Control types for @turbot/gcp-network
- GCP > Network > API Enabled
- GCP > Network > Address > Active
- GCP > Network > Address > Approved
- GCP > Network > Address > CMDB
- GCP > Network > Address > Configured
- GCP > Network > Address > Discovery
- GCP > Network > Address > Usage
- GCP > Network > Backend Bucket > Active
- GCP > Network > Backend Bucket > Approved
- GCP > Network > Backend Bucket > CMDB
- GCP > Network > Backend Bucket > Configured
- GCP > Network > Backend Bucket > Discovery
- GCP > Network > Backend Bucket > Usage
- GCP > Network > Backend Service > Active
- GCP > Network > Backend Service > Approved
- GCP > Network > Backend Service > CMDB
- GCP > Network > Backend Service > Configured
- GCP > Network > Backend Service > Discovery
- GCP > Network > Backend Service > Logging
- GCP > Network > Backend Service > Usage
- GCP > Network > CMDB
- GCP > Network > Discovery
- GCP > Network > Firewall > Active
- GCP > Network > Firewall > Approved
- GCP > Network > Firewall > CMDB
- GCP > Network > Firewall > Configured
- GCP > Network > Firewall > Discovery
- GCP > Network > Firewall > Ingress Rules
- GCP > Network > Firewall > Ingress Rules > Approved
- GCP > Network > Firewall > Logging
- GCP > Network > Firewall > Usage
- GCP > Network > Forwarding Rule > Active
- GCP > Network > Forwarding Rule > Approved
- GCP > Network > Forwarding Rule > CMDB
- GCP > Network > Forwarding Rule > Discovery
- GCP > Network > Forwarding Rule > Labels
- GCP > Network > Forwarding Rule > Usage
- GCP > Network > Global Address > Active
- GCP > Network > Global Address > Approved
- GCP > Network > Global Address > CMDB
- GCP > Network > Global Address > Discovery
- GCP > Network > Global Address > Usage
- GCP > Network > Global Forwarding Rule > Active
- GCP > Network > Global Forwarding Rule > Approved
- GCP > Network > Global Forwarding Rule > CMDB
- GCP > Network > Global Forwarding Rule > Discovery
- GCP > Network > Global Forwarding Rule > Labels
- GCP > Network > Global Forwarding Rule > Usage
- GCP > Network > Interconnect > Active
- GCP > Network > Interconnect > Approved
- GCP > Network > Interconnect > CMDB
- GCP > Network > Interconnect > Discovery
- GCP > Network > Interconnect > Usage
- GCP > Network > Network > Active
- GCP > Network > Network > Approved
- GCP > Network > Network > CMDB
- GCP > Network > Network > Configured
- GCP > Network > Network > Discovery
- GCP > Network > Network > Usage
- GCP > Network > Packet Mirroring > Active
- GCP > Network > Packet Mirroring > Approved
- GCP > Network > Packet Mirroring > CMDB
- GCP > Network > Packet Mirroring > Discovery
- GCP > Network > Packet Mirroring > Usage
- GCP > Network > Region Backend Service > Active
- GCP > Network > Region Backend Service > Approved
- GCP > Network > Region Backend Service > CMDB
- GCP > Network > Region Backend Service > Configured
- GCP > Network > Region Backend Service > Discovery
- GCP > Network > Region Backend Service > Logging
- GCP > Network > Region Backend Service > Usage
- GCP > Network > Region SSL Certificate > Active
- GCP > Network > Region SSL Certificate > Approved
- GCP > Network > Region SSL Certificate > CMDB
- GCP > Network > Region SSL Certificate > Discovery
- GCP > Network > Region SSL Certificate > Usage
- GCP > Network > Region Target HTTPS Proxy > Active
- GCP > Network > Region Target HTTPS Proxy > Approved
- GCP > Network > Region Target HTTPS Proxy > CMDB
- GCP > Network > Region Target HTTPS Proxy > Discovery
- GCP > Network > Region Target HTTPS Proxy > SSL Policy
- GCP > Network > Region Target HTTPS Proxy > Usage
- GCP > Network > Region URL Map > Active
- GCP > Network > Region URL Map > Approved
- GCP > Network > Region URL Map > CMDB
- GCP > Network > Region URL Map > Discovery
- GCP > Network > Region URL Map > Usage
- GCP > Network > Route > Active
- GCP > Network > Route > Approved
- GCP > Network > Route > CMDB
- GCP > Network > Route > Configured
- GCP > Network > Route > Discovery
- GCP > Network > Route > Usage
- GCP > Network > Router > Active
- GCP > Network > Router > Approved
- GCP > Network > Router > CMDB
- GCP > Network > Router > Configured
- GCP > Network > Router > Discovery
- GCP > Network > Router > Usage
- GCP > Network > SSL Certificate > Active
- GCP > Network > SSL Certificate > Approved
- GCP > Network > SSL Certificate > CMDB
- GCP > Network > SSL Certificate > Discovery
- GCP > Network > SSL Certificate > Usage
- GCP > Network > SSL Policy > Active
- GCP > Network > SSL Policy > Approved
- GCP > Network > SSL Policy > CMDB
- GCP > Network > SSL Policy > Discovery
- GCP > Network > SSL Policy > Minimum TLS Version
- GCP > Network > SSL Policy > Profile
- GCP > Network > SSL Policy > Usage
- GCP > Network > Subnetwork > Active
- GCP > Network > Subnetwork > Approved
- GCP > Network > Subnetwork > CMDB
- GCP > Network > Subnetwork > Configured
- GCP > Network > Subnetwork > Discovery
- GCP > Network > Subnetwork > Policy
- GCP > Network > Subnetwork > Policy > Trusted Access
- GCP > Network > Subnetwork > Usage
- GCP > Network > Target HTTPS Proxy > Active
- GCP > Network > Target HTTPS Proxy > Approved
- GCP > Network > Target HTTPS Proxy > CMDB
- GCP > Network > Target HTTPS Proxy > Discovery
- GCP > Network > Target HTTPS Proxy > SSL Policy
- GCP > Network > Target HTTPS Proxy > Usage
- GCP > Network > Target Pool > Active
- GCP > Network > Target Pool > Approved
- GCP > Network > Target Pool > CMDB
- GCP > Network > Target Pool > Discovery
- GCP > Network > Target Pool > Usage
- GCP > Network > Target SSL Proxy > Active
- GCP > Network > Target SSL Proxy > Approved
- GCP > Network > Target SSL Proxy > CMDB
- GCP > Network > Target SSL Proxy > Discovery
- GCP > Network > Target SSL Proxy > SSL Policy
- GCP > Network > Target SSL Proxy > Usage
- GCP > Network > Target TCP Proxy > Active
- GCP > Network > Target TCP Proxy > Approved
- GCP > Network > Target TCP Proxy > CMDB
- GCP > Network > Target TCP Proxy > Discovery
- GCP > Network > Target TCP Proxy > Usage
- GCP > Network > Target VPN Gateway > Active
- GCP > Network > Target VPN Gateway > Approved
- GCP > Network > Target VPN Gateway > CMDB
- GCP > Network > Target VPN Gateway > Configured
- GCP > Network > Target VPN Gateway > Discovery
- GCP > Network > Target VPN Gateway > Usage
- GCP > Network > URL Map > Active
- GCP > Network > URL Map > Approved
- GCP > Network > URL Map > CMDB
- GCP > Network > URL Map > Discovery
- GCP > Network > URL Map > Usage
- GCP > Network > VPN Tunnel > Active
- GCP > Network > VPN Tunnel > Approved
- GCP > Network > VPN Tunnel > CMDB
- GCP > Network > VPN Tunnel > Configured
- GCP > Network > VPN Tunnel > Discovery
- GCP > Network > VPN Tunnel > Labels
- GCP > Network > VPN Tunnel > Usage
GCP > Network > API Enabled
Configure whether the GCP Network API is enabled.
tmod:@turbot/gcp-network#/control/types/networkServiceApiEnabled
GCP > Network > Address > Active
Take an action when an GCP Network address is not active based on theGCP > Network > Address > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Address > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/addressActive
GCP > Network > Address > Approved
Take an action when a GCP Network address is not approved based on GCP > Network > Address > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/addressApproved
GCP > Network > Address > CMDB
Record and synchronize details for the GCP Network address into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Address > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/addressCmdb
GCP > Network > Address > Configured
Maintain network address configuration
tmod:@turbot/gcp-network#/control/types/addressConfigured
GCP > Network > Address > Discovery
Discover GCP Network address resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Address > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/addressDiscovery
GCP > Network > Address > Usage
The Usage control determines whether the number of GCP Network address resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the GCP > Network > Address > Usage
policy, and set the limit with the GCP > Network > Address > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/addressUsage
GCP > Network > Backend Bucket > Active
Take an action when an GCP Network backend bucket is not active based on theGCP > Network > Backend Bucket > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Backend Bucket > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/backendBucketActive
GCP > Network > Backend Bucket > Approved
Take an action when a GCP Network backend bucket is not approved based on GCP > Network > Backend Bucket > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/backendBucketApproved
GCP > Network > Backend Bucket > CMDB
Record and synchronize details for the GCP Network backend bucket into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/backendBucketCmdb
GCP > Network > Backend Bucket > Configured
Maintain network backendBucket configuration
tmod:@turbot/gcp-network#/control/types/backendBucketConfigured
GCP > Network > Backend Bucket > Discovery
Discover GCP Network backend bucket resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/backendBucketDiscovery
GCP > Network > Backend Bucket > Usage
The Usage control determines whether the number of GCP Network backend bucket resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Backend Bucket > Usage
policy, and set the limit with the GCP > Network > Backend Bucket > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/backendBucketUsage
GCP > Network > Backend Service > Active
Take an action when an GCP Network backend service is not active based on theGCP > Network > Backend Service > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Backend Service > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/backendServiceActive
GCP > Network > Backend Service > Approved
Take an action when a GCP Network backend service is not approved based on GCP > Network > Backend Service > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/backendServiceApproved
GCP > Network > Backend Service > CMDB
Record and synchronize details for the GCP Network backend service into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/backendServiceCmdb
GCP > Network > Backend Service > Configured
Maintain network backendService configuration
tmod:@turbot/gcp-network#/control/types/backendServiceConfigured
GCP > Network > Backend Service > Discovery
Discover GCP Network backend service resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/backendServiceDiscovery
GCP > Network > Backend Service > Logging
Define the Logging settings required for GCP > Network > Backend Service > Logging
.
Backend Service Logging allows you to audit, verify, and analyze the effects of your Backend Service.
tmod:@turbot/gcp-network#/control/types/backendServiceLogging
GCP > Network > Backend Service > Usage
The Usage control determines whether the number of GCP Network backend service resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Backend Service > Usage
policy, and set the limit with the GCP > Network > Backend Service > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/backendServiceUsage
GCP > Network > CMDB
Record and synchronize details for the GCP Network into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/networkServiceCmdb
GCP > Network > Discovery
Discover GCP Network resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/networkServiceDiscovery
GCP > Network > Firewall > Active
Take an action when an GCP Network firewall is not active based on theGCP > Network > Firewall > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Firewall > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/firewallActive
GCP > Network > Firewall > Approved
Take an action when a GCP Network firewall is not approved based on GCP > Network > Firewall > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/firewallApproved
GCP > Network > Firewall > CMDB
Record and synchronize details for the GCP Network firewall into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/firewallCmdb
GCP > Network > Firewall > Configured
Maintain network firewall configuration
tmod:@turbot/gcp-network#/control/types/firewallConfigured
GCP > Network > Firewall > Discovery
Discover GCP Network firewall resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/firewallDiscovery
GCP > Network > Firewall > Ingress Rules
tmod:@turbot/gcp-network#/control/types/firewallIngressRules
GCP > Network > Firewall > Ingress Rules > Approved
Configure Firewall Ingress Rule checking. This control defines whether
to verify the firewall ingress rules are approved, as well as the
subsequent action to take on unapproved items.
If set to Enforce: Delete unapproved
, any unapproved rules will be
revoked from the firewall.
tmod:@turbot/gcp-network#/control/types/firewallIngressRulesApproved
GCP > Network > Firewall > Logging
Define the Logging settings required for GCP > Network > Firewall > Logging
.
Firewall Rules Logging allows you to audit, verify, and analyze the effects of your firewall rules.
Note: Turning on firewall logs can generate a large number of logs which can increase costs in Stackdriver.
tmod:@turbot/gcp-network#/control/types/firewallLogging
GCP > Network > Firewall > Usage
The Usage control determines whether the number of GCP Network firewall resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Firewall > Usage
policy, and set the limit with the GCP > Network > Firewall > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/firewallUsage
GCP > Network > Forwarding Rule > Active
Take an action when an GCP Network forwarding rule is not active based on theGCP > Network > Forwarding Rule > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Forwarding Rule > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/forwardingRuleActive
GCP > Network > Forwarding Rule > Approved
Take an action when a GCP Network forwarding rule is not approved based on GCP > Network > Forwarding Rule > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/forwardingRuleApproved
GCP > Network > Forwarding Rule > CMDB
Record and synchronize details for the GCP Network forwarding rule into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Forwarding Rule > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/forwardingRuleCmdb
GCP > Network > Forwarding Rule > Discovery
Discover GCP Network forwarding rule resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Forwarding Rule > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/forwardingRuleDiscovery
GCP > Network > Forwarding Rule > Labels
Take an action when an GCP Network forwarding rule labels is not updated based on the GCP > Network > Forwarding Rule > Labels > *
policies.
If the resource is not updated with the labels defined in GCP > Network > Forwarding Rule > Labels > Template
, this control raises an alarm and takes the defined enforcement action.
See Labels for more information.
tmod:@turbot/gcp-network#/control/types/forwardingRuleLabels
GCP > Network > Forwarding Rule > Usage
The Usage control determines whether the number of GCP Network forwarding rule resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Forwarding Rule > Usage
policy, and set the limit with the GCP > Network > Forwarding Rule > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/forwardingRuleUsage
GCP > Network > Global Address > Active
Take an action when an GCP Network global address is not active based on theGCP > Network > Global Address > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Global Address > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/globalAddressActive
GCP > Network > Global Address > Approved
Take an action when a GCP Network global address is not approved based on GCP > Network > Global Address > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/globalAddressApproved
GCP > Network > Global Address > CMDB
Record and synchronize details for the GCP Network global address into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/globalAddressCmdb
GCP > Network > Global Address > Discovery
Discover GCP Network global address resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/globalAddressDiscovery
GCP > Network > Global Address > Usage
The Usage control determines whether the number of GCP Network global address resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Global Address > Usage
policy, and set the limit with the GCP > Network > Global Address > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/globalAddressUsage
GCP > Network > Global Forwarding Rule > Active
Take an action when an GCP Network global forwarding rule is not active based on theGCP > Network > Global Forwarding Rule > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Global Forwarding Rule > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/globalForwardingRuleActive
GCP > Network > Global Forwarding Rule > Approved
Take an action when a GCP Network global forwarding rule is not approved based on GCP > Network > Global Forwarding Rule > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/globalForwardingRuleApproved
GCP > Network > Global Forwarding Rule > CMDB
Record and synchronize details for the GCP Network global forwarding rule into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/globalForwardingRuleCmdb
GCP > Network > Global Forwarding Rule > Discovery
Discover GCP Network global forwarding rule resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/globalForwardingRuleDiscovery
GCP > Network > Global Forwarding Rule > Labels
Take an action when an GCP Network global forwarding rule labels is not updated based on the GCP > Network > Global Forwarding Rule > Labels > *
policies.
If the resource is not updated with the labels defined in GCP > Network > Global Forwarding Rule > Labels > Template
, this control raises an alarm and takes the defined enforcement action.
See Labels for more information.
tmod:@turbot/gcp-network#/control/types/globalForwardingRuleLabels
GCP > Network > Global Forwarding Rule > Usage
The Usage control determines whether the number of GCP Network global forwarding rule resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Global Forwarding Rule > Usage
policy, and set the limit with the GCP > Network > Global Forwarding Rule > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/globalForwardingRuleUsage
GCP > Network > Interconnect > Active
Take an action when an GCP Network interconnect is not active based on theGCP > Network > Interconnect > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Interconnect > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/interconnectActive
GCP > Network > Interconnect > Approved
Take an action when a GCP Network interconnect is not approved based on GCP > Network > Interconnect > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/interconnectApproved
GCP > Network > Interconnect > CMDB
Record and synchronize details for the GCP Network interconnect into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/interconnectCmdb
GCP > Network > Interconnect > Discovery
Discover GCP Network interconnect resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/interconnectDiscovery
GCP > Network > Interconnect > Usage
The Usage control determines whether the number of GCP Network interconnect resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Interconnect > Usage
policy, and set the limit with the GCP > Network > Interconnect > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/interconnectUsage
GCP > Network > Network > Active
Take an action when an GCP Network network is not active based on theGCP > Network > Network > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Network > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/networkActive
GCP > Network > Network > Approved
Take an action when a GCP Network network is not approved based on GCP > Network > Network > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/networkApproved
GCP > Network > Network > CMDB
Record and synchronize details for the GCP Network network into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/networkCmdb
GCP > Network > Network > Configured
Maintain network network configuration
tmod:@turbot/gcp-network#/control/types/networkConfigured
GCP > Network > Network > Discovery
Discover GCP Network network resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/networkDiscovery
GCP > Network > Network > Usage
The Usage control determines whether the number of GCP Network network resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Network > Usage
policy, and set the limit with the GCP > Network > Network > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/networkUsage
GCP > Network > Packet Mirroring > Active
Take an action when an GCP Network packet mirroring is not active based on theGCP > Network > Packet Mirroring > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Packet Mirroring > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/packetMirroringActive
GCP > Network > Packet Mirroring > Approved
Take an action when a GCP Network packet mirroring is not approved based on GCP > Network > Packet Mirroring > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/packetMirroringApproved
GCP > Network > Packet Mirroring > CMDB
Record and synchronize details for the GCP Network packet mirroring into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Packet Mirroring > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/packetMirroringCmdb
GCP > Network > Packet Mirroring > Discovery
Discover GCP Network packet mirroring resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Packet Mirroring > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/packetMirroringDiscovery
GCP > Network > Packet Mirroring > Usage
The Usage control determines whether the number of GCP Network packet mirroring resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Packet Mirroring > Usage
policy, and set the limit with the GCP > Network > Packet Mirroring > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/packetMirroringUsage
GCP > Network > Region Backend Service > Active
Take an action when an GCP Network region backend service is not active based on theGCP > Network > Region Backend Service > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Region Backend Service > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/regionBackendServiceActive
GCP > Network > Region Backend Service > Approved
Take an action when a GCP Network region backend service is not approved based on GCP > Network > Region Backend Service > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/regionBackendServiceApproved
GCP > Network > Region Backend Service > CMDB
Record and synchronize details for the GCP Network region backend service into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Region Backend Service > Regions
policy, the CMDB control will delete the
resource from the CMDB.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/regionBackendServiceCmdb
GCP > Network > Region Backend Service > Configured
Maintain network regionBackendService configuration
tmod:@turbot/gcp-network#/control/types/regionBackendServiceConfigured
GCP > Network > Region Backend Service > Discovery
Discover GCP Network region backend service resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Region Backend Service > Regions
policy, the CMDB
control will delete the resource from the CMDB.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/regionBackendServiceDiscovery
GCP > Network > Region Backend Service > Logging
Define the Logging settings required for GCP > Network > Region Backend Service > Logging
.
Region Backend Service Logging allows you to audit, verify, and analyze the effects of your Region Backend Service.
tmod:@turbot/gcp-network#/control/types/regionBackendServiceLogging
GCP > Network > Region Backend Service > Usage
The Usage control determines whether the number of GCP Network region backend service resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Region Backend Service > Usage
policy, and set the limit with the GCP > Network > Region Backend Service > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/regionBackendServiceUsage
GCP > Network > Region SSL Certificate > Active
Take an action when an GCP Network region ssl certificate is not active based on theGCP > Network > Region SSL Certificate > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Region SSL Certificate > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/regionSslCertificateActive
GCP > Network > Region SSL Certificate > Approved
Take an action when a GCP Network region ssl certificate is not approved based on GCP > Network > Region SSL Certificate > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/regionSslCertificateApproved
GCP > Network > Region SSL Certificate > CMDB
Record and synchronize details for the GCP Network region ssl certificate into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Region SSL Certificate > Regions
policy, the CMDB control will delete the
resource from the CMDB.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/regionSslCertificateCmdb
GCP > Network > Region SSL Certificate > Discovery
Discover GCP Network region ssl certificate resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Region SSL Certificate > Regions
policy, the CMDB
control will delete the resource from the CMDB.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/regionSslCertificateDiscovery
GCP > Network > Region SSL Certificate > Usage
The Usage control determines whether the number of GCP Network region ssl certificate resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the GCP > Network > Region SSL Certificate > Usage
policy, and set the limit with the GCP > Network > Region SSL Certificate > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/regionSslCertificateUsage
GCP > Network > Region Target HTTPS Proxy > Active
Take an action when an GCP Network region target https proxy is not active based on theGCP > Network > Region Target HTTPS Proxy > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Region Target HTTPS Proxy > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/regionTargetHttpsProxyActive
GCP > Network > Region Target HTTPS Proxy > Approved
Take an action when a GCP Network region target https proxy is not approved based on GCP > Network > Region Target HTTPS Proxy > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/regionTargetHttpsProxyApproved
GCP > Network > Region Target HTTPS Proxy > CMDB
Record and synchronize details for the GCP Network region target https proxy into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Region Target HTTPS Proxy > Regions
policy, the CMDB control will delete the
resource from the CMDB.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/regionTargetHttpsProxyCmdb
GCP > Network > Region Target HTTPS Proxy > Discovery
Discover GCP Network region target https proxy resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Region Target HTTPS Proxy > Regions
policy, the CMDB
control will delete the resource from the CMDB.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/regionTargetHttpsProxyDiscovery
GCP > Network > Region Target HTTPS Proxy > SSL Policy
Determine whether a GCP Network region target HTTPS proxy is using an allowed SSL policy.
If a region target HTTPS proxy is not using an allowed SSL policy and this policy is set toCheck: SSL policy in allowed list
, the control would raise an alarm.
tmod:@turbot/gcp-network#/control/types/regionTargetHttpsProxySslPolicy
GCP > Network > Region Target HTTPS Proxy > Usage
The Usage control determines whether the number of GCP Network region target https proxy resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the GCP > Network > Region Target HTTPS Proxy > Usage
policy, and set the limit with the GCP > Network > Region Target HTTPS Proxy > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/regionTargetHttpsProxyUsage
GCP > Network > Region URL Map > Active
Take an action when an GCP Network region url map is not active based on theGCP > Network > Region URL Map > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Region URL Map > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/regionUrlMapActive
GCP > Network > Region URL Map > Approved
Take an action when a GCP Network region url map is not approved based on GCP > Network > Region URL Map > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/regionUrlMapApproved
GCP > Network > Region URL Map > CMDB
Record and synchronize details for the GCP Network region url map into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Region URL Map > Regions
policy, the CMDB control will delete the
resource from the CMDB.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/regionUrlMapCmdb
GCP > Network > Region URL Map > Discovery
Discover GCP Network region url map resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Region URL Map > Regions
policy, the CMDB
control will delete the resource from the CMDB.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/regionUrlMapDiscovery
GCP > Network > Region URL Map > Usage
The Usage control determines whether the number of GCP Network region url map resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Region URL Map > Usage
policy, and set the limit with the GCP > Network > Region URL Map > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/regionUrlMapUsage
GCP > Network > Route > Active
Take an action when an GCP Network route is not active based on theGCP > Network > Route > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Route > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/routeActive
GCP > Network > Route > Approved
Take an action when a GCP Network route is not approved based on GCP > Network > Route > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/routeApproved
GCP > Network > Route > CMDB
Record and synchronize details for the GCP Network route into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/routeCmdb
GCP > Network > Route > Configured
Maintain network route configuration
tmod:@turbot/gcp-network#/control/types/routeConfigured
GCP > Network > Route > Discovery
Discover GCP Network route resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/routeDiscovery
GCP > Network > Route > Usage
The Usage control determines whether the number of GCP Network route resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the GCP > Network > Route > Usage
policy, and set the limit with the GCP > Network > Route > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/routeUsage
GCP > Network > Router > Active
Take an action when an GCP Network router is not active based on theGCP > Network > Router > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Router > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/routerActive
GCP > Network > Router > Approved
Take an action when a GCP Network router is not approved based on GCP > Network > Router > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/routerApproved
GCP > Network > Router > CMDB
Record and synchronize details for the GCP Network router into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Router > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/routerCmdb
GCP > Network > Router > Configured
Maintain network router configuration
tmod:@turbot/gcp-network#/control/types/routerConfigured
GCP > Network > Router > Discovery
Discover GCP Network router resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Router > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/routerDiscovery
GCP > Network > Router > Usage
The Usage control determines whether the number of GCP Network router resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the GCP > Network > Router > Usage
policy, and set the limit with the GCP > Network > Router > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/routerUsage
GCP > Network > SSL Certificate > Active
Take an action when an GCP Network ssl certificate is not active based on theGCP > Network > SSL Certificate > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > SSL Certificate > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/sslCertificateActive
GCP > Network > SSL Certificate > Approved
Take an action when a GCP Network ssl certificate is not approved based on GCP > Network > SSL Certificate > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/sslCertificateApproved
GCP > Network > SSL Certificate > CMDB
Record and synchronize details for the GCP Network ssl certificate into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/sslCertificateCmdb
GCP > Network > SSL Certificate > Discovery
Discover GCP Network ssl certificate resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/sslCertificateDiscovery
GCP > Network > SSL Certificate > Usage
The Usage control determines whether the number of GCP Network ssl certificate resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > SSL Certificate > Usage
policy, and set the limit with the GCP > Network > SSL Certificate > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/sslCertificateUsage
GCP > Network > SSL Policy > Active
Take an action when an GCP Network ssl policy is not active based on theGCP > Network > SSL Policy > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > SSL Policy > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/sslPolicyActive
GCP > Network > SSL Policy > Approved
Take an action when a GCP Network ssl policy is not approved based on GCP > Network > SSL Policy > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/sslPolicyApproved
GCP > Network > SSL Policy > CMDB
Record and synchronize details for the GCP Network ssl policy into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
This control will automatically re-run every 1 hour because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/sslPolicyCmdb
GCP > Network > SSL Policy > Discovery
Discover GCP Network ssl policy resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/sslPolicyDiscovery
GCP > Network > SSL Policy > Minimum TLS Version
Determine the action to take when a GCP Network SSL policy is not using the minimum
version of SSL protocol to establish a connection.
tmod:@turbot/gcp-network#/control/types/sslPolicyMinimumTlsVersion
GCP > Network > SSL Policy > Profile
Determine the action to take when a GCP Network SSL policy is
not using the recommended profile which sets the features used
in negotiating SSL with clients.
tmod:@turbot/gcp-network#/control/types/sslPolicyProfile
GCP > Network > SSL Policy > Usage
The Usage control determines whether the number of GCP Network ssl policy resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > SSL Policy > Usage
policy, and set the limit with the GCP > Network > SSL Policy > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/sslPolicyUsage
GCP > Network > Subnetwork > Active
Take an action when an GCP Network subnetwork is not active based on theGCP > Network > Subnetwork > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Subnetwork > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/subnetworkActive
GCP > Network > Subnetwork > Approved
Take an action when a GCP Network subnetwork is not approved based on GCP > Network > Subnetwork > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/subnetworkApproved
GCP > Network > Subnetwork > CMDB
Record and synchronize details for the GCP Network subnetwork into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Subnetwork > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/subnetworkCmdb
GCP > Network > Subnetwork > Configured
Maintain network subnetwork configuration
tmod:@turbot/gcp-network#/control/types/subnetworkConfigured
GCP > Network > Subnetwork > Discovery
Discover GCP Network subnetwork resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Subnetwork > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/subnetworkDiscovery
GCP > Network > Subnetwork > Policy
tmod:@turbot/gcp-network#/control/types/subnetworkPolicy
GCP > Network > Subnetwork > Policy > Trusted Access
Take an action when GCP Network Subnetwork policy is not trusted based on theGCP > Network > Subnetwork > Trusted Access > *
policies.
The Trusted Access control evaluates the IAM policy against the list of allowed
members in each of the Trusted Access sub-policies (Trusted Access > Domains,
Trusted Access > Groups, etc)., this control raises an alarm and takes the
defined enforcement action.
If set to "Enforce: Trusted Access > *", access to non-trusted
members will be removed.
tmod:@turbot/gcp-network#/control/types/subnetworkPolicyTrustedAccess
GCP > Network > Subnetwork > Usage
The Usage control determines whether the number of GCP Network subnetwork resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the GCP > Network > Subnetwork > Usage
policy, and set the limit with the GCP > Network > Subnetwork > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/subnetworkUsage
GCP > Network > Target HTTPS Proxy > Active
Take an action when an GCP Network target https proxy is not active based on theGCP > Network > Target HTTPS Proxy > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Target HTTPS Proxy > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/targetHttpsProxyActive
GCP > Network > Target HTTPS Proxy > Approved
Take an action when a GCP Network target https proxy is not approved based on GCP > Network > Target HTTPS Proxy > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/targetHttpsProxyApproved
GCP > Network > Target HTTPS Proxy > CMDB
Record and synchronize details for the GCP Network target https proxy into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/targetHttpsProxyCmdb
GCP > Network > Target HTTPS Proxy > Discovery
Discover GCP Network target https proxy resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/targetHttpsProxyDiscovery
GCP > Network > Target HTTPS Proxy > SSL Policy
Determine the action to take when an GCP Network target HTTPS proxy is not using an
allowed SSL policy.
If a target HTTPS proxy is not using an allowed SSL policy and this policy is set toEnforce: Set to default if SSL policy not in allowed list
, the target HTTPS proxy will be updated to use
the SSL policy selected in the GCP > Network > Target HTTPS Proxy > SSL Policy > Default
policy.
If the SSL policy in the GCP > Network > Target HTTPS Proxy > SSL Policy > Default
policy is not allowed
in the GCP > Network > Target HTTPS Proxy > SSL Policy > Allowed
policy, Guardrails will not attempt to set
the SSL policy to prevent continuous updates.
tmod:@turbot/gcp-network#/control/types/targetHttpsProxySslPolicy
GCP > Network > Target HTTPS Proxy > Usage
The Usage control determines whether the number of GCP Network target https proxy resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Target HTTPS Proxy > Usage
policy, and set the limit with the GCP > Network > Target HTTPS Proxy > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/targetHttpsProxyUsage
GCP > Network > Target Pool > Active
Take an action when an GCP Network target pool is not active based on theGCP > Network > Target Pool > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Target Pool > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/targetPoolActive
GCP > Network > Target Pool > Approved
Take an action when a GCP Network target pool is not approved based on GCP > Network > Target Pool > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/targetPoolApproved
GCP > Network > Target Pool > CMDB
Record and synchronize details for the GCP Network target pool into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Target Pool > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/targetPoolCmdb
GCP > Network > Target Pool > Discovery
Discover GCP Network target pool resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Target Pool > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/targetPoolDiscovery
GCP > Network > Target Pool > Usage
The Usage control determines whether the number of GCP Network target pool resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Target Pool > Usage
policy, and set the limit with the GCP > Network > Target Pool > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/targetPoolUsage
GCP > Network > Target SSL Proxy > Active
Take an action when an GCP Network target ssl proxy is not active based on theGCP > Network > Target SSL Proxy > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Target SSL Proxy > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/targetSslProxyActive
GCP > Network > Target SSL Proxy > Approved
Take an action when a GCP Network target ssl proxy is not approved based on GCP > Network > Target SSL Proxy > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/targetSslProxyApproved
GCP > Network > Target SSL Proxy > CMDB
Record and synchronize details for the GCP Network target ssl proxy into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/targetSslProxyCmdb
GCP > Network > Target SSL Proxy > Discovery
Discover GCP Network target ssl proxy resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/targetSslProxyDiscovery
GCP > Network > Target SSL Proxy > SSL Policy
Determine the action to take when an GCP Network target SSL proxy is not using
an allowed SSL policy.
If a target SSL proxy is not using an allowed SSL policy and this policy is set toEnforce: Set to default if SSL policy not in allowed list
, the target SSL proxy will be updated
to use the SSL policy selected in the GCP > Network > Target SSL Proxy > SSL Policy > Default
policy.
If the SSL policy in the GCP > Network > Target SSL Proxy > SSL Policy > Default
policy is
not allowed in the GCP > Network > Target SSL Proxy > SSL Policy > Allowed
policy, Guardrails will
not attempt to set the SSL policy to prevent continuous updates.
tmod:@turbot/gcp-network#/control/types/targetSslProxySslPolicy
GCP > Network > Target SSL Proxy > Usage
The Usage control determines whether the number of GCP Network target ssl proxy resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Target SSL Proxy > Usage
policy, and set the limit with the GCP > Network > Target SSL Proxy > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/targetSslProxyUsage
GCP > Network > Target TCP Proxy > Active
Take an action when an GCP Network target tcp proxy is not active based on theGCP > Network > Target TCP Proxy > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Target TCP Proxy > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/targetTcpProxyActive
GCP > Network > Target TCP Proxy > Approved
Take an action when a GCP Network target tcp proxy is not approved based on GCP > Network > Target TCP Proxy > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/targetTcpProxyApproved
GCP > Network > Target TCP Proxy > CMDB
Record and synchronize details for the GCP Network target tcp proxy into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/targetTcpProxyCmdb
GCP > Network > Target TCP Proxy > Discovery
Discover GCP Network target tcp proxy resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.
tmod:@turbot/gcp-network#/control/types/targetTcpProxyDiscovery
GCP > Network > Target TCP Proxy > Usage
The Usage control determines whether the number of GCP Network target tcp proxy resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > Target TCP Proxy > Usage
policy, and set the limit with the GCP > Network > Target TCP Proxy > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/targetTcpProxyUsage
GCP > Network > Target VPN Gateway > Active
Take an action when an GCP Network target vpn gateway is not active based on theGCP > Network > Target VPN Gateway > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Target VPN Gateway > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/targetVpnGatewayActive
GCP > Network > Target VPN Gateway > Approved
Take an action when a GCP Network target vpn gateway is not approved based on GCP > Network > Target VPN Gateway > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/targetVpnGatewayApproved
GCP > Network > Target VPN Gateway > CMDB
Record and synchronize details for the GCP Network target vpn gateway into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Target VPN Gateway > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/targetVpnGatewayCmdb
GCP > Network > Target VPN Gateway > Configured
Maintain network Target VPN Gateway configuration
tmod:@turbot/gcp-network#/control/types/targetVpnGatewayConfigured
GCP > Network > Target VPN Gateway > Discovery
Discover GCP Network target vpn gateway resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Target VPN Gateway > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/targetVpnGatewayDiscovery
GCP > Network > Target VPN Gateway > Usage
The Usage control determines whether the number of GCP Network target vpn gateway resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the GCP > Network > Target VPN Gateway > Usage
policy, and set the limit with the GCP > Network > Target VPN Gateway > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/targetVpnGatewayUsage
GCP > Network > URL Map > Active
Take an action when an GCP Network url map is not active based on theGCP > Network > URL Map > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > URL Map > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/urlMapActive
GCP > Network > URL Map > Approved
Take an action when a GCP Network url map is not approved based on GCP > Network > URL Map > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/urlMapApproved
GCP > Network > URL Map > CMDB
Record and synchronize details for the GCP Network url map into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-network#/control/types/urlMapCmdb
GCP > Network > URL Map > Discovery
Discover GCP Network url map resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-network#/control/types/urlMapDiscovery
GCP > Network > URL Map > Usage
The Usage control determines whether the number of GCP Network url map resources exceeds the configured usage limit for this project.
You can configure the behavior of this control with the GCP > Network > URL Map > Usage
policy, and set the limit with the GCP > Network > URL Map > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/urlMapUsage
GCP > Network > VPN Tunnel > Active
Take an action when an GCP Network vpn tunnel is not active based on theGCP > Network > VPN Tunnel > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Network > VPN Tunnel > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-network#/control/types/vpnTunnelActive
GCP > Network > VPN Tunnel > Approved
Take an action when a GCP Network vpn tunnel is not approved based on GCP > Network > VPN Tunnel > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-network#/control/types/vpnTunnelApproved
GCP > Network > VPN Tunnel > CMDB
Record and synchronize details for the GCP Network vpn tunnel into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > VPN Tunnel > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/vpnTunnelCmdb
GCP > Network > VPN Tunnel > Configured
Maintain network vpnTunnel configuration
tmod:@turbot/gcp-network#/control/types/vpnTunnelConfigured
GCP > Network > VPN Tunnel > Discovery
Discover GCP Network vpn tunnel resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > VPN Tunnel > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-network#/control/types/vpnTunnelDiscovery
GCP > Network > VPN Tunnel > Labels
Take an action when an GCP Network vpn tunnel labels is not updated based on the GCP > Network > VPN Tunnel > Labels > *
policies.
If the resource is not updated with the labels defined in GCP > Network > VPN Tunnel > Labels > Template
, this control raises an alarm and takes the defined enforcement action.
See Labels for more information.
tmod:@turbot/gcp-network#/control/types/vpnTunnelLabels
GCP > Network > VPN Tunnel > Usage
The Usage control determines whether the number of GCP Network vpn tunnel resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the GCP > Network > VPN Tunnel > Usage
policy, and set the limit with the GCP > Network > VPN Tunnel > Usage > Limit
policy.
tmod:@turbot/gcp-network#/control/types/vpnTunnelUsage