine service is not active based on theGCP > App Engine > Service > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > App Engine > Service > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-appengine#/control/types/serviceActive
GCP > App Engine > Service > Approved
Take an action when a GCP App Engine service is not approved based on GCP > App Engine > Service > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-appengine#/control/types/serviceApproved
GCP > App Engine > Service > CMDB
Record and synchronize details for the GCP App Engine service into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-appengine#/control/types/serviceCmdb
GCP > App Engine > Service > Discovery
Discover GCP App Engine service resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-appengine#/control/types/serviceDiscovery
GCP > App Engine > Service > Labels
Take an action when an GCP App Engine service labels is not updated based on the GCP > App Engine > Service > Labels > *
policies.
If the resource is not updated with the labels defined in GCP > App Engine > Service > Labels > Template
, this control raises an alarm and takes the defined enforcement action.
See Labels for more information.
tmod:@turbot/gcp-appengine#/control/types/serviceLabels
GCP > App Engine > Service > Usage
The Usage control determines whether the number of GCP App Engine service resources exceeds the configured usage limit for this application.
You can configure the behavior of this control with the GCP > App Engine > Service > Usage
policy, and set the limit with the GCP > App Engine > Service > Usage > Limit
policy.
tmod:@turbot/gcp-appengine#/control/types/serviceUsage
GCP > App Engine > Version > Active
Take an action when an GCP App Engine version is not active based on theGCP > App Engine > Version > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > App Engine > Version > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-appengine#/control/types/versionActive
GCP > App Engine > Version > Approved
Take an action when a GCP App Engine version is not approved based on GCP > App Engine > Version > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-appengine#/control/types/versionApproved
GCP > App Engine > Version > CMDB
Record and synchronize details for the GCP App Engine version into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-appengine#/control/types/versionCmdb
GCP > App Engine > Version > Discovery
Discover GCP App Engine version resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-appengine#/control/types/versionDiscovery
GCP > App Engine > Version > Usage
The Usage control determines whether the number of GCP App Engine version resources exceeds the configured usage limit for this service.
You can configure the behavior of this control with the GCP > App Engine > Version > Usage
policy, and set the limit with the GCP > App Engine > Version > Usage > Limit
policy.
tmod:@turbot/gcp-appengine#/control/types/versionUsage