Control types for @turbot/gcp-kms
- GCP > KMS > API Enabled
- GCP > KMS > CMDB
- GCP > KMS > Crypto Key > Approved
- GCP > KMS > Crypto Key > CMDB
- GCP > KMS > Crypto Key > Discovery
- GCP > KMS > Crypto Key > Labels
- GCP > KMS > Crypto Key > Policy
- GCP > KMS > Crypto Key > Policy > Trusted Access
- GCP > KMS > Discovery
- GCP > KMS > Key Ring > CMDB
- GCP > KMS > Key Ring > Discovery
- GCP > KMS > Key Ring > Policy
- GCP > KMS > Key Ring > Policy > Trusted Access
GCP > KMS > API Enabled
Check whether GCP KMS API is enabled.
API Enabled refers specifically to the API state of a service in a cloud project.
This control determines whether the API state is set as per desired level.
The GCP > KMS > API Enabled
control compares
the API state against the API Enabled policies,
raises an alarm, and takes the defined enforcement action.
tmod:@turbot/gcp-kms#/control/types/kmsApiEnabled
GCP > KMS > CMDB
Record and synchronize details for the GCP KMS into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
GCP > KMS > Crypto Key > Approved
Take an action when a GCP KMS crypto key is not approved based on GCP > KMS > Crypto Key > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-kms#/control/types/cryptoKeyApproved
GCP > KMS > Crypto Key > CMDB
Record and synchronize details for the GCP KMS crypto key into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > KMS > Crypto Key > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-kms#/control/types/cryptoKeyCmdb
GCP > KMS > Crypto Key > Discovery
Discover GCP KMS crypto key resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Turbot CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > KMS > Crypto Key > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-kms#/control/types/cryptoKeyDiscovery
GCP > KMS > Crypto Key > Labels
Take an action when an GCP KMS crypto key labels is not updated based on the GCP > KMS > Crypto Key > Labels > *
policies.
If the resource is not updated with the labels defined in GCP > KMS > Crypto Key > Labels > Template
, this control raises an alarm and takes the defined enforcement action.
See Labels for more information.
tmod:@turbot/gcp-kms#/control/types/cryptoKeyLabels
GCP > KMS > Crypto Key > Policy
tmod:@turbot/gcp-kms#/control/types/cryptoKeyPolicy
GCP > KMS > Crypto Key > Policy > Trusted Access
Take an action when GCP KMS Crypto Key policy is not trusted based on theGCP > KMS > Crypto Key > Trusted Access > *
policies.
The Trusted Access control evaluates the IAM policy against the list of allowed
members in each of the Trusted Access sub-policies (Trusted Access > Domains,
Trusted Access > Groups, etc)., this control raises an alarm and takes the
defined enforcement action.
If set to "Enforce: Trusted Access > *", access to non-trusted
members will be removed.
tmod:@turbot/gcp-kms#/control/types/cryptoKeyPolicyTrustedAccess
GCP > KMS > Discovery
Discover GCP KMS resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Turbot CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-kms#/control/types/kmsDiscovery
GCP > KMS > Key Ring > CMDB
Record and synchronize details for the GCP KMS key ring into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > KMS > Key Ring > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-kms#/control/types/keyRingCmdb
GCP > KMS > Key Ring > Discovery
Discover GCP KMS key ring resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Turbot CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > KMS > Key Ring > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-kms#/control/types/keyRingDiscovery
GCP > KMS > Key Ring > Policy
tmod:@turbot/gcp-kms#/control/types/keyRingPolicy
GCP > KMS > Key Ring > Policy > Trusted Access
Take an action when GCP KMS Key Ring policy is not trusted based on theGCP > KMS > Key Ring > Trusted Access > *
policies.
The Trusted Access control evaluates the IAM policy against the list of allowed
members in each of the Trusted Access sub-policies (Trusted Access > Domains,
Trusted Access > Groups, etc)., this control raises an alarm and takes the
defined enforcement action.
If set to "Enforce: Trusted Access > *", access to non-trusted
members will be removed.
tmod:@turbot/gcp-kms#/control/types/keyRingPolicyTrustedAccess