@turbot/gcp-computeengine

The gcp-computeengine mod contains resource, control and policy definitions for GCP Compute Engine service.

Recommended Version

Version

5.18.1

Released On

Feb 16, 2024

Depends On

@turbot/gcp ^5.0.0
@turbot/turbot ^5.22.0
@turbot/turbot-iam ^5.0.0
@turbot/gcp-iam ^5.0.0

Release Notes

5.18.1 (2024-02-16)

Bug fixes

The GCP > Compute Engine > Instance Template > CMDB control would sometimes go into an error state due to a bad internal build. This is fixed and the control will now work as expected.

5.18.0 (2024-02-05)

What's new?

We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.17.0 (2023-11-17)

Policy Types

GCP > Compute Engine > Image > Policy > Trusted Access > All Authenticated
GCP > Compute Engine > Image > Policy > Trusted Access > All Users

5.16.0 (2023-09-15)

What's new?

Added support for new asia-northeast3, asia-south2, asia-southeast2, australia-southeast2, europe-central2, europe-southwest1, europe-west10, europe-west12, europe-west8, europe-west9, me-central1, me-west1, northamerica-northeast2, southamerica-west1, us-east5, us-south1, us-west3 and us-west4 regions in the GCP > Compute Engine > Regions policy.
Rebranded to a Guardrails Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

Bug fixes

The real-time Event Handlers would sometimes fail to upsert data disks attached to instances in Guardrails CMDB. This is now fixed.

5.15.1 (2023-06-30)

Bug fixes

We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.15.0 (2023-06-15)

What's new?

Resource's metadata will now also include createdBy details in Guardrails CMDB.
README.md file is now available for users to check details about the resource types and service permissions that the mod covers.

5.14.1 (2023-04-12)

Bug fixes

We've updated the runtime of the lambda functions to node 16. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.14.0 (2022-10-11)

What's new?

Users can now force an Image to be inactive if the Image is more than 120 days old. To get started, set the GCP > Compute Engine > Image > Active > Age policy to Force inactive if age > 120 days.

5.13.0 (2022-08-11)

Action Types

GCP > Compute Engine > Disable Compute Engine API
GCP > Compute Engine > Disk > Delete from GCP
GCP > Compute Engine > Disk > Set Labels
GCP > Compute Engine > Disk > Skip alarm for Active control
GCP > Compute Engine > Disk > Skip alarm for Active control [90 days]
GCP > Compute Engine > Disk > Skip alarm for Approved control
GCP > Compute Engine > Disk > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Disk > Skip alarm for Labels control
GCP > Compute Engine > Disk > Skip alarm for Labels control [90 days]
GCP > Compute Engine > Enable Compute Engine API
GCP > Compute Engine > HTTP Health Check > Delete from GCP
GCP > Compute Engine > HTTP Health Check > Skip alarm for Active control
GCP > Compute Engine > HTTP Health Check > Skip alarm for Active control [90 days]
GCP > Compute Engine > HTTP Health Check > Skip alarm for Approved control
GCP > Compute Engine > HTTP Health Check > Skip alarm for Approved control [90 days]
GCP > Compute Engine > HTTPS Health Check > Delete from GCP
GCP > Compute Engine > HTTPS Health Check > Skip alarm for Active control
GCP > Compute Engine > HTTPS Health Check > Skip alarm for Active control [90 days]
GCP > Compute Engine > HTTPS Health Check > Skip alarm for Approved control
GCP > Compute Engine > HTTPS Health Check > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Health Check > Delete from GCP
GCP > Compute Engine > Health Check > Skip alarm for Active control
GCP > Compute Engine > Health Check > Skip alarm for Active control [90 days]
GCP > Compute Engine > Health Check > Skip alarm for Approved control
GCP > Compute Engine > Health Check > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Image > Delete from GCP
GCP > Compute Engine > Image > Set Labels
GCP > Compute Engine > Image > Skip alarm for Active control
GCP > Compute Engine > Image > Skip alarm for Active control [90 days]
GCP > Compute Engine > Image > Skip alarm for Approved control
GCP > Compute Engine > Image > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Image > Skip alarm for Labels control
GCP > Compute Engine > Image > Skip alarm for Labels control [90 days]
GCP > Compute Engine > Instance > Delete from GCP
GCP > Compute Engine > Instance > Disable Deletion Protection
GCP > Compute Engine > Instance > Enable Deletion Protection
GCP > Compute Engine > Instance > Set Labels
GCP > Compute Engine > Instance > Skip alarm for Active control
GCP > Compute Engine > Instance > Skip alarm for Active control [90 days]
GCP > Compute Engine > Instance > Skip alarm for Approved control
GCP > Compute Engine > Instance > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Instance > Skip alarm for Labels control
GCP > Compute Engine > Instance > Skip alarm for Labels control [90 days]
GCP > Compute Engine > Instance > Start Instance
GCP > Compute Engine > Instance > Stop Instance
GCP > Compute Engine > Instance Template > Delete from GCP
GCP > Compute Engine > Instance Template > Skip alarm for Active control
GCP > Compute Engine > Instance Template > Skip alarm for Active control [90 days]
GCP > Compute Engine > Instance Template > Skip alarm for Approved control
GCP > Compute Engine > Instance Template > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Node Group > Delete from GCP
GCP > Compute Engine > Node Group > Skip alarm for Active control
GCP > Compute Engine > Node Group > Skip alarm for Active control [90 days]
GCP > Compute Engine > Node Group > Skip alarm for Approved control
GCP > Compute Engine > Node Group > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Node template > Delete from GCP
GCP > Compute Engine > Node template > Skip alarm for Active control
GCP > Compute Engine > Node template > Skip alarm for Active control [90 days]
GCP > Compute Engine > Node template > Skip alarm for Approved control
GCP > Compute Engine > Node template > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Project > Disable OS Login
GCP > Compute Engine > Project > Enable OS Login
GCP > Compute Engine > Region Disk > Delete from GCP
GCP > Compute Engine > Region Disk > Set Labels
GCP > Compute Engine > Region Disk > Skip alarm for Active control
GCP > Compute Engine > Region Disk > Skip alarm for Active control [90 days]
GCP > Compute Engine > Region Disk > Skip alarm for Approved control
GCP > Compute Engine > Region Disk > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Region Disk > Skip alarm for Labels control
GCP > Compute Engine > Region Disk > Skip alarm for Labels control [90 days]
GCP > Compute Engine > Region Health Check > Delete from GCP
GCP > Compute Engine > Region Health Check > Skip alarm for Active control
GCP > Compute Engine > Region Health Check > Skip alarm for Active control [90 days]
GCP > Compute Engine > Region Health Check > Skip alarm for Approved control
GCP > Compute Engine > Region Health Check > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Snapshot > Delete from GCP
GCP > Compute Engine > Snapshot > Set Labels
GCP > Compute Engine > Snapshot > Skip alarm for Active control
GCP > Compute Engine > Snapshot > Skip alarm for Active control [90 days]
GCP > Compute Engine > Snapshot > Skip alarm for Approved control
GCP > Compute Engine > Snapshot > Skip alarm for Approved control [90 days]
GCP > Compute Engine > Snapshot > Skip alarm for Labels control
GCP > Compute Engine > Snapshot > Skip alarm for Labels control [90 days]

5.12.1 (2022-06-09)

Bug fixes

The GCP > Compute Engine > Instance > CMDB control would fail to update disk details when a disk was detached from an instance. This is now fixed.

5.12.0 (2022-02-17)

What's new?

Users can now create their own custom checks against resource attributes in the Approved control using the Approved > Custom policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.

Bug fixes

We've improved the process of deleting resources from Guardrails if their CMDB policy was set to Enforce: Disabled. The CMDB controls will now not look to resolve credentials via Guardrails' IAM role while deleting resources from Guardrails. This will allow the CMDB controls to process resource deletions from Guardrails more reliably than before.

Policy Types

GCP > Compute Engine > Disk > Approved > Custom
GCP > Compute Engine > HTTP Health Check > Approved > Custom
GCP > Compute Engine > HTTPS Health Check > Approved > Custom
GCP > Compute Engine > Health Check > Approved > Custom
GCP > Compute Engine > Image > Approved > Custom
GCP > Compute Engine > Instance > Approved > Custom
GCP > Compute Engine > Instance Template > Approved > Custom
GCP > Compute Engine > Node Group > Approved > Custom
GCP > Compute Engine > Node template > Approved > Custom
GCP > Compute Engine > Region Disk > Approved > Custom
GCP > Compute Engine > Region Health Check > Approved > Custom
GCP > Compute Engine > Snapshot > Approved > Custom

5.11.2 (2021-09-22)

Bug fixes

The GCP > Compute Engine > Disk > Active control would go into an error state if the disk was never attached to an instance and the GCP > Compute Engine > Disk > Active > Attached policy was set to Force inactive if unattached > x days. This is fixed and the control now works as expected.

5.11.1 (2021-09-17)

Bug fixes

The GCP > Compute Engine > Disk > Active control would sometimes fail to evaluate the outcome correctly if the GCP > Compute Engine > Disk > Active > Attached policy was set to Force inactive if unattached and the disk was detached from an instance. This is fixed and the control will now work as expected.

5.11.0 (2021-08-09)

What's new?

We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.

5.10.2 (2021-04-22)

Bug fixes

Instances created and deleted via dataflow jobs were not cleaned up automatically in Guardrails. This is now fixed.

5.10.1 (2021-03-30)

Bug fixes

The GCP > Compute Engine > Disk > Active control will no longer go into an error state while checking if the disk has any attachments or not.

5.10.0 (2021-03-24)

What's new?

We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

After an instance is deleted, GCP either deletes or detaches any attached disks based on the disks' autoDelete setting. For these disks, we'd fail to delete or update them respectively in CMDB after handling the instance delete event. Both of these cases are now fixed and disks are deleted and updated as expected.

5.9.1 (2021-02-08)

Bug fixes

The GCP > Compute Engine > Disk > Data Protection control would sometimes fail to create snapshots if the new snapshot name was over 64 characters (the limit from GCP). The new snapshot name will now be truncated to limit the length to a maximum of 64 characters.
Controls run faster now when in the tbd and skipped states thanks to the new Guardrails Precheck feature (not to be confused with TSA PreCheck). With Guardrails Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

5.9.0 (2020-12-24)

What's new?

VM Instances created via dataproc cluster will now have canIpForward property in its CMDB data. This property will be set to false by default.

Bug fixes

We've updated the GCP > * > Set API Enabled actions to use the latest API calls when checking the state of the service in the GCP project. There's no noticeable difference, but things should run smoother now.

5.8.1 (2020-11-02)

Bug fixes

We've updated the Discovery controls for resources to now move to skipped instead of invalid if the service API is disabled in the project and the GCP > {service} > API Enabled policy is checking if the API is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the service API.

5.8.0 (2020-10-12)

What's new?

With the addition of GCP > Compute Engine > Instance > External IP Addresses control you can now easily manage the external IP addresses assigned to an instance. To enable this control, please set the GCP > Compute Engine > Instance > External IP Addresses policy.

Control Types

GCP > Compute Engine > Instance > External IP Addresses

Policy Types

GCP > Compute Engine > Instance > External IP Addresses

Action Types

GCP > Compute Engine > Instance > Delete Access Configs

5.7.0 (2020-10-06)

What's new?

The GCP > Compute Engine > Disk > Active control can now check if a disk is attached to any resource or not. To enable this active check, please set the GCP > Compute Engine > Disk > Active > Attached policy.

Policy Types

GCP > Compute Engine > Disk > Active > Attached

5.6.0 (2020-09-29)

Resource Types

GCP > Compute Engine > HTTP Health Check
GCP > Compute Engine > HTTPS Health Check

Control Types

GCP > Compute Engine > HTTP Health Check > Active
GCP > Compute Engine > HTTP Health Check > Approved
GCP > Compute Engine > HTTP Health Check > CMDB
GCP > Compute Engine > HTTP Health Check > Discovery
GCP > Compute Engine > HTTP Health Check > Usage
GCP > Compute Engine > HTTPS Health Check > Active
GCP > Compute Engine > HTTPS Health Check > Approved
GCP > Compute Engine > HTTPS Health Check > CMDB
GCP > Compute Engine > HTTPS Health Check > Discovery
GCP > Compute Engine > HTTPS Health Check > Usage

Policy Types

GCP > Compute Engine > HTTP Health Check > Active
GCP > Compute Engine > HTTP Health Check > Active > Age
GCP > Compute Engine > HTTP Health Check > Active > Last Modified
GCP > Compute Engine > HTTP Health Check > Approved
GCP > Compute Engine > HTTP Health Check > Approved > Usage
GCP > Compute Engine > HTTP Health Check > CMDB
GCP > Compute Engine > HTTP Health Check > Usage
GCP > Compute Engine > HTTP Health Check > Usage > Limit
GCP > Compute Engine > HTTPS Health Check > Active
GCP > Compute Engine > HTTPS Health Check > Active > Age
GCP > Compute Engine > HTTPS Health Check > Active > Last Modified
GCP > Compute Engine > HTTPS Health Check > Approved
GCP > Compute Engine > HTTPS Health Check > Approved > Usage
GCP > Compute Engine > HTTPS Health Check > CMDB
GCP > Compute Engine > HTTPS Health Check > Usage
GCP > Compute Engine > HTTPS Health Check > Usage > Limit

Action Types

GCP > Compute Engine > HTTP Health Check > Delete
GCP > Compute Engine > HTTPS Health Check > Delete

5.5.0 (2020-09-16)

What's new?

We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.

Resource Types

GCP > Compute Engine > Region Health Check

Control Types

GCP > Compute Engine > Region Health Check > Active
GCP > Compute Engine > Region Health Check > Approved
GCP > Compute Engine > Region Health Check > CMDB
GCP > Compute Engine > Region Health Check > Discovery
GCP > Compute Engine > Region Health Check > Usage

Policy Types

GCP > Compute Engine > Region Health Check > Active
GCP > Compute Engine > Region Health Check > Active > Age
GCP > Compute Engine > Region Health Check > Active > Last Modified
GCP > Compute Engine > Region Health Check > Approved
GCP > Compute Engine > Region Health Check > Approved > Regions
GCP > Compute Engine > Region Health Check > Approved > Usage
GCP > Compute Engine > Region Health Check > CMDB
GCP > Compute Engine > Region Health Check > Regions
GCP > Compute Engine > Region Health Check > Usage
GCP > Compute Engine > Region Health Check > Usage > Limit

Action Types

GCP > Compute Engine > Region Health Check > Delete

5.4.0 (2020-09-01)

What's new?

Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.
We've renamed the service's default regions policy from Regions [Default] to Regions to be consistent with our other regions policies.

5.3.0 (2020-08-13)

What's new?

We now support controlling access for disks, images, instances, node groups and node templates to provide automatic protection against unexpected access from projects, domains, groups, users, and service accounts.
To get started with this new control, please see the compute engine resource's Trusted Access polices and all of their sub-policies to specify which IAM resources are allowed to access them.

Control Types

GCP > Compute Engine > Disk > Policy
GCP > Compute Engine > Disk > Policy > Trusted Access
GCP > Compute Engine > Image > Policy
GCP > Compute Engine > Image > Policy > Trusted Access
GCP > Compute Engine > Instance > Policy
GCP > Compute Engine > Instance > Policy > Trusted Access
GCP > Compute Engine > Instance Template > Policy
GCP > Compute Engine > Instance Template > Policy > Trusted Access
GCP > Compute Engine > Node Group > Policy
GCP > Compute Engine > Node Group > Policy > Trusted Access
GCP > Compute Engine > Node template > Policy
GCP > Compute Engine > Node template > Policy > Trusted Access

Policy Types

GCP > Compute Engine > Disk > Policy
GCP > Compute Engine > Disk > Policy > Trusted Access
GCP > Compute Engine > Disk > Policy > Trusted Access > Domains
GCP > Compute Engine > Disk > Policy > Trusted Access > Groups
GCP > Compute Engine > Disk > Policy > Trusted Access > Service Accounts
GCP > Compute Engine > Disk > Policy > Trusted Access > Users
GCP > Compute Engine > Image > Policy
GCP > Compute Engine > Image > Policy > Trusted Access
GCP > Compute Engine > Image > Policy > Trusted Access > Domains
GCP > Compute Engine > Image > Policy > Trusted Access > Groups
GCP > Compute Engine > Image > Policy > Trusted Access > Service Accounts
GCP > Compute Engine > Image > Policy > Trusted Access > Users
GCP > Compute Engine > Instance > Policy
GCP > Compute Engine > Instance > Policy > Trusted Access
GCP > Compute Engine > Instance > Policy > Trusted Access > Domains
GCP > Compute Engine > Instance > Policy > Trusted Access > Groups
GCP > Compute Engine > Instance > Policy > Trusted Access > Service Accounts
GCP > Compute Engine > Instance > Policy > Trusted Access > Users
GCP > Compute Engine > Instance Template > Policy
GCP > Compute Engine > Instance Template > Policy > Trusted Access
GCP > Compute Engine > Instance Template > Policy > Trusted Access > Domains
GCP > Compute Engine > Instance Template > Policy > Trusted Access > Groups
GCP > Compute Engine > Instance Template > Policy > Trusted Access > Service Accounts
GCP > Compute Engine > Instance Template > Policy > Trusted Access > Users
GCP > Compute Engine > Node Group > Policy
GCP > Compute Engine > Node Group > Policy > Trusted Access
GCP > Compute Engine > Node Group > Policy > Trusted Access > Domains
GCP > Compute Engine > Node Group > Policy > Trusted Access > Groups
GCP > Compute Engine > Node Group > Policy > Trusted Access > Service Accounts
GCP > Compute Engine > Node Group > Policy > Trusted Access > Users
GCP > Compute Engine > Node template > Policy
GCP > Compute Engine > Node template > Policy > Trusted Access
GCP > Compute Engine > Node template > Policy > Trusted Access > Domains
GCP > Compute Engine > Node template > Policy > Trusted Access > Groups
GCP > Compute Engine > Node template > Policy > Trusted Access > Service Accounts
GCP > Compute Engine > Node template > Policy > Trusted Access > Users
GCP > Compute Engine > Trusted Domains [Default]
GCP > Compute Engine > Trusted Groups [Default]
GCP > Compute Engine > Trusted Service Accounts [Default]
GCP > Compute Engine > Trusted Users [Default]

Action Types

GCP > Compute Engine > Disk > Set Trusted Access
GCP > Compute Engine > Image > Set Trusted Access
GCP > Compute Engine > Instance > Set Trusted Access
GCP > Compute Engine > Instance Template > Set Trusted Access
GCP > Compute Engine > Node Group > Set Trusted Access
GCP > Compute Engine > Node template > Set Trusted Access

5.2.7 (2020-08-11)

Bug fixes

We’ve made improvements to our GraphQL input queries for various controls and actions. You won’t notice any differences, but things should run smoother and quicker than before.
GCP > Compute Engine > Instance > Deletion Protection and GCP > Compute Engine > Instance > Disks Auto Delete controls were in error state due to invalid GraphQL input. This issue has now been fixed.

5.2.6 (2020-07-24)

Bug fixes

Active controls for all resources were not calling the delete action properly, which meant inactive resources were not being deleted when the policy was set to enforce deletions. This has been fixed and inactive resources will now be cleaned up again.
The GCP > Compute Engine > Instance > Approved policy now includes the values Enforce: Stop unapproved and Enforce: Stop unapproved if new. With the addition of these values, it is now possible to just stop your unapproved instances instead of deleting them.

5.2.5 (2020-07-17)

Bug fixes

The GCP > Compute Engine > Disk > Data Protection control was in error due to incorrect GraphQL queries. This has now been fixed and the control is working again.

5.2.4 (2020-06-03)

What's new?

All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.

5.2.3 (2020-05-20)

Bug fixes

Approved control of an Instance remained in error state when we tried to delete an instance for which GCP > Compute Engine > Instance > Deletion Protection policy was set to Enforce: Enabled. This error has been fixed and now the Approved control remains in alarm state with appropriate warning message.

5.2.2 (2020-05-13)

Bug fixes

Several permissions did not have grant levels assigned, so when this service was enabled, the IAM permission model would be unable to calculate the full permission set across all services. The missing grant levels have been added and permission calculations are now running smoothly again.

5.2.1 (2020-05-07)

Bug fixes

After creating a snapshot, due to a bug in the Compute Engine permissions list, the GCP > Compute Engine > Disk > Router was creating a disk with a malformed AKA that was missing the disk name in the CMDB. This has been fixed and invalid disk resources are no longer being created; however, any disks that were created as a result of this bug will remain in CMDB. These disks can either be deleted manually on the Resource Details page or automatically cleaned up in a control we plan to add in a future release. We apologize for any inconvenience these pesky disks have caused.
While importing a GCP project, sometimes resources' Discovery controls would get stuck in an Invalid state due to incorrectly configured dependencies. This has been fixed and project imports should be smooth again.

5.2.0 (2020-05-04)

Bug fixes

For newly created disks, the status field would get stuck as CREATING in CMDB, even after the disk moved to the READY state. This has been fixed and the disk’s status in CMDB will remain up to date.
Several resources that have an IAM policy had an incomplete schema, which prevented the iamPolicy attribute from being used in calculated policies. This has been fixed.
Removed unused Regions policies for global resources.
When creating a snapshot with a different name than its source disk, the new snapshot resource would use the disk’s name instead of the snapshot’s name and fail to create properly. This has been fixed.

Control Types

Renamed

GCP > Compute Engine > Project > OS Login enabled to GCP > Compute Engine > Project > OS Login Enabled

Policy Types

Renamed

GCP > Compute Engine > Project > OS Login enabled to GCP > Compute Engine > Project > OS Login Enabled

Removed

GCP > Compute Engine > Instance Template > Regions

5.1.0 (2020-04-13)

What's new?

Services can now be enabled as Metadata only, restricting users to only use metadata level permissions.

Bug fixes

Many calculations for Permissions > Compiled > Service Permissions were in error due to a missing library. This is now fixed.

5.0.0 (2020-04-08)

Resource Types

GCP > Compute Engine
GCP > Compute Engine > Disk
GCP > Compute Engine > Health Check
GCP > Compute Engine > Image
GCP > Compute Engine > Instance
GCP > Compute Engine > Instance Template
GCP > Compute Engine > Node Group
GCP > Compute Engine > Node template
GCP > Compute Engine > Project
GCP > Compute Engine > Region Disk
GCP > Compute Engine > Snapshot

Control Types

GCP > Compute Engine > API Enabled
GCP > Compute Engine > CMDB
GCP > Compute Engine > Discovery
GCP > Compute Engine > Disk > Active
GCP > Compute Engine > Disk > Approved
GCP > Compute Engine > Disk > CMDB
GCP > Compute Engine > Disk > Data Protection
GCP > Compute Engine > Disk > Discovery
GCP > Compute Engine > Disk > Labels
GCP > Compute Engine > Disk > Usage
GCP > Compute Engine > Health Check > Active
GCP > Compute Engine > Health Check > Approved
GCP > Compute Engine > Health Check > CMDB
GCP > Compute Engine > Health Check > Discovery
GCP > Compute Engine > Health Check > Usage
GCP > Compute Engine > Image > Active
GCP > Compute Engine > Image > Approved
GCP > Compute Engine > Image > CMDB
GCP > Compute Engine > Image > Discovery
GCP > Compute Engine > Image > Labels
GCP > Compute Engine > Image > Usage
GCP > Compute Engine > Instance > Active
GCP > Compute Engine > Instance > Approved
GCP > Compute Engine > Instance > Block Project Wide SSH Keys
GCP > Compute Engine > Instance > CMDB
GCP > Compute Engine > Instance > Deletion Protection
GCP > Compute Engine > Instance > Discovery
GCP > Compute Engine > Instance > Disks Auto Delete
GCP > Compute Engine > Instance > Labels
GCP > Compute Engine > Instance > Schedule
GCP > Compute Engine > Instance > Serial Port Access
GCP > Compute Engine > Instance > Usage
GCP > Compute Engine > Instance Template > Active
GCP > Compute Engine > Instance Template > Approved
GCP > Compute Engine > Instance Template > CMDB
GCP > Compute Engine > Instance Template > Discovery
GCP > Compute Engine > Instance Template > Usage
GCP > Compute Engine > Node Group > Active
GCP > Compute Engine > Node Group > Approved
GCP > Compute Engine > Node Group > CMDB
GCP > Compute Engine > Node Group > Discovery
GCP > Compute Engine > Node Group > Usage
GCP > Compute Engine > Node template > Active
GCP > Compute Engine > Node template > Approved
GCP > Compute Engine > Node template > CMDB
GCP > Compute Engine > Node template > Discovery
GCP > Compute Engine > Node template > Usage
GCP > Compute Engine > Project > CMDB
GCP > Compute Engine > Project > Discovery
GCP > Compute Engine > Project > OS Login enabled
GCP > Compute Engine > Region Disk > Active
GCP > Compute Engine > Region Disk > Approved
GCP > Compute Engine > Region Disk > CMDB
GCP > Compute Engine > Region Disk > Discovery
GCP > Compute Engine > Region Disk > Labels
GCP > Compute Engine > Region Disk > Usage
GCP > Compute Engine > Snapshot > Active
GCP > Compute Engine > Snapshot > Approved
GCP > Compute Engine > Snapshot > CMDB
GCP > Compute Engine > Snapshot > Discovery
GCP > Compute Engine > Snapshot > Labels
GCP > Compute Engine > Snapshot > Usage

Policy Types

GCP > Compute Engine > API Enabled
GCP > Compute Engine > Approved Regions [Default]
GCP > Compute Engine > CMDB
GCP > Compute Engine > Disk > Active
GCP > Compute Engine > Disk > Active > Age
GCP > Compute Engine > Disk > Active > Last Modified
GCP > Compute Engine > Disk > Approved
GCP > Compute Engine > Disk > Approved > Encryption at Rest
GCP > Compute Engine > Disk > Approved > Encryption at Rest > Customer Managed Key
GCP > Compute Engine > Disk > Approved > Regions
GCP > Compute Engine > Disk > Approved > Usage
GCP > Compute Engine > Disk > CMDB
GCP > Compute Engine > Disk > Data Protection
GCP > Compute Engine > Disk > Data Protection > Managed Snapshots
GCP > Compute Engine > Disk > Data Protection > Managed Snapshots > Location
GCP > Compute Engine > Disk > Data Protection > Managed Snapshots > Minimum Schedule
GCP > Compute Engine > Disk > Data Protection > Managed Snapshots > Name Prefix
GCP > Compute Engine > Disk > Data Protection > Managed Snapshots > Schedule
GCP > Compute Engine > Disk > Data Protection > Managed Snapshots > VSS
GCP > Compute Engine > Disk > Labels
GCP > Compute Engine > Disk > Labels > Template
GCP > Compute Engine > Disk > Regions
GCP > Compute Engine > Disk > Usage
GCP > Compute Engine > Disk > Usage > Limit
GCP > Compute Engine > Enabled
GCP > Compute Engine > Health Check > Active
GCP > Compute Engine > Health Check > Active > Age
GCP > Compute Engine > Health Check > Active > Last Modified
GCP > Compute Engine > Health Check > Approved
GCP > Compute Engine > Health Check > Approved > Usage
GCP > Compute Engine > Health Check > CMDB
GCP > Compute Engine > Health Check > Usage
GCP > Compute Engine > Health Check > Usage > Limit
GCP > Compute Engine > Image > Active
GCP > Compute Engine > Image > Active > Age
GCP > Compute Engine > Image > Active > Last Modified
GCP > Compute Engine > Image > Approved
GCP > Compute Engine > Image > Approved > Encryption at Rest
GCP > Compute Engine > Image > Approved > Encryption at Rest > Customer Managed Key
GCP > Compute Engine > Image > Approved > Usage
GCP > Compute Engine > Image > CMDB
GCP > Compute Engine > Image > Labels
GCP > Compute Engine > Image > Labels > Template
GCP > Compute Engine > Image > Usage
GCP > Compute Engine > Image > Usage > Limit
GCP > Compute Engine > Instance > Active
GCP > Compute Engine > Instance > Active > Age
GCP > Compute Engine > Instance > Active > Last Modified
GCP > Compute Engine > Instance > Approved
GCP > Compute Engine > Instance > Approved > IP Forwarding
GCP > Compute Engine > Instance > Approved > Regions
GCP > Compute Engine > Instance > Approved > Usage
GCP > Compute Engine > Instance > Block Project Wide SSH Keys
GCP > Compute Engine > Instance > CMDB
GCP > Compute Engine > Instance > Deletion Protection
GCP > Compute Engine > Instance > Disks Auto Delete
GCP > Compute Engine > Instance > Labels
GCP > Compute Engine > Instance > Labels > Template
GCP > Compute Engine > Instance > Regions
GCP > Compute Engine > Instance > Schedule
GCP > Compute Engine > Instance > Schedule > Tag
GCP > Compute Engine > Instance > Serial Port Access
GCP > Compute Engine > Instance > Usage
GCP > Compute Engine > Instance > Usage > Limit
GCP > Compute Engine > Instance Template > Active
GCP > Compute Engine > Instance Template > Active > Age
GCP > Compute Engine > Instance Template > Active > Last Modified
GCP > Compute Engine > Instance Template > Approved
GCP > Compute Engine > Instance Template > Approved > Usage
GCP > Compute Engine > Instance Template > CMDB
GCP > Compute Engine > Instance Template > Regions
GCP > Compute Engine > Instance Template > Usage
GCP > Compute Engine > Instance Template > Usage > Limit
GCP > Compute Engine > Labels Template [Default]
GCP > Compute Engine > Node Group > Active
GCP > Compute Engine > Node Group > Active > Age
GCP > Compute Engine > Node Group > Active > Last Modified
GCP > Compute Engine > Node Group > Approved
GCP > Compute Engine > Node Group > Approved > Regions
GCP > Compute Engine > Node Group > Approved > Usage
GCP > Compute Engine > Node Group > CMDB
GCP > Compute Engine > Node Group > Regions
GCP > Compute Engine > Node Group > Usage
GCP > Compute Engine > Node Group > Usage > Limit
GCP > Compute Engine > Node template > Active
GCP > Compute Engine > Node template > Active > Age
GCP > Compute Engine > Node template > Active > Last Modified
GCP > Compute Engine > Node template > Approved
GCP > Compute Engine > Node template > Approved > Regions
GCP > Compute Engine > Node template > Approved > Usage
GCP > Compute Engine > Node template > CMDB
GCP > Compute Engine > Node template > Regions
GCP > Compute Engine > Node template > Usage
GCP > Compute Engine > Node template > Usage > Limit
GCP > Compute Engine > Permissions
GCP > Compute Engine > Permissions > Levels
GCP > Compute Engine > Permissions > Levels > Autoscaler Administration
GCP > Compute Engine > Permissions > Levels > Image Administration
GCP > Compute Engine > Permissions > Levels > Modifiers
GCP > Compute Engine > Project > CMDB
GCP > Compute Engine > Project > OS Login enabled
GCP > Compute Engine > Region Disk > Active
GCP > Compute Engine > Region Disk > Active > Age
GCP > Compute Engine > Region Disk > Active > Last Modified
GCP > Compute Engine > Region Disk > Approved
GCP > Compute Engine > Region Disk > Approved > Regions
GCP > Compute Engine > Region Disk > Approved > Usage
GCP > Compute Engine > Region Disk > CMDB
GCP > Compute Engine > Region Disk > Labels
GCP > Compute Engine > Region Disk > Labels > Template
GCP > Compute Engine > Region Disk > Regions
GCP > Compute Engine > Region Disk > Usage
GCP > Compute Engine > Region Disk > Usage > Limit
GCP > Compute Engine > Regions [Default]
GCP > Compute Engine > Snapshot > Active
GCP > Compute Engine > Snapshot > Active > Age
GCP > Compute Engine > Snapshot > Active > Last Modified
GCP > Compute Engine > Snapshot > Approved
GCP > Compute Engine > Snapshot > Approved > Usage
GCP > Compute Engine > Snapshot > CMDB
GCP > Compute Engine > Snapshot > Labels
GCP > Compute Engine > Snapshot > Labels > Template
GCP > Compute Engine > Snapshot > Regions
GCP > Compute Engine > Snapshot > Usage
GCP > Compute Engine > Snapshot > Usage > Limit
GCP > Guardrails > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-computeengine
GCP > Guardrails > Permissions > Compiled > Levels > @turbot/gcp-computeengine
GCP > Guardrails > Permissions > Compiled > Service Permissions > @turbot/gcp-computeengine

Action Types

GCP > Compute Engine > Disk > Create Disk Snapshot
GCP > Compute Engine > Disk > Delete
GCP > Compute Engine > Disk > Delete Disk Snapshots
GCP > Compute Engine > Disk > Router
GCP > Compute Engine > Disk > Set Labels
GCP > Compute Engine > Health Check > Delete
GCP > Compute Engine > Health Check > Router
GCP > Compute Engine > Image > Delete
GCP > Compute Engine > Image > Router
GCP > Compute Engine > Image > Set Labels
GCP > Compute Engine > Instance > Delete
GCP > Compute Engine > Instance > Router
GCP > Compute Engine > Instance > Set Block Project Wide SSH Keys
GCP > Compute Engine > Instance > Set Deletion Protection
GCP > Compute Engine > Instance > Set Disks Auto Delete
GCP > Compute Engine > Instance > Set Labels
GCP > Compute Engine > Instance > Set Serial Port Access
GCP > Compute Engine > Instance > Start
GCP > Compute Engine > Instance > Stop
GCP > Compute Engine > Instance Template > Delete
GCP > Compute Engine > Instance Template > Router
GCP > Compute Engine > Node Group > Delete
GCP > Compute Engine > Node Group > Router
GCP > Compute Engine > Node template > Delete
GCP > Compute Engine > Node template > Router
GCP > Compute Engine > Project > Router
GCP > Compute Engine > Project > Set OS Login enabled
GCP > Compute Engine > Region Disk > Delete
GCP > Compute Engine > Region Disk > Set Labels
GCP > Compute Engine > Set API Enabled
GCP > Compute Engine > Snapshot > Delete
GCP > Compute Engine > Snapshot > Router
GCP > Compute Engine > Snapshot > Set Labels