@turbot/gcp-computeengine
The gcp-computeengine mod contains resource, control and policy definitions for GCP Compute Engine service.
- Setting Policies Tutorial
- Mods Overview
- Policies Overview
- Resources Overview
- Common Policies and Controls
Recommended Version
Release Notes
5.18.1 (2024-02-16)
Bug fixes
- The
GCP > Compute Engine > Instance Template > CMDB
control would sometimes go into an error state due to a bad internal build. This is fixed and the control will now work as expected.
5.18.0 (2024-02-05)
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
5.17.0 (2023-11-17)
Policy Types
- GCP > Compute Engine > Image > Policy > Trusted Access > All Authenticated
- GCP > Compute Engine > Image > Policy > Trusted Access > All Users
5.16.0 (2023-09-15)
What's new?
- Added support for new
asia-northeast3
,asia-south2
,asia-southeast2
,australia-southeast2
,europe-central2
,europe-southwest1
,europe-west10
,europe-west12
,europe-west8
,europe-west9
,me-central1
,me-west1
,northamerica-northeast2
,southamerica-west1
,us-east5
,us-south1
,us-west3
andus-west4
regions in theGCP > Compute Engine > Regions
policy. - Rebranded to a Guardrails Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.
Bug fixes
- The real-time Event Handlers would sometimes fail to upsert data disks attached to instances in Guardrails CMDB. This is now fixed.
5.15.1 (2023-06-30)
Bug fixes
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
5.15.0 (2023-06-15)
What's new?
- Resource's metadata will now also include
createdBy
details in Guardrails CMDB. - README.md file is now available for users to check details about the resource types and service permissions that the mod covers.
5.14.1 (2023-04-12)
Bug fixes
- We've updated the runtime of the lambda functions to node 16. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
5.14.0 (2022-10-11)
What's new?
- Users can now force an Image to be inactive if the Image is more than 120 days old. To get started, set the
GCP > Compute Engine > Image > Active > Age
policy toForce inactive if age > 120 days
.
5.13.0 (2022-08-11)
Action Types
- GCP > Compute Engine > Disable Compute Engine API
- GCP > Compute Engine > Disk > Delete from GCP
- GCP > Compute Engine > Disk > Set Labels
- GCP > Compute Engine > Disk > Skip alarm for Active control
- GCP > Compute Engine > Disk > Skip alarm for Active control [90 days]
- GCP > Compute Engine > Disk > Skip alarm for Approved control
- GCP > Compute Engine > Disk > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Disk > Skip alarm for Labels control
- GCP > Compute Engine > Disk > Skip alarm for Labels control [90 days]
- GCP > Compute Engine > Enable Compute Engine API
- GCP > Compute Engine > HTTP Health Check > Delete from GCP
- GCP > Compute Engine > HTTP Health Check > Skip alarm for Active control
- GCP > Compute Engine > HTTP Health Check > Skip alarm for Active control [90 days]
- GCP > Compute Engine > HTTP Health Check > Skip alarm for Approved control
- GCP > Compute Engine > HTTP Health Check > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > HTTPS Health Check > Delete from GCP
- GCP > Compute Engine > HTTPS Health Check > Skip alarm for Active control
- GCP > Compute Engine > HTTPS Health Check > Skip alarm for Active control [90 days]
- GCP > Compute Engine > HTTPS Health Check > Skip alarm for Approved control
- GCP > Compute Engine > HTTPS Health Check > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Health Check > Delete from GCP
- GCP > Compute Engine > Health Check > Skip alarm for Active control
- GCP > Compute Engine > Health Check > Skip alarm for Active control [90 days]
- GCP > Compute Engine > Health Check > Skip alarm for Approved control
- GCP > Compute Engine > Health Check > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Image > Delete from GCP
- GCP > Compute Engine > Image > Set Labels
- GCP > Compute Engine > Image > Skip alarm for Active control
- GCP > Compute Engine > Image > Skip alarm for Active control [90 days]
- GCP > Compute Engine > Image > Skip alarm for Approved control
- GCP > Compute Engine > Image > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Image > Skip alarm for Labels control
- GCP > Compute Engine > Image > Skip alarm for Labels control [90 days]
- GCP > Compute Engine > Instance > Delete from GCP
- GCP > Compute Engine > Instance > Disable Deletion Protection
- GCP > Compute Engine > Instance > Enable Deletion Protection
- GCP > Compute Engine > Instance > Set Labels
- GCP > Compute Engine > Instance > Skip alarm for Active control
- GCP > Compute Engine > Instance > Skip alarm for Active control [90 days]
- GCP > Compute Engine > Instance > Skip alarm for Approved control
- GCP > Compute Engine > Instance > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Instance > Skip alarm for Labels control
- GCP > Compute Engine > Instance > Skip alarm for Labels control [90 days]
- GCP > Compute Engine > Instance > Start Instance
- GCP > Compute Engine > Instance > Stop Instance
- GCP > Compute Engine > Instance Template > Delete from GCP
- GCP > Compute Engine > Instance Template > Skip alarm for Active control
- GCP > Compute Engine > Instance Template > Skip alarm for Active control [90 days]
- GCP > Compute Engine > Instance Template > Skip alarm for Approved control
- GCP > Compute Engine > Instance Template > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Node Group > Delete from GCP
- GCP > Compute Engine > Node Group > Skip alarm for Active control
- GCP > Compute Engine > Node Group > Skip alarm for Active control [90 days]
- GCP > Compute Engine > Node Group > Skip alarm for Approved control
- GCP > Compute Engine > Node Group > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Node template > Delete from GCP
- GCP > Compute Engine > Node template > Skip alarm for Active control
- GCP > Compute Engine > Node template > Skip alarm for Active control [90 days]
- GCP > Compute Engine > Node template > Skip alarm for Approved control
- GCP > Compute Engine > Node template > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Project > Disable OS Login
- GCP > Compute Engine > Project > Enable OS Login
- GCP > Compute Engine > Region Disk > Delete from GCP
- GCP > Compute Engine > Region Disk > Set Labels
- GCP > Compute Engine > Region Disk > Skip alarm for Active control
- GCP > Compute Engine > Region Disk > Skip alarm for Active control [90 days]
- GCP > Compute Engine > Region Disk > Skip alarm for Approved control
- GCP > Compute Engine > Region Disk > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Region Disk > Skip alarm for Labels control
- GCP > Compute Engine > Region Disk > Skip alarm for Labels control [90 days]
- GCP > Compute Engine > Region Health Check > Delete from GCP
- GCP > Compute Engine > Region Health Check > Skip alarm for Active control
- GCP > Compute Engine > Region Health Check > Skip alarm for Active control [90 days]
- GCP > Compute Engine > Region Health Check > Skip alarm for Approved control
- GCP > Compute Engine > Region Health Check > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Snapshot > Delete from GCP
- GCP > Compute Engine > Snapshot > Set Labels
- GCP > Compute Engine > Snapshot > Skip alarm for Active control
- GCP > Compute Engine > Snapshot > Skip alarm for Active control [90 days]
- GCP > Compute Engine > Snapshot > Skip alarm for Approved control
- GCP > Compute Engine > Snapshot > Skip alarm for Approved control [90 days]
- GCP > Compute Engine > Snapshot > Skip alarm for Labels control
- GCP > Compute Engine > Snapshot > Skip alarm for Labels control [90 days]
5.12.1 (2022-06-09)
Bug fixes
- The
GCP > Compute Engine > Instance > CMDB
control would fail to update disk details when a disk was detached from an instance. This is now fixed.
5.12.0 (2022-02-17)
What's new?
- Users can now create their own custom checks against resource attributes in the Approved control using the
Approved > Custom
policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.
Bug fixes
- We've improved the process of deleting resources from Guardrails if their CMDB policy was set to
Enforce: Disabled
. The CMDB controls will now not look to resolve credentials via Guardrails' IAM role while deleting resources from Guardrails. This will allow the CMDB controls to process resource deletions from Guardrails more reliably than before.
Policy Types
- GCP > Compute Engine > Disk > Approved > Custom
- GCP > Compute Engine > HTTP Health Check > Approved > Custom
- GCP > Compute Engine > HTTPS Health Check > Approved > Custom
- GCP > Compute Engine > Health Check > Approved > Custom
- GCP > Compute Engine > Image > Approved > Custom
- GCP > Compute Engine > Instance > Approved > Custom
- GCP > Compute Engine > Instance Template > Approved > Custom
- GCP > Compute Engine > Node Group > Approved > Custom
- GCP > Compute Engine > Node template > Approved > Custom
- GCP > Compute Engine > Region Disk > Approved > Custom
- GCP > Compute Engine > Region Health Check > Approved > Custom
- GCP > Compute Engine > Snapshot > Approved > Custom
5.11.2 (2021-09-22)
Bug fixes
- The
GCP > Compute Engine > Disk > Active
control would go into an error state if the disk was never attached to an instance and theGCP > Compute Engine > Disk > Active > Attached
policy was set toForce inactive if unattached > x days
. This is fixed and the control now works as expected.
5.11.1 (2021-09-17)
Bug fixes
- The
GCP > Compute Engine > Disk > Active
control would sometimes fail to evaluate the outcome correctly if theGCP > Compute Engine > Disk > Active > Attached
policy was set toForce inactive if unattached
and the disk was detached from an instance. This is fixed and the control will now work as expected.
5.11.0 (2021-08-09)
What's new?
- We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
Bug fixes
- We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.
5.10.2 (2021-04-22)
Bug fixes
- Instances created and deleted via dataflow jobs were not cleaned up automatically in Guardrails. This is now fixed.
5.10.1 (2021-03-30)
Bug fixes
- The
GCP > Compute Engine > Disk > Active
control will no longer go into an error state while checking if the disk has any attachments or not.
5.10.0 (2021-03-24)
What's new?
- We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
Bug fixes
- After an instance is deleted, GCP either deletes or detaches any attached disks based on the disks'
autoDelete
setting. For these disks, we'd fail to delete or update them respectively in CMDB after handling the instance delete event. Both of these cases are now fixed and disks are deleted and updated as expected.
5.9.1 (2021-02-08)
Bug fixes
- The
GCP > Compute Engine > Disk > Data Protection
control would sometimes fail to create snapshots if the new snapshot name was over 64 characters (the limit from GCP). The new snapshot name will now be truncated to limit the length to a maximum of 64 characters. - Controls run faster now when in the
tbd
andskipped
states thanks to the new Guardrails Precheck feature (not to be confused with TSA PreCheck). With Guardrails Precheck, controls avoid running GraphQL input queries when intbd
andskipped
, resulting in faster and lighter control runs.
5.9.0 (2020-12-24)
What's new?
- VM Instances created via dataproc cluster will now have
canIpForward
property in its CMDB data. This property will be set tofalse
by default.
Bug fixes
- We've updated the
GCP > * > Set API Enabled
actions to use the latest API calls when checking the state of the service in the GCP project. There's no noticeable difference, but things should run smoother now.
5.8.1 (2020-11-02)
Bug fixes
- We've updated the Discovery controls for resources to now move to
skipped
instead ofinvalid
if the service API is disabled in the project and theGCP > {service} > API Enabled
policy is checking if the API is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the service API.
5.8.0 (2020-10-12)
What's new?
- With the addition of
GCP > Compute Engine > Instance > External IP Addresses
control you can now easily manage the external IP addresses assigned to an instance. To enable this control, please set theGCP > Compute Engine > Instance > External IP Addresses
policy.
Control Types
- GCP > Compute Engine > Instance > External IP Addresses
Policy Types
- GCP > Compute Engine > Instance > External IP Addresses
Action Types
- GCP > Compute Engine > Instance > Delete Access Configs
5.7.0 (2020-10-06)
What's new?
- The
GCP > Compute Engine > Disk > Active
control can now check if a disk is attached to any resource or not. To enable this active check, please set theGCP > Compute Engine > Disk > Active > Attached
policy.
Policy Types
- GCP > Compute Engine > Disk > Active > Attached
5.6.0 (2020-09-29)
Resource Types
- GCP > Compute Engine > HTTP Health Check
- GCP > Compute Engine > HTTPS Health Check
Control Types
- GCP > Compute Engine > HTTP Health Check > Active
- GCP > Compute Engine > HTTP Health Check > Approved
- GCP > Compute Engine > HTTP Health Check > CMDB
- GCP > Compute Engine > HTTP Health Check > Discovery
- GCP > Compute Engine > HTTP Health Check > Usage
- GCP > Compute Engine > HTTPS Health Check > Active
- GCP > Compute Engine > HTTPS Health Check > Approved
- GCP > Compute Engine > HTTPS Health Check > CMDB
- GCP > Compute Engine > HTTPS Health Check > Discovery
- GCP > Compute Engine > HTTPS Health Check > Usage
Policy Types
- GCP > Compute Engine > HTTP Health Check > Active
- GCP > Compute Engine > HTTP Health Check > Active > Age
- GCP > Compute Engine > HTTP Health Check > Active > Last Modified
- GCP > Compute Engine > HTTP Health Check > Approved
- GCP > Compute Engine > HTTP Health Check > Approved > Usage
- GCP > Compute Engine > HTTP Health Check > CMDB
- GCP > Compute Engine > HTTP Health Check > Usage
- GCP > Compute Engine > HTTP Health Check > Usage > Limit
- GCP > Compute Engine > HTTPS Health Check > Active
- GCP > Compute Engine > HTTPS Health Check > Active > Age
- GCP > Compute Engine > HTTPS Health Check > Active > Last Modified
- GCP > Compute Engine > HTTPS Health Check > Approved
- GCP > Compute Engine > HTTPS Health Check > Approved > Usage
- GCP > Compute Engine > HTTPS Health Check > CMDB
- GCP > Compute Engine > HTTPS Health Check > Usage
- GCP > Compute Engine > HTTPS Health Check > Usage > Limit
Action Types
- GCP > Compute Engine > HTTP Health Check > Delete
- GCP > Compute Engine > HTTPS Health Check > Delete
5.5.0 (2020-09-16)
What's new?
- We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to
Skip
, its Active control will move toinvalid
to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.
Resource Types
- GCP > Compute Engine > Region Health Check
Control Types
- GCP > Compute Engine > Region Health Check > Active
- GCP > Compute Engine > Region Health Check > Approved
- GCP > Compute Engine > Region Health Check > CMDB
- GCP > Compute Engine > Region Health Check > Discovery
- GCP > Compute Engine > Region Health Check > Usage
Policy Types
- GCP > Compute Engine > Region Health Check > Active
- GCP > Compute Engine > Region Health Check > Active > Age
- GCP > Compute Engine > Region Health Check > Active > Last Modified
- GCP > Compute Engine > Region Health Check > Approved
- GCP > Compute Engine > Region Health Check > Approved > Regions
- GCP > Compute Engine > Region Health Check > Approved > Usage
- GCP > Compute Engine > Region Health Check > CMDB
- GCP > Compute Engine > Region Health Check > Regions
- GCP > Compute Engine > Region Health Check > Usage
- GCP > Compute Engine > Region Health Check > Usage > Limit
Action Types
- GCP > Compute Engine > Region Health Check > Delete
5.4.0 (2020-09-01)
What's new?
- Discovery controls now have their own control category,
CMDB > Discovery
, to allow for easier filtering separately from other CMDB controls. - We've renamed the service's default regions policy from
Regions [Default]
toRegions
to be consistent with our other regions policies.
5.3.0 (2020-08-13)
What's new?
We now support controlling access for disks, images, instances, node groups and node templates to provide automatic protection against unexpected access from projects, domains, groups, users, and service accounts.
To get started with this new control, please see the compute engine resource's
Trusted Access
polices and all of their sub-policies to specify which IAM resources are allowed to access them.
Control Types
- GCP > Compute Engine > Disk > Policy
- GCP > Compute Engine > Disk > Policy > Trusted Access
- GCP > Compute Engine > Image > Policy
- GCP > Compute Engine > Image > Policy > Trusted Access
- GCP > Compute Engine > Instance > Policy
- GCP > Compute Engine > Instance > Policy > Trusted Access
- GCP > Compute Engine > Instance Template > Policy
- GCP > Compute Engine > Instance Template > Policy > Trusted Access
- GCP > Compute Engine > Node Group > Policy
- GCP > Compute Engine > Node Group > Policy > Trusted Access
- GCP > Compute Engine > Node template > Policy
- GCP > Compute Engine > Node template > Policy > Trusted Access
Policy Types
- GCP > Compute Engine > Disk > Policy
- GCP > Compute Engine > Disk > Policy > Trusted Access
- GCP > Compute Engine > Disk > Policy > Trusted Access > Domains
- GCP > Compute Engine > Disk > Policy > Trusted Access > Groups
- GCP > Compute Engine > Disk > Policy > Trusted Access > Service Accounts
- GCP > Compute Engine > Disk > Policy > Trusted Access > Users
- GCP > Compute Engine > Image > Policy
- GCP > Compute Engine > Image > Policy > Trusted Access
- GCP > Compute Engine > Image > Policy > Trusted Access > Domains
- GCP > Compute Engine > Image > Policy > Trusted Access > Groups
- GCP > Compute Engine > Image > Policy > Trusted Access > Service Accounts
- GCP > Compute Engine > Image > Policy > Trusted Access > Users
- GCP > Compute Engine > Instance > Policy
- GCP > Compute Engine > Instance > Policy > Trusted Access
- GCP > Compute Engine > Instance > Policy > Trusted Access > Domains
- GCP > Compute Engine > Instance > Policy > Trusted Access > Groups
- GCP > Compute Engine > Instance > Policy > Trusted Access > Service Accounts
- GCP > Compute Engine > Instance > Policy > Trusted Access > Users
- GCP > Compute Engine > Instance Template > Policy
- GCP > Compute Engine > Instance Template > Policy > Trusted Access
- GCP > Compute Engine > Instance Template > Policy > Trusted Access > Domains
- GCP > Compute Engine > Instance Template > Policy > Trusted Access > Groups
- GCP > Compute Engine > Instance Template > Policy > Trusted Access > Service Accounts
- GCP > Compute Engine > Instance Template > Policy > Trusted Access > Users
- GCP > Compute Engine > Node Group > Policy
- GCP > Compute Engine > Node Group > Policy > Trusted Access
- GCP > Compute Engine > Node Group > Policy > Trusted Access > Domains
- GCP > Compute Engine > Node Group > Policy > Trusted Access > Groups
- GCP > Compute Engine > Node Group > Policy > Trusted Access > Service Accounts
- GCP > Compute Engine > Node Group > Policy > Trusted Access > Users
- GCP > Compute Engine > Node template > Policy
- GCP > Compute Engine > Node template > Policy > Trusted Access
- GCP > Compute Engine > Node template > Policy > Trusted Access > Domains
- GCP > Compute Engine > Node template > Policy > Trusted Access > Groups
- GCP > Compute Engine > Node template > Policy > Trusted Access > Service Accounts
- GCP > Compute Engine > Node template > Policy > Trusted Access > Users
- GCP > Compute Engine > Trusted Domains [Default]
- GCP > Compute Engine > Trusted Groups [Default]
- GCP > Compute Engine > Trusted Service Accounts [Default]
- GCP > Compute Engine > Trusted Users [Default]
Action Types
- GCP > Compute Engine > Disk > Set Trusted Access
- GCP > Compute Engine > Image > Set Trusted Access
- GCP > Compute Engine > Instance > Set Trusted Access
- GCP > Compute Engine > Instance Template > Set Trusted Access
- GCP > Compute Engine > Node Group > Set Trusted Access
- GCP > Compute Engine > Node template > Set Trusted Access
5.2.7 (2020-08-11)
Bug fixes
- We’ve made improvements to our GraphQL input queries for various controls and actions. You won’t notice any differences, but things should run smoother and quicker than before.
GCP > Compute Engine > Instance > Deletion Protection
andGCP > Compute Engine > Instance > Disks Auto Delete
controls were in error state due to invalid GraphQL input. This issue has now been fixed.
5.2.6 (2020-07-24)
Bug fixes
- Active controls for all resources were not calling the delete action properly, which meant inactive resources were not being deleted when the policy was set to enforce deletions. This has been fixed and inactive resources will now be cleaned up again.
- The
GCP > Compute Engine > Instance > Approved
policy now includes the valuesEnforce: Stop unapproved
andEnforce: Stop unapproved if new
. With the addition of these values, it is now possible to just stop your unapproved instances instead of deleting them.
5.2.5 (2020-07-17)
Bug fixes
- The
GCP > Compute Engine > Disk > Data Protection
control was in error due to incorrect GraphQL queries. This has now been fixed and the control is working again.
5.2.4 (2020-06-03)
What's new?
- All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.
5.2.3 (2020-05-20)
Bug fixes
- Approved control of an Instance remained in error state when we tried to delete an instance for which
GCP > Compute Engine > Instance > Deletion Protection
policy was set toEnforce: Enabled
. This error has been fixed and now the Approved control remains in alarm state with appropriate warning message.
5.2.2 (2020-05-13)
Bug fixes
- Several permissions did not have grant levels assigned, so when this service was enabled, the IAM permission model would be unable to calculate the full permission set across all services. The missing grant levels have been added and permission calculations are now running smoothly again.
5.2.1 (2020-05-07)
Bug fixes
- After creating a snapshot, due to a bug in the Compute Engine permissions list, the
GCP > Compute Engine > Disk > Router
was creating a disk with a malformed AKA that was missing the disk name in the CMDB. This has been fixed and invalid disk resources are no longer being created; however, any disks that were created as a result of this bug will remain in CMDB. These disks can either be deleted manually on the Resource Details page or automatically cleaned up in a control we plan to add in a future release. We apologize for any inconvenience these pesky disks have caused. - While importing a GCP project, sometimes resources' Discovery controls would get stuck in an Invalid state due to incorrectly configured dependencies. This has been fixed and project imports should be smooth again.
5.2.0 (2020-05-04)
Bug fixes
- For newly created disks, the
status
field would get stuck asCREATING
in CMDB, even after the disk moved to theREADY
state. This has been fixed and the disk’s status in CMDB will remain up to date. - Several resources that have an IAM policy had an incomplete schema, which prevented the
iamPolicy
attribute from being used in calculated policies. This has been fixed. - Removed unused Regions policies for global resources.
- When creating a snapshot with a different name than its source disk, the new snapshot resource would use the disk’s name instead of the snapshot’s name and fail to create properly. This has been fixed.
Control Types
Renamed
- GCP > Compute Engine > Project > OS Login enabled to GCP > Compute Engine > Project > OS Login Enabled
Policy Types
Renamed
- GCP > Compute Engine > Project > OS Login enabled to GCP > Compute Engine > Project > OS Login Enabled
Removed
- GCP > Compute Engine > Instance Template > Regions
5.1.0 (2020-04-13)
What's new?
- Services can now be enabled as Metadata only, restricting users to only use metadata level permissions.
Bug fixes
- Many calculations for
Permissions > Compiled > Service Permissions
were in error due to a missing library. This is now fixed.
5.0.0 (2020-04-08)
Resource Types
- GCP > Compute Engine
- GCP > Compute Engine > Disk
- GCP > Compute Engine > Health Check
- GCP > Compute Engine > Image
- GCP > Compute Engine > Instance
- GCP > Compute Engine > Instance Template
- GCP > Compute Engine > Node Group
- GCP > Compute Engine > Node template
- GCP > Compute Engine > Project
- GCP > Compute Engine > Region Disk
- GCP > Compute Engine > Snapshot
Control Types
- GCP > Compute Engine > API Enabled
- GCP > Compute Engine > CMDB
- GCP > Compute Engine > Discovery
- GCP > Compute Engine > Disk > Active
- GCP > Compute Engine > Disk > Approved
- GCP > Compute Engine > Disk > CMDB
- GCP > Compute Engine > Disk > Data Protection
- GCP > Compute Engine > Disk > Discovery
- GCP > Compute Engine > Disk > Labels
- GCP > Compute Engine > Disk > Usage
- GCP > Compute Engine > Health Check > Active
- GCP > Compute Engine > Health Check > Approved
- GCP > Compute Engine > Health Check > CMDB
- GCP > Compute Engine > Health Check > Discovery
- GCP > Compute Engine > Health Check > Usage
- GCP > Compute Engine > Image > Active
- GCP > Compute Engine > Image > Approved
- GCP > Compute Engine > Image > CMDB
- GCP > Compute Engine > Image > Discovery
- GCP > Compute Engine > Image > Labels
- GCP > Compute Engine > Image > Usage
- GCP > Compute Engine > Instance > Active
- GCP > Compute Engine > Instance > Approved
- GCP > Compute Engine > Instance > Block Project Wide SSH Keys
- GCP > Compute Engine > Instance > CMDB
- GCP > Compute Engine > Instance > Deletion Protection
- GCP > Compute Engine > Instance > Discovery
- GCP > Compute Engine > Instance > Disks Auto Delete
- GCP > Compute Engine > Instance > Labels
- GCP > Compute Engine > Instance > Schedule
- GCP > Compute Engine > Instance > Serial Port Access
- GCP > Compute Engine > Instance > Usage
- GCP > Compute Engine > Instance Template > Active
- GCP > Compute Engine > Instance Template > Approved
- GCP > Compute Engine > Instance Template > CMDB
- GCP > Compute Engine > Instance Template > Discovery
- GCP > Compute Engine > Instance Template > Usage
- GCP > Compute Engine > Node Group > Active
- GCP > Compute Engine > Node Group > Approved
- GCP > Compute Engine > Node Group > CMDB
- GCP > Compute Engine > Node Group > Discovery
- GCP > Compute Engine > Node Group > Usage
- GCP > Compute Engine > Node template > Active
- GCP > Compute Engine > Node template > Approved
- GCP > Compute Engine > Node template > CMDB
- GCP > Compute Engine > Node template > Discovery
- GCP > Compute Engine > Node template > Usage
- GCP > Compute Engine > Project > CMDB
- GCP > Compute Engine > Project > Discovery
- GCP > Compute Engine > Project > OS Login enabled
- GCP > Compute Engine > Region Disk > Active
- GCP > Compute Engine > Region Disk > Approved
- GCP > Compute Engine > Region Disk > CMDB
- GCP > Compute Engine > Region Disk > Discovery
- GCP > Compute Engine > Region Disk > Labels
- GCP > Compute Engine > Region Disk > Usage
- GCP > Compute Engine > Snapshot > Active
- GCP > Compute Engine > Snapshot > Approved
- GCP > Compute Engine > Snapshot > CMDB
- GCP > Compute Engine > Snapshot > Discovery
- GCP > Compute Engine > Snapshot > Labels
- GCP > Compute Engine > Snapshot > Usage
Policy Types
- GCP > Compute Engine > API Enabled
- GCP > Compute Engine > Approved Regions [Default]
- GCP > Compute Engine > CMDB
- GCP > Compute Engine > Disk > Active
- GCP > Compute Engine > Disk > Active > Age
- GCP > Compute Engine > Disk > Active > Last Modified
- GCP > Compute Engine > Disk > Approved
- GCP > Compute Engine > Disk > Approved > Encryption at Rest
- GCP > Compute Engine > Disk > Approved > Encryption at Rest > Customer Managed Key
- GCP > Compute Engine > Disk > Approved > Regions
- GCP > Compute Engine > Disk > Approved > Usage
- GCP > Compute Engine > Disk > CMDB
- GCP > Compute Engine > Disk > Data Protection
- GCP > Compute Engine > Disk > Data Protection > Managed Snapshots
- GCP > Compute Engine > Disk > Data Protection > Managed Snapshots > Location
- GCP > Compute Engine > Disk > Data Protection > Managed Snapshots > Minimum Schedule
- GCP > Compute Engine > Disk > Data Protection > Managed Snapshots > Name Prefix
- GCP > Compute Engine > Disk > Data Protection > Managed Snapshots > Schedule
- GCP > Compute Engine > Disk > Data Protection > Managed Snapshots > VSS
- GCP > Compute Engine > Disk > Labels
- GCP > Compute Engine > Disk > Labels > Template
- GCP > Compute Engine > Disk > Regions
- GCP > Compute Engine > Disk > Usage
- GCP > Compute Engine > Disk > Usage > Limit
- GCP > Compute Engine > Enabled
- GCP > Compute Engine > Health Check > Active
- GCP > Compute Engine > Health Check > Active > Age
- GCP > Compute Engine > Health Check > Active > Last Modified
- GCP > Compute Engine > Health Check > Approved
- GCP > Compute Engine > Health Check > Approved > Usage
- GCP > Compute Engine > Health Check > CMDB
- GCP > Compute Engine > Health Check > Usage
- GCP > Compute Engine > Health Check > Usage > Limit
- GCP > Compute Engine > Image > Active
- GCP > Compute Engine > Image > Active > Age
- GCP > Compute Engine > Image > Active > Last Modified
- GCP > Compute Engine > Image > Approved
- GCP > Compute Engine > Image > Approved > Encryption at Rest
- GCP > Compute Engine > Image > Approved > Encryption at Rest > Customer Managed Key
- GCP > Compute Engine > Image > Approved > Usage
- GCP > Compute Engine > Image > CMDB
- GCP > Compute Engine > Image > Labels
- GCP > Compute Engine > Image > Labels > Template
- GCP > Compute Engine > Image > Usage
- GCP > Compute Engine > Image > Usage > Limit
- GCP > Compute Engine > Instance > Active
- GCP > Compute Engine > Instance > Active > Age
- GCP > Compute Engine > Instance > Active > Last Modified
- GCP > Compute Engine > Instance > Approved
- GCP > Compute Engine > Instance > Approved > IP Forwarding
- GCP > Compute Engine > Instance > Approved > Regions
- GCP > Compute Engine > Instance > Approved > Usage
- GCP > Compute Engine > Instance > Block Project Wide SSH Keys
- GCP > Compute Engine > Instance > CMDB
- GCP > Compute Engine > Instance > Deletion Protection
- GCP > Compute Engine > Instance > Disks Auto Delete
- GCP > Compute Engine > Instance > Labels
- GCP > Compute Engine > Instance > Labels > Template
- GCP > Compute Engine > Instance > Regions
- GCP > Compute Engine > Instance > Schedule
- GCP > Compute Engine > Instance > Schedule > Tag
- GCP > Compute Engine > Instance > Serial Port Access
- GCP > Compute Engine > Instance > Usage
- GCP > Compute Engine > Instance > Usage > Limit
- GCP > Compute Engine > Instance Template > Active
- GCP > Compute Engine > Instance Template > Active > Age
- GCP > Compute Engine > Instance Template > Active > Last Modified
- GCP > Compute Engine > Instance Template > Approved
- GCP > Compute Engine > Instance Template > Approved > Usage
- GCP > Compute Engine > Instance Template > CMDB
- GCP > Compute Engine > Instance Template > Regions
- GCP > Compute Engine > Instance Template > Usage
- GCP > Compute Engine > Instance Template > Usage > Limit
- GCP > Compute Engine > Labels Template [Default]
- GCP > Compute Engine > Node Group > Active
- GCP > Compute Engine > Node Group > Active > Age
- GCP > Compute Engine > Node Group > Active > Last Modified
- GCP > Compute Engine > Node Group > Approved
- GCP > Compute Engine > Node Group > Approved > Regions
- GCP > Compute Engine > Node Group > Approved > Usage
- GCP > Compute Engine > Node Group > CMDB
- GCP > Compute Engine > Node Group > Regions
- GCP > Compute Engine > Node Group > Usage
- GCP > Compute Engine > Node Group > Usage > Limit
- GCP > Compute Engine > Node template > Active
- GCP > Compute Engine > Node template > Active > Age
- GCP > Compute Engine > Node template > Active > Last Modified
- GCP > Compute Engine > Node template > Approved
- GCP > Compute Engine > Node template > Approved > Regions
- GCP > Compute Engine > Node template > Approved > Usage
- GCP > Compute Engine > Node template > CMDB
- GCP > Compute Engine > Node template > Regions
- GCP > Compute Engine > Node template > Usage
- GCP > Compute Engine > Node template > Usage > Limit
- GCP > Compute Engine > Permissions
- GCP > Compute Engine > Permissions > Levels
- GCP > Compute Engine > Permissions > Levels > Autoscaler Administration
- GCP > Compute Engine > Permissions > Levels > Image Administration
- GCP > Compute Engine > Permissions > Levels > Modifiers
- GCP > Compute Engine > Project > CMDB
- GCP > Compute Engine > Project > OS Login enabled
- GCP > Compute Engine > Region Disk > Active
- GCP > Compute Engine > Region Disk > Active > Age
- GCP > Compute Engine > Region Disk > Active > Last Modified
- GCP > Compute Engine > Region Disk > Approved
- GCP > Compute Engine > Region Disk > Approved > Regions
- GCP > Compute Engine > Region Disk > Approved > Usage
- GCP > Compute Engine > Region Disk > CMDB
- GCP > Compute Engine > Region Disk > Labels
- GCP > Compute Engine > Region Disk > Labels > Template
- GCP > Compute Engine > Region Disk > Regions
- GCP > Compute Engine > Region Disk > Usage
- GCP > Compute Engine > Region Disk > Usage > Limit
- GCP > Compute Engine > Regions [Default]
- GCP > Compute Engine > Snapshot > Active
- GCP > Compute Engine > Snapshot > Active > Age
- GCP > Compute Engine > Snapshot > Active > Last Modified
- GCP > Compute Engine > Snapshot > Approved
- GCP > Compute Engine > Snapshot > Approved > Usage
- GCP > Compute Engine > Snapshot > CMDB
- GCP > Compute Engine > Snapshot > Labels
- GCP > Compute Engine > Snapshot > Labels > Template
- GCP > Compute Engine > Snapshot > Regions
- GCP > Compute Engine > Snapshot > Usage
- GCP > Compute Engine > Snapshot > Usage > Limit
- GCP > Guardrails > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-computeengine
- GCP > Guardrails > Permissions > Compiled > Levels > @turbot/gcp-computeengine
- GCP > Guardrails > Permissions > Compiled > Service Permissions > @turbot/gcp-computeengine
Action Types
- GCP > Compute Engine > Disk > Create Disk Snapshot
- GCP > Compute Engine > Disk > Delete
- GCP > Compute Engine > Disk > Delete Disk Snapshots
- GCP > Compute Engine > Disk > Router
- GCP > Compute Engine > Disk > Set Labels
- GCP > Compute Engine > Health Check > Delete
- GCP > Compute Engine > Health Check > Router
- GCP > Compute Engine > Image > Delete
- GCP > Compute Engine > Image > Router
- GCP > Compute Engine > Image > Set Labels
- GCP > Compute Engine > Instance > Delete
- GCP > Compute Engine > Instance > Router
- GCP > Compute Engine > Instance > Set Block Project Wide SSH Keys
- GCP > Compute Engine > Instance > Set Deletion Protection
- GCP > Compute Engine > Instance > Set Disks Auto Delete
- GCP > Compute Engine > Instance > Set Labels
- GCP > Compute Engine > Instance > Set Serial Port Access
- GCP > Compute Engine > Instance > Start
- GCP > Compute Engine > Instance > Stop
- GCP > Compute Engine > Instance Template > Delete
- GCP > Compute Engine > Instance Template > Router
- GCP > Compute Engine > Node Group > Delete
- GCP > Compute Engine > Node Group > Router
- GCP > Compute Engine > Node template > Delete
- GCP > Compute Engine > Node template > Router
- GCP > Compute Engine > Project > Router
- GCP > Compute Engine > Project > Set OS Login enabled
- GCP > Compute Engine > Region Disk > Delete
- GCP > Compute Engine > Region Disk > Set Labels
- GCP > Compute Engine > Set API Enabled
- GCP > Compute Engine > Snapshot > Delete
- GCP > Compute Engine > Snapshot > Router
- GCP > Compute Engine > Snapshot > Set Labels