Control types for @turbot/gcp-kms

• GCP > KMS > API Enabled
• GCP > KMS > CMDB
• GCP > KMS > Crypto Key > Approved
• GCP > KMS > Crypto Key > CMDB
• GCP > KMS > Crypto Key > Discovery
• GCP > KMS > Crypto Key > Labels
• GCP > KMS > Crypto Key > Policy
• GCP > KMS > Crypto Key > Policy > Trusted Access
• GCP > KMS > Discovery
• GCP > KMS > Key Ring > CMDB
• GCP > KMS > Key Ring > Discovery
• GCP > KMS > Key Ring > Policy
• GCP > KMS > Key Ring > Policy > Trusted Access

GCP > KMS > API Enabled

Check whether GCP KMS API is enabled.

API Enabled refers specifically to the API state of a service in a cloud project.
This control determines whether the API state is set as per desired level.

The GCP > KMS > API Enabled control compares
the API state against the API Enabled policies,
raises an alarm, and takes the defined enforcement action.

GCP > KMS > CMDB

Record and synchronize details for the GCP KMS into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > KMS > Crypto Key > Approved

Take an action when a GCP KMS crypto key is not approved based on GCP > KMS > Crypto Key > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > KMS > Crypto Key > CMDB

Record and synchronize details for the GCP KMS crypto key into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > KMS > Crypto Key > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > KMS > Crypto Key > Discovery

Discover GCP KMS crypto key resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Turbot CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > KMS > Crypto Key > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > KMS > Crypto Key > Labels

Take an action when an GCP KMS crypto key labels is not updated based on the GCP > KMS > Crypto Key > Labels > * policies.

If the resource is not updated with the labels defined in GCP > KMS > Crypto Key > Labels > Template, this control raises an alarm and takes the defined enforcement action.

See Labels for more information.

GCP > KMS > Crypto Key > Policy

GCP > KMS > Crypto Key > Policy > Trusted Access

Take an action when GCP KMS Crypto Key policy is not trusted based on the
GCP > KMS > Crypto Key > Trusted Access > * policies.

The Trusted Access control evaluates the IAM policy against the list of allowed
members in each of the Trusted Access sub-policies (Trusted Access > Domains,
Trusted Access > Groups, etc)., this control raises an alarm and takes the
defined enforcement action.

If set to "Enforce: Trusted Access > *", access to non-trusted
members will be removed.

GCP > KMS > Discovery

Discover GCP KMS resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Turbot CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > KMS > Key Ring > CMDB

Record and synchronize details for the GCP KMS key ring into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Turbot CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > KMS > Key Ring > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > KMS > Key Ring > Discovery

Discover GCP KMS key ring resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Turbot CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > KMS > Key Ring > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > KMS > Key Ring > Policy

GCP > KMS > Key Ring > Policy > Trusted Access

Take an action when GCP KMS Key Ring policy is not trusted based on the
GCP > KMS > Key Ring > Trusted Access > * policies.

The Trusted Access control evaluates the IAM policy against the list of allowed
members in each of the Trusted Access sub-policies (Trusted Access > Domains,
Trusted Access > Groups, etc)., this control raises an alarm and takes the
defined enforcement action.

If set to "Enforce: Trusted Access > *", access to non-trusted
members will be removed.