Product logo
DocsBlogPricing

@turbot/gcp-network

The gcp-network mod contains resource, control and policy definitions for GCP Network service.

Version
5.13.0
Released On
Feb 02, 2024
Depends On

Resource Types

Control Types

Policy Types

Release Notes

5.13.0 (2024-02-02)

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.12.1 (2023-07-03)

Bug fixes

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.12.0 (2023-06-13)

What's new?

  • Resource's metadata will now also include createdBy details in Guardrails CMDB.
  • README.md file is now available for users to check details about the resource types and service permissions that the mod covers.

5.11.2 (2023-04-13)

Bug fixes

  • We've updated the runtime of the lambda functions to node 16. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.11.1 (2022-03-16)

Bug fixes

  • We've improved the log messages for GCP > Network > Firewall > Ingress Rules > Approved control to be more precise and helpful for all the statements that get evaluated by the control.

5.11.0 (2022-02-17)

What's new?

  • Users can now create their own custom checks against resource attributes in the Approved control using the Approved > Custom policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.

Bug fixes

  • We've improved the process of deleting resources from Guardrails if their CMDB policy was set to Enforce: Disabled. The CMDB controls will now not look to resolve credentials via Guardrails' IAM role while deleting resources from Guardrails. This will allow the CMDB controls to process resource deletions from Guardrails more reliably than before.

Policy Types

  • GCP > Network > Address > Approved > Custom
  • GCP > Network > Backend Bucket > Approved > Custom
  • GCP > Network > Backend Service > Approved > Custom
  • GCP > Network > Firewall > Approved > Custom
  • GCP > Network > Forwarding Rule > Approved > Custom
  • GCP > Network > Global Address > Approved > Custom
  • GCP > Network > Global Forwarding Rule > Approved > Custom
  • GCP > Network > Interconnect > Approved > Custom
  • GCP > Network > Network > Approved > Custom
  • GCP > Network > Packet Mirroring > Approved > Custom
  • GCP > Network > Region Backend Service > Approved > Custom
  • GCP > Network > Region SSL Certificate > Approved > Custom
  • GCP > Network > Region Target HTTPS Proxy > Approved > Custom
  • GCP > Network > Region URL Map > Approved > Custom
  • GCP > Network > Route > Approved > Custom
  • GCP > Network > Router > Approved > Custom
  • GCP > Network > SSL Certificate > Approved > Custom
  • GCP > Network > SSL Policy > Approved > Custom
  • GCP > Network > Subnetwork > Approved > Custom
  • GCP > Network > Target HTTPS Proxy > Approved > Custom
  • GCP > Network > Target Pool > Approved > Custom
  • GCP > Network > Target SSL Proxy > Approved > Custom
  • GCP > Network > Target TCP Proxy > Approved > Custom
  • GCP > Network > Target VPN Gateway > Approved > Custom
  • GCP > Network > URL Map > Approved > Custom
  • GCP > Network > VPN Tunnel > Approved > Custom

5.10.0 (2021-08-12)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.

5.9.1 (2021-07-22)

Bug fixes

  • The GCP > Network > Subnetwork > CMDB control would remain in TBD state because of incorrect precheck dependencies. This is fixed and now the control will work as expected.

5.9.0 (2021-06-16)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

5.8.1 (2021-02-02)

Bug fixes

  • Controls run faster now when in the tbd and skipped states thanks to the new Guardrails Precheck feature (not to be confused with TSA PreCheck). With Guardrails Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.
  • We've updated the examples for the GCP > Network > Firewall > Ingress Rules > Approved > Rules policy to contain more clear rules for checking ports.

5.8.0 (2020-12-02)

What's new?

  • SSL proxy load balancers and external HTTPS load balancers rely on SSL policies to determine which TLS versions and ciphers are used for secure connections. To help with configuring these resources, we've added controls that allow you to configure SSL policy profiles and minimum TLS versions, and ensure that load balancers are only using allowed SSL policies.

    To get started with these new controls, first configure the profile and minimum TLS version for your SSL policies with the GCP > Network > SSL Policy > Profile and GCP > Network > SSL Policy > Minimum TLS Version policies respectively.

    After your SSL policies are setup, you can now configure the proxy resources for your load balancers to only use allowed SSL policies. As an example, for target HTTPS proxies, you can use the following policies:

    • GCP > Network > Target HTTPS Proxy > SSL Policy - Check if an allowed SSL policy and if not, set the SSL policy to the one specified in the GCP > Network > Target HTTPS Proxy > SSL Policy > Default policy
    • GCP > Network > Target HTTPS Proxy > SSL Policy > Allowed - A list of SSL policies that are allowed for this target HTTPS proxy
    • GCP > Network > Target HTTPS Proxy > SSL Policy > Default - The SSL policy to use if the current SSL policy is not in the allowed list

Control Types

  • GCP > Network > Region Target HTTPS Proxy > SSL Policy
  • GCP > Network > SSL Policy > Minimum TLS Version
  • GCP > Network > SSL Policy > Profile
  • GCP > Network > Target HTTPS Proxy > SSL Policy
  • GCP > Network > Target SSL Proxy > SSL Policy

Policy Types

  • GCP > Network > Region Target HTTPS Proxy > SSL Policy
  • GCP > Network > Region Target HTTPS Proxy > SSL Policy > Allowed
  • GCP > Network > SSL Policy > Minimum TLS Version
  • GCP > Network > SSL Policy > Profile
  • GCP > Network > Target HTTPS Proxy > SSL Policy
  • GCP > Network > Target HTTPS Proxy > SSL Policy > Allowed
  • GCP > Network > Target HTTPS Proxy > SSL Policy > Default
  • GCP > Network > Target SSL Proxy > SSL Policy
  • GCP > Network > Target SSL Proxy > SSL Policy > Allowed
  • GCP > Network > Target SSL Proxy > SSL Policy > Default

Action Types

  • GCP > Network > SSL Policy > Update Minimum TLS Version
  • GCP > Network > SSL Policy > Update Profile
  • GCP > Network > Target HTTPS Proxy > Update SSL Policy
  • GCP > Network > Target SSL Proxy > Update SSL Policy

5.7.1 (2020-11-10)

Bug fixes

  • We've updated the Discovery controls for resources to now move to skipped instead of invalid if the service API is disabled in the project and the GCP > {service} > API Enabled policy is checking if the API is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the service API.

5.7.0 (2020-10-28)

Resource Types

  • GCP > Network > Region SSL Certificate
  • GCP > Network > Region Target HTTPS Proxy
  • GCP > Network > SSL Certificate
  • GCP > Network > SSL Policy
  • GCP > Network > Target HTTPS Proxy

Control Types

  • GCP > Network > Region SSL Certificate > Active
  • GCP > Network > Region SSL Certificate > Approved
  • GCP > Network > Region SSL Certificate > CMDB
  • GCP > Network > Region SSL Certificate > Discovery
  • GCP > Network > Region SSL Certificate > Usage
  • GCP > Network > Region Target HTTPS Proxy > Active
  • GCP > Network > Region Target HTTPS Proxy > Approved
  • GCP > Network > Region Target HTTPS Proxy > CMDB
  • GCP > Network > Region Target HTTPS Proxy > Discovery
  • GCP > Network > Region Target HTTPS Proxy > Usage
  • GCP > Network > SSL Certificate > Active
  • GCP > Network > SSL Certificate > Approved
  • GCP > Network > SSL Certificate > CMDB
  • GCP > Network > SSL Certificate > Discovery
  • GCP > Network > SSL Certificate > Usage
  • GCP > Network > SSL Policy > Active
  • GCP > Network > SSL Policy > Approved
  • GCP > Network > SSL Policy > CMDB
  • GCP > Network > SSL Policy > Discovery
  • GCP > Network > SSL Policy > Usage
  • GCP > Network > Target HTTPS Proxy > Active
  • GCP > Network > Target HTTPS Proxy > Approved
  • GCP > Network > Target HTTPS Proxy > CMDB
  • GCP > Network > Target HTTPS Proxy > Discovery
  • GCP > Network > Target HTTPS Proxy > Usage

Policy Types

  • GCP > Network > Region SSL Certificate > Active
  • GCP > Network > Region SSL Certificate > Active > Age
  • GCP > Network > Region SSL Certificate > Active > Last Modified
  • GCP > Network > Region SSL Certificate > Approved
  • GCP > Network > Region SSL Certificate > Approved > Regions
  • GCP > Network > Region SSL Certificate > Approved > Usage
  • GCP > Network > Region SSL Certificate > CMDB
  • GCP > Network > Region SSL Certificate > Regions
  • GCP > Network > Region SSL Certificate > Usage
  • GCP > Network > Region SSL Certificate > Usage > Limit
  • GCP > Network > Region Target HTTPS Proxy > Active
  • GCP > Network > Region Target HTTPS Proxy > Active > Age
  • GCP > Network > Region Target HTTPS Proxy > Active > Last Modified
  • GCP > Network > Region Target HTTPS Proxy > Approved
  • GCP > Network > Region Target HTTPS Proxy > Approved > Regions
  • GCP > Network > Region Target HTTPS Proxy > Approved > Usage
  • GCP > Network > Region Target HTTPS Proxy > CMDB
  • GCP > Network > Region Target HTTPS Proxy > Regions
  • GCP > Network > Region Target HTTPS Proxy > Usage
  • GCP > Network > Region Target HTTPS Proxy > Usage > Limit
  • GCP > Network > SSL Certificate > Active
  • GCP > Network > SSL Certificate > Active > Age
  • GCP > Network > SSL Certificate > Active > Last Modified
  • GCP > Network > SSL Certificate > Approved
  • GCP > Network > SSL Certificate > Approved > Usage
  • GCP > Network > SSL Certificate > CMDB
  • GCP > Network > SSL Certificate > Usage
  • GCP > Network > SSL Certificate > Usage > Limit
  • GCP > Network > SSL Policy > Active
  • GCP > Network > SSL Policy > Active > Age
  • GCP > Network > SSL Policy > Active > Last Modified
  • GCP > Network > SSL Policy > Approved
  • GCP > Network > SSL Policy > Approved > Usage
  • GCP > Network > SSL Policy > CMDB
  • GCP > Network > SSL Policy > Usage
  • GCP > Network > SSL Policy > Usage > Limit
  • GCP > Network > Target HTTPS Proxy > Active
  • GCP > Network > Target HTTPS Proxy > Active > Age
  • GCP > Network > Target HTTPS Proxy > Active > Last Modified
  • GCP > Network > Target HTTPS Proxy > Approved
  • GCP > Network > Target HTTPS Proxy > Approved > Usage
  • GCP > Network > Target HTTPS Proxy > CMDB
  • GCP > Network > Target HTTPS Proxy > Usage
  • GCP > Network > Target HTTPS Proxy > Usage > Limit

Action Types

  • GCP > Network > Region SSL Certificate > Delete
  • GCP > Network > Region Target HTTPS Proxy > Delete
  • GCP > Network > SSL Certificate > Delete
  • GCP > Network > SSL Certificate > Router
  • GCP > Network > SSL Policy > Delete
  • GCP > Network > Target HTTPS Proxy > Delete
  • GCP > Network > Target HTTPS Proxy > Router

5.6.0 (2020-10-16)

What's new?

  • We have added GCP > Network > Backend Service > Logging and GCP > Network > Region Backend Service > Logging controls which will allow you to audit, verify, and analyze the effects of your backend services.

    To get started with this control, please set the GCP > Network > Backend Service > Logging and GCP > Network > Region Backend Service > Logging policies.

    With the addition of GCP > Network > Backend Service > Logging > Sample Rate and GCP > Network > Region Backend Service > Logging > Sample Rate policies you can also configure the sampling rate of requests to the load balancers.

Control Types

  • GCP > Network > Backend Service > Logging
  • GCP > Network > Region Backend Service > Logging

Policy Types

  • GCP > Network > Backend Service > Logging
  • GCP > Network > Backend Service > Logging > Sample Rate
  • GCP > Network > Region Backend Service > Logging
  • GCP > Network > Region Backend Service > Logging > Sample Rate

Action Types

  • GCP > Network > Backend Service > Update Logging
  • GCP > Network > Region Backend Service > Update Logging

5.5.0 (2020-09-30)

What's new?

  • The GCP > Network > Address > Approved control can now check if an address is approved based on which network tier it was created with (standard or premium). To enable this approved check, please set the GCP > Network > Address > Approved > Network Tier policy.

  • The GCP > Network > Address > Active control can now check if an address is active based on if the address is currently in use. To enable this active check, please set the GCP > Network > Address > Active > Status policy.

  • We've added the GCP > Network > Firewall > Ingress Rules > Approved control, which can be used to check for and remove unapproved ingress rules. These ingress rules are determined to be unapproved based on the OCL rules defined in the GCP > Network > Firewall > Ingress Rules > Approved > Rules policy.

    To get started with this control, please set the GCP > Network > Firewall > Ingress Rules > Approved policy and then add your rules to the GCP > Network > Firewall > Ingress Rules > Approved > Rules policy.

Resource Types

  • GCP > Network > Packet Mirroring
  • GCP > Network > Target SSL Proxy
  • GCP > Network > Target TCP Proxy

Control Types

  • GCP > Network > Firewall > Ingress Rules
  • GCP > Network > Firewall > Ingress Rules > Approved
  • GCP > Network > Packet Mirroring > Active
  • GCP > Network > Packet Mirroring > Approved
  • GCP > Network > Packet Mirroring > CMDB
  • GCP > Network > Packet Mirroring > Discovery
  • GCP > Network > Packet Mirroring > Usage
  • GCP > Network > Target SSL Proxy > Active
  • GCP > Network > Target SSL Proxy > Approved
  • GCP > Network > Target SSL Proxy > CMDB
  • GCP > Network > Target SSL Proxy > Discovery
  • GCP > Network > Target SSL Proxy > Usage
  • GCP > Network > Target TCP Proxy > Active
  • GCP > Network > Target TCP Proxy > Approved
  • GCP > Network > Target TCP Proxy > CMDB
  • GCP > Network > Target TCP Proxy > Discovery
  • GCP > Network > Target TCP Proxy > Usage

Policy Types

  • GCP > Network > Address > Active > Status
  • GCP > Network > Address > Approved > Network Tier
  • GCP > Network > Firewall > Ingress Rules
  • GCP > Network > Firewall > Ingress Rules > Approved
  • GCP > Network > Firewall > Ingress Rules > Approved > Rules
  • GCP > Network > Packet Mirroring > Active
  • GCP > Network > Packet Mirroring > Active > Age
  • GCP > Network > Packet Mirroring > Active > Last Modified
  • GCP > Network > Packet Mirroring > Approved
  • GCP > Network > Packet Mirroring > Approved > Regions
  • GCP > Network > Packet Mirroring > Approved > Usage
  • GCP > Network > Packet Mirroring > CMDB
  • GCP > Network > Packet Mirroring > Regions
  • GCP > Network > Packet Mirroring > Usage
  • GCP > Network > Packet Mirroring > Usage > Limit
  • GCP > Network > Target SSL Proxy > Active
  • GCP > Network > Target SSL Proxy > Active > Age
  • GCP > Network > Target SSL Proxy > Active > Last Modified
  • GCP > Network > Target SSL Proxy > Approved
  • GCP > Network > Target SSL Proxy > Approved > Usage
  • GCP > Network > Target SSL Proxy > CMDB
  • GCP > Network > Target SSL Proxy > Usage
  • GCP > Network > Target SSL Proxy > Usage > Limit
  • GCP > Network > Target TCP Proxy > Active
  • GCP > Network > Target TCP Proxy > Active > Age
  • GCP > Network > Target TCP Proxy > Active > Last Modified
  • GCP > Network > Target TCP Proxy > Approved
  • GCP > Network > Target TCP Proxy > Approved > Usage
  • GCP > Network > Target TCP Proxy > CMDB
  • GCP > Network > Target TCP Proxy > Usage
  • GCP > Network > Target TCP Proxy > Usage > Limit

Action Types

  • GCP > Network > Firewall > Update Or Delete Rule
  • GCP > Network > Packet Mirroring > Delete
  • GCP > Network > Packet Mirroring > Router
  • GCP > Network > Target SSL Proxy > Delete
  • GCP > Network > Target SSL Proxy > Router
  • GCP > Network > Target TCP Proxy > Delete

5.4.0 (2020-09-22)

What's new?

  • We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.

Resource Types

  • GCP > Network > Region URL Map
  • GCP > Network > Target Pool
  • GCP > Network > URL Map

Control Types

  • GCP > Network > Region URL Map > Active
  • GCP > Network > Region URL Map > Approved
  • GCP > Network > Region URL Map > CMDB
  • GCP > Network > Region URL Map > Discovery
  • GCP > Network > Region URL Map > Usage
  • GCP > Network > Target Pool > Active
  • GCP > Network > Target Pool > Approved
  • GCP > Network > Target Pool > CMDB
  • GCP > Network > Target Pool > Discovery
  • GCP > Network > Target Pool > Usage
  • GCP > Network > URL Map > Active
  • GCP > Network > URL Map > Approved
  • GCP > Network > URL Map > CMDB
  • GCP > Network > URL Map > Discovery
  • GCP > Network > URL Map > Usage

Policy Types

  • GCP > Network > Region URL Map > Active
  • GCP > Network > Region URL Map > Active > Age
  • GCP > Network > Region URL Map > Active > Last Modified
  • GCP > Network > Region URL Map > Approved
  • GCP > Network > Region URL Map > Approved > Regions
  • GCP > Network > Region URL Map > Approved > Usage
  • GCP > Network > Region URL Map > CMDB
  • GCP > Network > Region URL Map > Regions
  • GCP > Network > Region URL Map > Usage
  • GCP > Network > Region URL Map > Usage > Limit
  • GCP > Network > Target Pool > Active
  • GCP > Network > Target Pool > Active > Age
  • GCP > Network > Target Pool > Active > Last Modified
  • GCP > Network > Target Pool > Approved
  • GCP > Network > Target Pool > Approved > Regions
  • GCP > Network > Target Pool > Approved > Usage
  • GCP > Network > Target Pool > CMDB
  • GCP > Network > Target Pool > Regions
  • GCP > Network > Target Pool > Usage
  • GCP > Network > Target Pool > Usage > Limit
  • GCP > Network > URL Map > Active
  • GCP > Network > URL Map > Active > Age
  • GCP > Network > URL Map > Active > Last Modified
  • GCP > Network > URL Map > Approved
  • GCP > Network > URL Map > Approved > Usage
  • GCP > Network > URL Map > CMDB
  • GCP > Network > URL Map > Usage
  • GCP > Network > URL Map > Usage > Limit

Action Types

  • GCP > Network > Region URL Map > Delete
  • GCP > Network > Target Pool > Delete
  • GCP > Network > Target Pool > Router
  • GCP > Network > URL Map > Delete
  • GCP > Network > URL Map > Router

5.3.0 (2020-08-28)

What's new?

  • Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.
  • We've renamed the service's default regions policy from Regions [Default] to Regions to be consistent with our other regions policies.

5.2.0 (2020-08-13)

What's new?

  • We now support controlling access for subnetworks to provide automatic protection against unexpected access from projects, domains, groups, users, and service accounts.

    To get started with this new control, please see the GCP > Network > Subnetwork > Policy > Trusted Access policy and all of its sub-policies to specify which IAM resources are allowed to access your subnetworks.

Control Types

  • GCP > Network > Firewall > Logging
  • GCP > Network > Subnetwork > Policy
  • GCP > Network > Subnetwork > Policy > Trusted Access

Policy Types

  • GCP > Network > Firewall > Logging
  • GCP > Network > Network > Trusted Domains [Default]
  • GCP > Network > Network > Trusted Groups [Default]
  • GCP > Network > Network > Trusted Projects [Default]
  • GCP > Network > Network > Trusted Service Accounts [Default]
  • GCP > Network > Network > Trusted Users [Default]
  • GCP > Network > Subnetwork > Policy
  • GCP > Network > Subnetwork > Policy > Trusted Access
  • GCP > Network > Subnetwork > Policy > Trusted Access > Domains
  • GCP > Network > Subnetwork > Policy > Trusted Access > Groups
  • GCP > Network > Subnetwork > Policy > Trusted Access > Projects
  • GCP > Network > Subnetwork > Policy > Trusted Access > Service Accounts
  • GCP > Network > Subnetwork > Policy > Trusted Access > Users

Action Types

  • GCP > Network > Firewall > Update Logging
  • GCP > Network > Subnetwork > Set Trusted Access

5.1.2 (2020-08-10)

Bug fixes

  • We've fixed an issue in GCP > Network > Region Backend Service > Discovery control that resulted in inconsistent timestamp formats for the creationTimestamp property.

5.1.1 (2020-07-24)

Bug fixes

  • Active controls for all resources were not calling the delete action properly, which meant inactive resources were not being deleted when the policy was set to enforce deletions. This has been fixed and inactive resources will now be cleaned up again.

5.1.0 (2020-07-20)

Resource Types

  • GCP > Network > Forwarding Rule
  • GCP > Network > Global Forwarding Rule

Control Types

  • GCP > Network > Forwarding Rule > Active
  • GCP > Network > Forwarding Rule > Approved
  • GCP > Network > Forwarding Rule > CMDB
  • GCP > Network > Forwarding Rule > Discovery
  • GCP > Network > Forwarding Rule > Labels
  • GCP > Network > Forwarding Rule > Usage
  • GCP > Network > Global Forwarding Rule > Active
  • GCP > Network > Global Forwarding Rule > Approved
  • GCP > Network > Global Forwarding Rule > CMDB
  • GCP > Network > Global Forwarding Rule > Discovery
  • GCP > Network > Global Forwarding Rule > Labels
  • GCP > Network > Global Forwarding Rule > Usage

Policy Types

  • GCP > Network > Forwarding Rule > Active
  • GCP > Network > Forwarding Rule > Active > Age
  • GCP > Network > Forwarding Rule > Active > Last Modified
  • GCP > Network > Forwarding Rule > Approved
  • GCP > Network > Forwarding Rule > Approved > Regions
  • GCP > Network > Forwarding Rule > Approved > Usage
  • GCP > Network > Forwarding Rule > CMDB
  • GCP > Network > Forwarding Rule > Labels
  • GCP > Network > Forwarding Rule > Labels > Template
  • GCP > Network > Forwarding Rule > Regions
  • GCP > Network > Forwarding Rule > Usage
  • GCP > Network > Forwarding Rule > Usage > Limit
  • GCP > Network > Global Forwarding Rule > Active
  • GCP > Network > Global Forwarding Rule > Active > Age
  • GCP > Network > Global Forwarding Rule > Active > Last Modified
  • GCP > Network > Global Forwarding Rule > Approved
  • GCP > Network > Global Forwarding Rule > Approved > Usage
  • GCP > Network > Global Forwarding Rule > CMDB
  • GCP > Network > Global Forwarding Rule > Labels
  • GCP > Network > Global Forwarding Rule > Labels > Template
  • GCP > Network > Global Forwarding Rule > Usage
  • GCP > Network > Global Forwarding Rule > Usage > Limit
  • GCP > Network > Labels Template [Default]

Action Types

  • GCP > Network > Forwarding Rule > Delete
  • GCP > Network > Forwarding Rule > Router
  • GCP > Network > Forwarding Rule > Set Labels
  • GCP > Network > Global Forwarding Rule > Delete
  • GCP > Network > Global Forwarding Rule > Router
  • GCP > Network > Global Forwarding Rule > Set Labels

5.0.5 (2020-06-03)

What's new?

  • All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.

5.0.4 (2020-05-14)

Bug fixes

  • Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.

5.0.3 (2020-05-06)

Bug fixes

  • While importing a GCP project, sometimes resources' Discovery controls would get stuck in an Invalid state due to incorrectly configured dependencies. This has been fixed and project imports should be smooth again.

5.0.2 (2020-04-24)

Bug fixes

  • The Target VPN Gateway Discovery control was incorrectly checking if the Network API (which doesn't exist) is enabled instead of the Compute Engine API. This resulted in the control moving incorrectly to Error instead of Invalid if the Compute Engine API was disabled. This has been fixed.

5.0.1 (2020-04-20)

Bug fixes

  • Several resources that have an IAM policy had an incomplete schema, which prevented the iamPolicy attribute from being used in calculated policies. This has been fixed.

5.0.0 (2020-04-09)

Resource Types

  • GCP > Network
  • GCP > Network > Address
  • GCP > Network > Backend Bucket
  • GCP > Network > Backend Service
  • GCP > Network > Firewall
  • GCP > Network > Global Address
  • GCP > Network > Interconnect
  • GCP > Network > Network
  • GCP > Network > Region Backend Service
  • GCP > Network > Route
  • GCP > Network > Router
  • GCP > Network > Subnetwork
  • GCP > Network > Target VPN Gateway
  • GCP > Network > VPN Tunnel

Control Types

  • GCP > Network > API Enabled
  • GCP > Network > Address > Active
  • GCP > Network > Address > Approved
  • GCP > Network > Address > CMDB
  • GCP > Network > Address > Configured
  • GCP > Network > Address > Discovery
  • GCP > Network > Address > Usage
  • GCP > Network > Backend Bucket > Active
  • GCP > Network > Backend Bucket > Approved
  • GCP > Network > Backend Bucket > CMDB
  • GCP > Network > Backend Bucket > Configured
  • GCP > Network > Backend Bucket > Discovery
  • GCP > Network > Backend Bucket > Usage
  • GCP > Network > Backend Service > Active
  • GCP > Network > Backend Service > Approved
  • GCP > Network > Backend Service > CMDB
  • GCP > Network > Backend Service > Configured
  • GCP > Network > Backend Service > Discovery
  • GCP > Network > Backend Service > Usage
  • GCP > Network > CMDB
  • GCP > Network > Discovery
  • GCP > Network > Firewall > Active
  • GCP > Network > Firewall > Approved
  • GCP > Network > Firewall > CMDB
  • GCP > Network > Firewall > Configured
  • GCP > Network > Firewall > Discovery
  • GCP > Network > Firewall > Usage
  • GCP > Network > Global Address > Active
  • GCP > Network > Global Address > Approved
  • GCP > Network > Global Address > CMDB
  • GCP > Network > Global Address > Discovery
  • GCP > Network > Global Address > Usage
  • GCP > Network > Interconnect > Active
  • GCP > Network > Interconnect > Approved
  • GCP > Network > Interconnect > CMDB
  • GCP > Network > Interconnect > Discovery
  • GCP > Network > Interconnect > Usage
  • GCP > Network > Network > Active
  • GCP > Network > Network > Approved
  • GCP > Network > Network > CMDB
  • GCP > Network > Network > Configured
  • GCP > Network > Network > Discovery
  • GCP > Network > Network > Usage
  • GCP > Network > Region Backend Service > Active
  • GCP > Network > Region Backend Service > Approved
  • GCP > Network > Region Backend Service > CMDB
  • GCP > Network > Region Backend Service > Configured
  • GCP > Network > Region Backend Service > Discovery
  • GCP > Network > Region Backend Service > Usage
  • GCP > Network > Route > Active
  • GCP > Network > Route > Approved
  • GCP > Network > Route > CMDB
  • GCP > Network > Route > Configured
  • GCP > Network > Route > Discovery
  • GCP > Network > Route > Usage
  • GCP > Network > Router > Active
  • GCP > Network > Router > Approved
  • GCP > Network > Router > CMDB
  • GCP > Network > Router > Configured
  • GCP > Network > Router > Discovery
  • GCP > Network > Router > Usage
  • GCP > Network > Subnetwork > Active
  • GCP > Network > Subnetwork > Approved
  • GCP > Network > Subnetwork > CMDB
  • GCP > Network > Subnetwork > Configured
  • GCP > Network > Subnetwork > Discovery
  • GCP > Network > Subnetwork > Usage
  • GCP > Network > Target VPN Gateway > Active
  • GCP > Network > Target VPN Gateway > Approved
  • GCP > Network > Target VPN Gateway > CMDB
  • GCP > Network > Target VPN Gateway > Configured
  • GCP > Network > Target VPN Gateway > Discovery
  • GCP > Network > Target VPN Gateway > Usage
  • GCP > Network > VPN Tunnel > Active
  • GCP > Network > VPN Tunnel > Approved
  • GCP > Network > VPN Tunnel > CMDB
  • GCP > Network > VPN Tunnel > Configured
  • GCP > Network > VPN Tunnel > Discovery
  • GCP > Network > VPN Tunnel > Labels
  • GCP > Network > VPN Tunnel > Usage

Policy Types

  • GCP > Network > API Enabled
  • GCP > Network > Address > Active
  • GCP > Network > Address > Active > Age
  • GCP > Network > Address > Active > Last Modified
  • GCP > Network > Address > Approved
  • GCP > Network > Address > Approved > Regions
  • GCP > Network > Address > Approved > Usage
  • GCP > Network > Address > CMDB
  • GCP > Network > Address > Configured
  • GCP > Network > Address > Configured > Precedence
  • GCP > Network > Address > Configured > Source
  • GCP > Network > Address > Regions
  • GCP > Network > Address > Usage
  • GCP > Network > Address > Usage > Limit
  • GCP > Network > Approved Regions [Default]
  • GCP > Network > Backend Bucket > Active
  • GCP > Network > Backend Bucket > Active > Age
  • GCP > Network > Backend Bucket > Active > Last Modified
  • GCP > Network > Backend Bucket > Approved
  • GCP > Network > Backend Bucket > Approved > Usage
  • GCP > Network > Backend Bucket > CMDB
  • GCP > Network > Backend Bucket > Configured
  • GCP > Network > Backend Bucket > Configured > Precedence
  • GCP > Network > Backend Bucket > Configured > Source
  • GCP > Network > Backend Bucket > Usage
  • GCP > Network > Backend Bucket > Usage > Limit
  • GCP > Network > Backend Service > Active
  • GCP > Network > Backend Service > Active > Age
  • GCP > Network > Backend Service > Active > Last Modified
  • GCP > Network > Backend Service > Approved
  • GCP > Network > Backend Service > Approved > Usage
  • GCP > Network > Backend Service > CMDB
  • GCP > Network > Backend Service > Configured
  • GCP > Network > Backend Service > Configured > Precedence
  • GCP > Network > Backend Service > Configured > Source
  • GCP > Network > Backend Service > Usage
  • GCP > Network > Backend Service > Usage > Limit
  • GCP > Network > CMDB
  • GCP > Network > Enabled
  • GCP > Network > Firewall > Active
  • GCP > Network > Firewall > Active > Age
  • GCP > Network > Firewall > Active > Last Modified
  • GCP > Network > Firewall > Approved
  • GCP > Network > Firewall > Approved > Usage
  • GCP > Network > Firewall > CMDB
  • GCP > Network > Firewall > Configured
  • GCP > Network > Firewall > Configured > Precedence
  • GCP > Network > Firewall > Configured > Source
  • GCP > Network > Firewall > Usage
  • GCP > Network > Firewall > Usage > Limit
  • GCP > Network > Global Address > Active
  • GCP > Network > Global Address > Active > Age
  • GCP > Network > Global Address > Active > Last Modified
  • GCP > Network > Global Address > Approved
  • GCP > Network > Global Address > Approved > Usage
  • GCP > Network > Global Address > CMDB
  • GCP > Network > Global Address > Usage
  • GCP > Network > Global Address > Usage > Limit
  • GCP > Network > Interconnect > Active
  • GCP > Network > Interconnect > Active > Age
  • GCP > Network > Interconnect > Active > Last Modified
  • GCP > Network > Interconnect > Approved
  • GCP > Network > Interconnect > Approved > Usage
  • GCP > Network > Interconnect > CMDB
  • GCP > Network > Interconnect > Usage
  • GCP > Network > Interconnect > Usage > Limit
  • GCP > Network > Network > Active
  • GCP > Network > Network > Active > Age
  • GCP > Network > Network > Active > Last Modified
  • GCP > Network > Network > Approved
  • GCP > Network > Network > Approved > Usage
  • GCP > Network > Network > CMDB
  • GCP > Network > Network > Configured
  • GCP > Network > Network > Configured > Precedence
  • GCP > Network > Network > Configured > Source
  • GCP > Network > Network > Usage
  • GCP > Network > Network > Usage > Limit
  • GCP > Network > Permissions
  • GCP > Network > Permissions > Levels
  • GCP > Network > Permissions > Levels > Address Administration
  • GCP > Network > Permissions > Levels > Firewall Administration
  • GCP > Network > Permissions > Levels > Forwarding Rules Administration
  • GCP > Network > Permissions > Levels > Global Addresses Administration
  • GCP > Network > Permissions > Levels > Global Forwarding Rules Administration
  • GCP > Network > Permissions > Levels > HTTP Load Balancer Administration
  • GCP > Network > Permissions > Levels > Modifiers
  • GCP > Network > Permissions > Levels > Network Administration
  • GCP > Network > Permissions > Levels > Route Administration
  • GCP > Network > Permissions > Levels > Router Administration
  • GCP > Network > Permissions > Levels > Subnetwork Administration
  • GCP > Network > Permissions > Levels > VPN Gateway Administration
  • GCP > Network > Permissions > Levels > VPN Tunnel Administration
  • GCP > Network > Region Backend Service > Active
  • GCP > Network > Region Backend Service > Active > Age
  • GCP > Network > Region Backend Service > Active > Last Modified
  • GCP > Network > Region Backend Service > Approved
  • GCP > Network > Region Backend Service > Approved > Regions
  • GCP > Network > Region Backend Service > Approved > Usage
  • GCP > Network > Region Backend Service > CMDB
  • GCP > Network > Region Backend Service > Configured
  • GCP > Network > Region Backend Service > Configured > Precedence
  • GCP > Network > Region Backend Service > Configured > Source
  • GCP > Network > Region Backend Service > Regions
  • GCP > Network > Region Backend Service > Usage
  • GCP > Network > Region Backend Service > Usage > Limit
  • GCP > Network > Regions [Default]
  • GCP > Network > Route > Active
  • GCP > Network > Route > Active > Age
  • GCP > Network > Route > Active > Last Modified
  • GCP > Network > Route > Approved
  • GCP > Network > Route > Approved > Usage
  • GCP > Network > Route > CMDB
  • GCP > Network > Route > Configured
  • GCP > Network > Route > Configured > Precedence
  • GCP > Network > Route > Configured > Source
  • GCP > Network > Route > Regions
  • GCP > Network > Route > Usage
  • GCP > Network > Route > Usage > Limit
  • GCP > Network > Router > Active
  • GCP > Network > Router > Active > Age
  • GCP > Network > Router > Active > Last Modified
  • GCP > Network > Router > Approved
  • GCP > Network > Router > Approved > Regions
  • GCP > Network > Router > Approved > Usage
  • GCP > Network > Router > CMDB
  • GCP > Network > Router > Configured
  • GCP > Network > Router > Configured > Precedence
  • GCP > Network > Router > Configured > Source
  • GCP > Network > Router > Regions
  • GCP > Network > Router > Usage
  • GCP > Network > Router > Usage > Limit
  • GCP > Network > Subnetwork > Active
  • GCP > Network > Subnetwork > Active > Age
  • GCP > Network > Subnetwork > Active > Last Modified
  • GCP > Network > Subnetwork > Approved
  • GCP > Network > Subnetwork > Approved > Regions
  • GCP > Network > Subnetwork > Approved > Usage
  • GCP > Network > Subnetwork > CMDB
  • GCP > Network > Subnetwork > Configured
  • GCP > Network > Subnetwork > Configured > Precedence
  • GCP > Network > Subnetwork > Configured > Source
  • GCP > Network > Subnetwork > Regions
  • GCP > Network > Subnetwork > Usage
  • GCP > Network > Subnetwork > Usage > Limit
  • GCP > Network > Target VPN Gateway > Active
  • GCP > Network > Target VPN Gateway > Active > Age
  • GCP > Network > Target VPN Gateway > Active > Last Modified
  • GCP > Network > Target VPN Gateway > Approved
  • GCP > Network > Target VPN Gateway > Approved > Regions
  • GCP > Network > Target VPN Gateway > Approved > Usage
  • GCP > Network > Target VPN Gateway > CMDB
  • GCP > Network > Target VPN Gateway > Configured
  • GCP > Network > Target VPN Gateway > Configured > Precedence
  • GCP > Network > Target VPN Gateway > Configured > Source
  • GCP > Network > Target VPN Gateway > Regions
  • GCP > Network > Target VPN Gateway > Usage
  • GCP > Network > Target VPN Gateway > Usage > Limit
  • GCP > Network > VPN Tunnel > Active
  • GCP > Network > VPN Tunnel > Active > Age
  • GCP > Network > VPN Tunnel > Active > Last Modified
  • GCP > Network > VPN Tunnel > Approved
  • GCP > Network > VPN Tunnel > Approved > Regions
  • GCP > Network > VPN Tunnel > Approved > Usage
  • GCP > Network > VPN Tunnel > CMDB
  • GCP > Network > VPN Tunnel > Configured
  • GCP > Network > VPN Tunnel > Configured > Precedence
  • GCP > Network > VPN Tunnel > Configured > Source
  • GCP > Network > VPN Tunnel > Labels
  • GCP > Network > VPN Tunnel > Labels > Template
  • GCP > Network > VPN Tunnel > Regions
  • GCP > Network > VPN Tunnel > Usage
  • GCP > Network > VPN Tunnel > Usage > Limit
  • GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-network
  • GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-network
  • GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-network

Action Types

  • GCP > Network > Address > Delete
  • GCP > Network > Address > Router
  • GCP > Network > Backend Bucket > Delete
  • GCP > Network > Backend Bucket > Router
  • GCP > Network > Backend Service > Delete
  • GCP > Network > Backend Service > Router
  • GCP > Network > Firewall > Delete
  • GCP > Network > Firewall > Router
  • GCP > Network > Global Address > Delete
  • GCP > Network > Global Address > Router
  • GCP > Network > Interconnect > Delete
  • GCP > Network > Network > Delete
  • GCP > Network > Network > Router
  • GCP > Network > Region Backend Service > Delete
  • GCP > Network > Route > Delete
  • GCP > Network > Route > Router
  • GCP > Network > Router > Delete
  • GCP > Network > Router > Router
  • GCP > Network > Set API Enabled
  • GCP > Network > Subnetwork > Delete
  • GCP > Network > Subnetwork > Router
  • GCP > Network > Target VPN Gateway > Delete
  • GCP > Network > Target VPN Gateway > Router
  • GCP > Network > VPN Tunnel > Delete
  • GCP > Network > VPN Tunnel > Router
  • GCP > Network > VPN Tunnel > Set Labels