Control types for @turbot/gcp-network

• GCP > Network > API Enabled
• GCP > Network > Address > Active
• GCP > Network > Address > Approved
• GCP > Network > Address > CMDB
• GCP > Network > Address > Configured
• GCP > Network > Address > Discovery
• GCP > Network > Address > Usage
• GCP > Network > Backend Bucket > Active
• GCP > Network > Backend Bucket > Approved
• GCP > Network > Backend Bucket > CMDB
• GCP > Network > Backend Bucket > Configured
• GCP > Network > Backend Bucket > Discovery
• GCP > Network > Backend Bucket > Usage
• GCP > Network > Backend Service > Active
• GCP > Network > Backend Service > Approved
• GCP > Network > Backend Service > CMDB
• GCP > Network > Backend Service > Configured
• GCP > Network > Backend Service > Discovery
• GCP > Network > Backend Service > Logging
• GCP > Network > Backend Service > Usage
• GCP > Network > CMDB
• GCP > Network > Discovery
• GCP > Network > Firewall > Active
• GCP > Network > Firewall > Approved
• GCP > Network > Firewall > CMDB
• GCP > Network > Firewall > Configured
• GCP > Network > Firewall > Discovery
• GCP > Network > Firewall > Ingress Rules
• GCP > Network > Firewall > Ingress Rules > Approved
• GCP > Network > Firewall > Logging
• GCP > Network > Firewall > Usage
• GCP > Network > Forwarding Rule > Active
• GCP > Network > Forwarding Rule > Approved
• GCP > Network > Forwarding Rule > CMDB
• GCP > Network > Forwarding Rule > Discovery
• GCP > Network > Forwarding Rule > Labels
• GCP > Network > Forwarding Rule > Usage
• GCP > Network > Global Address > Active
• GCP > Network > Global Address > Approved
• GCP > Network > Global Address > CMDB
• GCP > Network > Global Address > Discovery
• GCP > Network > Global Address > Usage
• GCP > Network > Global Forwarding Rule > Active
• GCP > Network > Global Forwarding Rule > Approved
• GCP > Network > Global Forwarding Rule > CMDB
• GCP > Network > Global Forwarding Rule > Discovery
• GCP > Network > Global Forwarding Rule > Labels
• GCP > Network > Global Forwarding Rule > Usage
• GCP > Network > Interconnect > Active
• GCP > Network > Interconnect > Approved
• GCP > Network > Interconnect > CMDB
• GCP > Network > Interconnect > Discovery
• GCP > Network > Interconnect > Usage
• GCP > Network > Network > Active
• GCP > Network > Network > Approved
• GCP > Network > Network > CMDB
• GCP > Network > Network > Configured
• GCP > Network > Network > Discovery
• GCP > Network > Network > Usage
• GCP > Network > Packet Mirroring > Active
• GCP > Network > Packet Mirroring > Approved
• GCP > Network > Packet Mirroring > CMDB
• GCP > Network > Packet Mirroring > Discovery
• GCP > Network > Packet Mirroring > Usage
• GCP > Network > Region Backend Service > Active
• GCP > Network > Region Backend Service > Approved
• GCP > Network > Region Backend Service > CMDB
• GCP > Network > Region Backend Service > Configured
• GCP > Network > Region Backend Service > Discovery
• GCP > Network > Region Backend Service > Logging
• GCP > Network > Region Backend Service > Usage
• GCP > Network > Region SSL Certificate > Active
• GCP > Network > Region SSL Certificate > Approved
• GCP > Network > Region SSL Certificate > CMDB
• GCP > Network > Region SSL Certificate > Discovery
• GCP > Network > Region SSL Certificate > Usage
• GCP > Network > Region Target HTTPS Proxy > Active
• GCP > Network > Region Target HTTPS Proxy > Approved
• GCP > Network > Region Target HTTPS Proxy > CMDB
• GCP > Network > Region Target HTTPS Proxy > Discovery
• GCP > Network > Region Target HTTPS Proxy > SSL Policy
• GCP > Network > Region Target HTTPS Proxy > Usage
• GCP > Network > Region URL Map > Active
• GCP > Network > Region URL Map > Approved
• GCP > Network > Region URL Map > CMDB
• GCP > Network > Region URL Map > Discovery
• GCP > Network > Region URL Map > Usage
• GCP > Network > Route > Active
• GCP > Network > Route > Approved
• GCP > Network > Route > CMDB
• GCP > Network > Route > Configured
• GCP > Network > Route > Discovery
• GCP > Network > Route > Usage
• GCP > Network > Router > Active
• GCP > Network > Router > Approved
• GCP > Network > Router > CMDB
• GCP > Network > Router > Configured
• GCP > Network > Router > Discovery
• GCP > Network > Router > Usage
• GCP > Network > SSL Certificate > Active
• GCP > Network > SSL Certificate > Approved
• GCP > Network > SSL Certificate > CMDB
• GCP > Network > SSL Certificate > Discovery
• GCP > Network > SSL Certificate > Usage
• GCP > Network > SSL Policy > Active
• GCP > Network > SSL Policy > Approved
• GCP > Network > SSL Policy > CMDB
• GCP > Network > SSL Policy > Discovery
• GCP > Network > SSL Policy > Minimum TLS Version
• GCP > Network > SSL Policy > Profile
• GCP > Network > SSL Policy > Usage
• GCP > Network > Subnetwork > Active
• GCP > Network > Subnetwork > Approved
• GCP > Network > Subnetwork > CMDB
• GCP > Network > Subnetwork > Configured
• GCP > Network > Subnetwork > Discovery
• GCP > Network > Subnetwork > Policy
• GCP > Network > Subnetwork > Policy > Trusted Access
• GCP > Network > Subnetwork > Usage
• GCP > Network > Target HTTPS Proxy > Active
• GCP > Network > Target HTTPS Proxy > Approved
• GCP > Network > Target HTTPS Proxy > CMDB
• GCP > Network > Target HTTPS Proxy > Discovery
• GCP > Network > Target HTTPS Proxy > SSL Policy
• GCP > Network > Target HTTPS Proxy > Usage
• GCP > Network > Target Pool > Active
• GCP > Network > Target Pool > Approved
• GCP > Network > Target Pool > CMDB
• GCP > Network > Target Pool > Discovery
• GCP > Network > Target Pool > Usage
• GCP > Network > Target SSL Proxy > Active
• GCP > Network > Target SSL Proxy > Approved
• GCP > Network > Target SSL Proxy > CMDB
• GCP > Network > Target SSL Proxy > Discovery
• GCP > Network > Target SSL Proxy > SSL Policy
• GCP > Network > Target SSL Proxy > Usage
• GCP > Network > Target TCP Proxy > Active
• GCP > Network > Target TCP Proxy > Approved
• GCP > Network > Target TCP Proxy > CMDB
• GCP > Network > Target TCP Proxy > Discovery
• GCP > Network > Target TCP Proxy > Usage
• GCP > Network > Target VPN Gateway > Active
• GCP > Network > Target VPN Gateway > Approved
• GCP > Network > Target VPN Gateway > CMDB
• GCP > Network > Target VPN Gateway > Configured
• GCP > Network > Target VPN Gateway > Discovery
• GCP > Network > Target VPN Gateway > Usage
• GCP > Network > URL Map > Active
• GCP > Network > URL Map > Approved
• GCP > Network > URL Map > CMDB
• GCP > Network > URL Map > Discovery
• GCP > Network > URL Map > Usage
• GCP > Network > VPN Tunnel > Active
• GCP > Network > VPN Tunnel > Approved
• GCP > Network > VPN Tunnel > CMDB
• GCP > Network > VPN Tunnel > Configured
• GCP > Network > VPN Tunnel > Discovery
• GCP > Network > VPN Tunnel > Labels
• GCP > Network > VPN Tunnel > Usage

GCP > Network > API Enabled

Configure whether the GCP Network API is enabled.

GCP > Network > Address > Active

Take an action when an GCP Network address is not active based on the
GCP > Network > Address > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Address > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Address > Approved

Take an action when a GCP Network address is not approved based on GCP > Network > Address > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Address > CMDB

Record and synchronize details for the GCP Network address into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Address > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Network > Address > Configured

Maintain network address configuration

GCP > Network > Address > Discovery

Discover GCP Network address resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Address > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Network > Address > Usage

The Usage control determines whether the number of GCP Network address resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the GCP > Network > Address > Usage policy, and set the limit with the GCP > Network > Address > Usage > Limit policy.

GCP > Network > Backend Bucket > Active

Take an action when an GCP Network backend bucket is not active based on the
GCP > Network > Backend Bucket > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Backend Bucket > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Backend Bucket > Approved

Take an action when a GCP Network backend bucket is not approved based on GCP > Network > Backend Bucket > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Backend Bucket > CMDB

Record and synchronize details for the GCP Network backend bucket into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > Backend Bucket > Configured

Maintain network backendBucket configuration

GCP > Network > Backend Bucket > Discovery

Discover GCP Network backend bucket resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Backend Bucket > Usage

The Usage control determines whether the number of GCP Network backend bucket resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Backend Bucket > Usage policy, and set the limit with the GCP > Network > Backend Bucket > Usage > Limit policy.

GCP > Network > Backend Service > Active

Take an action when an GCP Network backend service is not active based on the
GCP > Network > Backend Service > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Backend Service > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Backend Service > Approved

Take an action when a GCP Network backend service is not approved based on GCP > Network > Backend Service > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Backend Service > CMDB

Record and synchronize details for the GCP Network backend service into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > Backend Service > Configured

Maintain network backendService configuration

GCP > Network > Backend Service > Discovery

Discover GCP Network backend service resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Backend Service > Logging

Define the Logging settings required for GCP > Network > Backend Service > Logging.

Backend Service Logging allows you to audit, verify, and analyze the effects of your Backend Service.

GCP > Network > Backend Service > Usage

The Usage control determines whether the number of GCP Network backend service resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Backend Service > Usage policy, and set the limit with the GCP > Network > Backend Service > Usage > Limit policy.

GCP > Network > CMDB

Record and synchronize details for the GCP Network into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > Discovery

Discover GCP Network resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Firewall > Active

Take an action when an GCP Network firewall is not active based on the
GCP > Network > Firewall > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Firewall > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Firewall > Approved

Take an action when a GCP Network firewall is not approved based on GCP > Network > Firewall > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Firewall > CMDB

Record and synchronize details for the GCP Network firewall into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > Firewall > Configured

Maintain network firewall configuration

GCP > Network > Firewall > Discovery

Discover GCP Network firewall resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Firewall > Ingress Rules

GCP > Network > Firewall > Ingress Rules > Approved

Configure Firewall Ingress Rule checking. This control defines whether
to verify the firewall ingress rules are approved, as well as the
subsequent action to take on unapproved items.

If set to Enforce: Delete unapproved, any unapproved rules will be
revoked from the firewall.

GCP > Network > Firewall > Logging

Define the Logging settings required for GCP > Network > Firewall > Logging.

Firewall Rules Logging allows you to audit, verify, and analyze the effects of your firewall rules.

Note: Turning on firewall logs can generate a large number of logs which can increase costs in Stackdriver.

GCP > Network > Firewall > Usage

The Usage control determines whether the number of GCP Network firewall resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Firewall > Usage policy, and set the limit with the GCP > Network > Firewall > Usage > Limit policy.

GCP > Network > Forwarding Rule > Active

Take an action when an GCP Network forwarding rule is not active based on the
GCP > Network > Forwarding Rule > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Forwarding Rule > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Forwarding Rule > Approved

Take an action when a GCP Network forwarding rule is not approved based on GCP > Network > Forwarding Rule > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Forwarding Rule > CMDB

Record and synchronize details for the GCP Network forwarding rule into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Forwarding Rule > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Network > Forwarding Rule > Discovery

Discover GCP Network forwarding rule resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Forwarding Rule > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Network > Forwarding Rule > Labels

Take an action when an GCP Network forwarding rule labels is not updated based on the GCP > Network > Forwarding Rule > Labels > * policies.

If the resource is not updated with the labels defined in GCP > Network > Forwarding Rule > Labels > Template, this control raises an alarm and takes the defined enforcement action.

See Labels for more information.

GCP > Network > Forwarding Rule > Usage

The Usage control determines whether the number of GCP Network forwarding rule resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Forwarding Rule > Usage policy, and set the limit with the GCP > Network > Forwarding Rule > Usage > Limit policy.

GCP > Network > Global Address > Active

Take an action when an GCP Network global address is not active based on the
GCP > Network > Global Address > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Global Address > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Global Address > Approved

Take an action when a GCP Network global address is not approved based on GCP > Network > Global Address > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Global Address > CMDB

Record and synchronize details for the GCP Network global address into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > Global Address > Discovery

Discover GCP Network global address resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Global Address > Usage

The Usage control determines whether the number of GCP Network global address resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Global Address > Usage policy, and set the limit with the GCP > Network > Global Address > Usage > Limit policy.

GCP > Network > Global Forwarding Rule > Active

Take an action when an GCP Network global forwarding rule is not active based on the
GCP > Network > Global Forwarding Rule > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Global Forwarding Rule > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Global Forwarding Rule > Approved

Take an action when a GCP Network global forwarding rule is not approved based on GCP > Network > Global Forwarding Rule > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Global Forwarding Rule > CMDB

Record and synchronize details for the GCP Network global forwarding rule into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > Global Forwarding Rule > Discovery

Discover GCP Network global forwarding rule resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Global Forwarding Rule > Labels

Take an action when an GCP Network global forwarding rule labels is not updated based on the GCP > Network > Global Forwarding Rule > Labels > * policies.

If the resource is not updated with the labels defined in GCP > Network > Global Forwarding Rule > Labels > Template, this control raises an alarm and takes the defined enforcement action.

See Labels for more information.

GCP > Network > Global Forwarding Rule > Usage

The Usage control determines whether the number of GCP Network global forwarding rule resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Global Forwarding Rule > Usage policy, and set the limit with the GCP > Network > Global Forwarding Rule > Usage > Limit policy.

GCP > Network > Interconnect > Active

Take an action when an GCP Network interconnect is not active based on the
GCP > Network > Interconnect > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Interconnect > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Interconnect > Approved

Take an action when a GCP Network interconnect is not approved based on GCP > Network > Interconnect > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Interconnect > CMDB

Record and synchronize details for the GCP Network interconnect into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Interconnect > Discovery

Discover GCP Network interconnect resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Interconnect > Usage

The Usage control determines whether the number of GCP Network interconnect resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Interconnect > Usage policy, and set the limit with the GCP > Network > Interconnect > Usage > Limit policy.

GCP > Network > Network > Active

Take an action when an GCP Network network is not active based on the
GCP > Network > Network > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Network > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Network > Approved

Take an action when a GCP Network network is not approved based on GCP > Network > Network > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Network > CMDB

Record and synchronize details for the GCP Network network into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > Network > Configured

Maintain network network configuration

GCP > Network > Network > Discovery

Discover GCP Network network resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Network > Usage

The Usage control determines whether the number of GCP Network network resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Network > Usage policy, and set the limit with the GCP > Network > Network > Usage > Limit policy.

GCP > Network > Packet Mirroring > Active

Take an action when an GCP Network packet mirroring is not active based on the
GCP > Network > Packet Mirroring > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Packet Mirroring > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Packet Mirroring > Approved

Take an action when a GCP Network packet mirroring is not approved based on GCP > Network > Packet Mirroring > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Packet Mirroring > CMDB

Record and synchronize details for the GCP Network packet mirroring into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Packet Mirroring > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Network > Packet Mirroring > Discovery

Discover GCP Network packet mirroring resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Packet Mirroring > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Network > Packet Mirroring > Usage

The Usage control determines whether the number of GCP Network packet mirroring resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Packet Mirroring > Usage policy, and set the limit with the GCP > Network > Packet Mirroring > Usage > Limit policy.

GCP > Network > Region Backend Service > Active

Take an action when an GCP Network region backend service is not active based on the
GCP > Network > Region Backend Service > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Region Backend Service > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Region Backend Service > Approved

Take an action when a GCP Network region backend service is not approved based on GCP > Network > Region Backend Service > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Region Backend Service > CMDB

Record and synchronize details for the GCP Network region backend service into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Region Backend Service > Regions policy, the CMDB control will delete the
resource from the CMDB.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Region Backend Service > Configured

Maintain network regionBackendService configuration

GCP > Network > Region Backend Service > Discovery

Discover GCP Network region backend service resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Region Backend Service > Regions policy, the CMDB
control will delete the resource from the CMDB.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Region Backend Service > Logging

Define the Logging settings required for GCP > Network > Region Backend Service > Logging.

Region Backend Service Logging allows you to audit, verify, and analyze the effects of your Region Backend Service.

GCP > Network > Region Backend Service > Usage

The Usage control determines whether the number of GCP Network region backend service resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Region Backend Service > Usage policy, and set the limit with the GCP > Network > Region Backend Service > Usage > Limit policy.

GCP > Network > Region SSL Certificate > Active

Take an action when an GCP Network region ssl certificate is not active based on the
GCP > Network > Region SSL Certificate > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Region SSL Certificate > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Region SSL Certificate > Approved

Take an action when a GCP Network region ssl certificate is not approved based on GCP > Network > Region SSL Certificate > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Region SSL Certificate > CMDB

Record and synchronize details for the GCP Network region ssl certificate into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Region SSL Certificate > Regions policy, the CMDB control will delete the
resource from the CMDB.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Region SSL Certificate > Discovery

Discover GCP Network region ssl certificate resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Region SSL Certificate > Regions policy, the CMDB
control will delete the resource from the CMDB.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Region SSL Certificate > Usage

The Usage control determines whether the number of GCP Network region ssl certificate resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the GCP > Network > Region SSL Certificate > Usage policy, and set the limit with the GCP > Network > Region SSL Certificate > Usage > Limit policy.

GCP > Network > Region Target HTTPS Proxy > Active

Take an action when an GCP Network region target https proxy is not active based on the
GCP > Network > Region Target HTTPS Proxy > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Region Target HTTPS Proxy > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Region Target HTTPS Proxy > Approved

Take an action when a GCP Network region target https proxy is not approved based on GCP > Network > Region Target HTTPS Proxy > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Region Target HTTPS Proxy > CMDB

Record and synchronize details for the GCP Network region target https proxy into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Region Target HTTPS Proxy > Regions policy, the CMDB control will delete the
resource from the CMDB.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Region Target HTTPS Proxy > Discovery

Discover GCP Network region target https proxy resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Region Target HTTPS Proxy > Regions policy, the CMDB
control will delete the resource from the CMDB.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Region Target HTTPS Proxy > SSL Policy

Determine whether a GCP Network region target HTTPS proxy is using an allowed SSL policy.

If a region target HTTPS proxy is not using an allowed SSL policy and this policy is set to
Check: SSL policy in allowed list, the control would raise an alarm.

GCP > Network > Region Target HTTPS Proxy > Usage

The Usage control determines whether the number of GCP Network region target https proxy resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the GCP > Network > Region Target HTTPS Proxy > Usage policy, and set the limit with the GCP > Network > Region Target HTTPS Proxy > Usage > Limit policy.

GCP > Network > Region URL Map > Active

Take an action when an GCP Network region url map is not active based on the
GCP > Network > Region URL Map > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Region URL Map > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Region URL Map > Approved

Take an action when a GCP Network region url map is not approved based on GCP > Network > Region URL Map > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Region URL Map > CMDB

Record and synchronize details for the GCP Network region url map into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Region URL Map > Regions policy, the CMDB control will delete the
resource from the CMDB.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Region URL Map > Discovery

Discover GCP Network region url map resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Region URL Map > Regions policy, the CMDB
control will delete the resource from the CMDB.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Region URL Map > Usage

The Usage control determines whether the number of GCP Network region url map resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Region URL Map > Usage policy, and set the limit with the GCP > Network > Region URL Map > Usage > Limit policy.

GCP > Network > Route > Active

Take an action when an GCP Network route is not active based on the
GCP > Network > Route > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Route > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Route > Approved

Take an action when a GCP Network route is not approved based on GCP > Network > Route > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Route > CMDB

Record and synchronize details for the GCP Network route into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > Route > Configured

Maintain network route configuration

GCP > Network > Route > Discovery

Discover GCP Network route resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Route > Usage

The Usage control determines whether the number of GCP Network route resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the GCP > Network > Route > Usage policy, and set the limit with the GCP > Network > Route > Usage > Limit policy.

GCP > Network > Router > Active

Take an action when an GCP Network router is not active based on the
GCP > Network > Router > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Router > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Router > Approved

Take an action when a GCP Network router is not approved based on GCP > Network > Router > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Router > CMDB

Record and synchronize details for the GCP Network router into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Router > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Network > Router > Configured

Maintain network router configuration

GCP > Network > Router > Discovery

Discover GCP Network router resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Router > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Network > Router > Usage

The Usage control determines whether the number of GCP Network router resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the GCP > Network > Router > Usage policy, and set the limit with the GCP > Network > Router > Usage > Limit policy.

GCP > Network > SSL Certificate > Active

Take an action when an GCP Network ssl certificate is not active based on the
GCP > Network > SSL Certificate > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > SSL Certificate > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > SSL Certificate > Approved

Take an action when a GCP Network ssl certificate is not approved based on GCP > Network > SSL Certificate > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > SSL Certificate > CMDB

Record and synchronize details for the GCP Network ssl certificate into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > SSL Certificate > Discovery

Discover GCP Network ssl certificate resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > SSL Certificate > Usage

The Usage control determines whether the number of GCP Network ssl certificate resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > SSL Certificate > Usage policy, and set the limit with the GCP > Network > SSL Certificate > Usage > Limit policy.

GCP > Network > SSL Policy > Active

Take an action when an GCP Network ssl policy is not active based on the
GCP > Network > SSL Policy > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > SSL Policy > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > SSL Policy > Approved

Take an action when a GCP Network ssl policy is not approved based on GCP > Network > SSL Policy > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > SSL Policy > CMDB

Record and synchronize details for the GCP Network ssl policy into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

This control will automatically re-run every 1 hour because GCP does not currently support real-time events for this resource type.

GCP > Network > SSL Policy > Discovery

Discover GCP Network ssl policy resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > SSL Policy > Minimum TLS Version

Determine the action to take when a GCP Network SSL policy is not using the minimum
version of SSL protocol to establish a connection.

GCP > Network > SSL Policy > Profile

Determine the action to take when a GCP Network SSL policy is
not using the recommended profile which sets the features used
in negotiating SSL with clients.

GCP > Network > SSL Policy > Usage

The Usage control determines whether the number of GCP Network ssl policy resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > SSL Policy > Usage policy, and set the limit with the GCP > Network > SSL Policy > Usage > Limit policy.

GCP > Network > Subnetwork > Active

Take an action when an GCP Network subnetwork is not active based on the
GCP > Network > Subnetwork > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Subnetwork > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Subnetwork > Approved

Take an action when a GCP Network subnetwork is not approved based on GCP > Network > Subnetwork > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Subnetwork > CMDB

Record and synchronize details for the GCP Network subnetwork into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Subnetwork > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Network > Subnetwork > Configured

Maintain network subnetwork configuration

GCP > Network > Subnetwork > Discovery

Discover GCP Network subnetwork resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Subnetwork > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Network > Subnetwork > Policy

GCP > Network > Subnetwork > Policy > Trusted Access

Take an action when GCP Network Subnetwork policy is not trusted based on the
GCP > Network > Subnetwork > Trusted Access > * policies.

The Trusted Access control evaluates the IAM policy against the list of allowed
members in each of the Trusted Access sub-policies (Trusted Access > Domains,
Trusted Access > Groups, etc)., this control raises an alarm and takes the
defined enforcement action.

If set to "Enforce: Trusted Access > *", access to non-trusted
members will be removed.

GCP > Network > Subnetwork > Usage

The Usage control determines whether the number of GCP Network subnetwork resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the GCP > Network > Subnetwork > Usage policy, and set the limit with the GCP > Network > Subnetwork > Usage > Limit policy.

GCP > Network > Target HTTPS Proxy > Active

Take an action when an GCP Network target https proxy is not active based on the
GCP > Network > Target HTTPS Proxy > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Target HTTPS Proxy > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Target HTTPS Proxy > Approved

Take an action when a GCP Network target https proxy is not approved based on GCP > Network > Target HTTPS Proxy > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Target HTTPS Proxy > CMDB

Record and synchronize details for the GCP Network target https proxy into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > Target HTTPS Proxy > Discovery

Discover GCP Network target https proxy resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Target HTTPS Proxy > SSL Policy

Determine the action to take when an GCP Network target HTTPS proxy is not using an
allowed SSL policy.

If a target HTTPS proxy is not using an allowed SSL policy and this policy is set to
Enforce: Set to default if SSL policy not in allowed list, the target HTTPS proxy will be updated to use
the SSL policy selected in the GCP > Network > Target HTTPS Proxy > SSL Policy > Default policy.

If the SSL policy in the GCP > Network > Target HTTPS Proxy > SSL Policy > Default policy is not allowed
in the GCP > Network > Target HTTPS Proxy > SSL Policy > Allowed policy, Guardrails will not attempt to set
the SSL policy to prevent continuous updates.

GCP > Network > Target HTTPS Proxy > Usage

The Usage control determines whether the number of GCP Network target https proxy resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Target HTTPS Proxy > Usage policy, and set the limit with the GCP > Network > Target HTTPS Proxy > Usage > Limit policy.

GCP > Network > Target Pool > Active

Take an action when an GCP Network target pool is not active based on the
GCP > Network > Target Pool > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Target Pool > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Target Pool > Approved

Take an action when a GCP Network target pool is not approved based on GCP > Network > Target Pool > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Target Pool > CMDB

Record and synchronize details for the GCP Network target pool into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Target Pool > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Network > Target Pool > Discovery

Discover GCP Network target pool resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Target Pool > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Network > Target Pool > Usage

The Usage control determines whether the number of GCP Network target pool resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Target Pool > Usage policy, and set the limit with the GCP > Network > Target Pool > Usage > Limit policy.

GCP > Network > Target SSL Proxy > Active

Take an action when an GCP Network target ssl proxy is not active based on the
GCP > Network > Target SSL Proxy > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Target SSL Proxy > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Target SSL Proxy > Approved

Take an action when a GCP Network target ssl proxy is not approved based on GCP > Network > Target SSL Proxy > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Target SSL Proxy > CMDB

Record and synchronize details for the GCP Network target ssl proxy into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > Target SSL Proxy > Discovery

Discover GCP Network target ssl proxy resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > Target SSL Proxy > SSL Policy

Determine the action to take when an GCP Network target SSL proxy is not using
an allowed SSL policy.

If a target SSL proxy is not using an allowed SSL policy and this policy is set to
Enforce: Set to default if SSL policy not in allowed list, the target SSL proxy will be updated
to use the SSL policy selected in the GCP > Network > Target SSL Proxy > SSL Policy > Default policy.

If the SSL policy in the GCP > Network > Target SSL Proxy > SSL Policy > Default policy is
not allowed in the GCP > Network > Target SSL Proxy > SSL Policy > Allowed policy, Guardrails will
not attempt to set the SSL policy to prevent continuous updates.

GCP > Network > Target SSL Proxy > Usage

The Usage control determines whether the number of GCP Network target ssl proxy resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Target SSL Proxy > Usage policy, and set the limit with the GCP > Network > Target SSL Proxy > Usage > Limit policy.

GCP > Network > Target TCP Proxy > Active

Take an action when an GCP Network target tcp proxy is not active based on the
GCP > Network > Target TCP Proxy > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Target TCP Proxy > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Target TCP Proxy > Approved

Take an action when a GCP Network target tcp proxy is not approved based on GCP > Network > Target TCP Proxy > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Target TCP Proxy > CMDB

Record and synchronize details for the GCP Network target tcp proxy into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Target TCP Proxy > Discovery

Discover GCP Network target tcp proxy resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

This control will automatically re-run every 24 hours because GCP does not currently support real-time events for this resource type.

GCP > Network > Target TCP Proxy > Usage

The Usage control determines whether the number of GCP Network target tcp proxy resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > Target TCP Proxy > Usage policy, and set the limit with the GCP > Network > Target TCP Proxy > Usage > Limit policy.

GCP > Network > Target VPN Gateway > Active

Take an action when an GCP Network target vpn gateway is not active based on the
GCP > Network > Target VPN Gateway > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > Target VPN Gateway > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > Target VPN Gateway > Approved

Take an action when a GCP Network target vpn gateway is not approved based on GCP > Network > Target VPN Gateway > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > Target VPN Gateway > CMDB

Record and synchronize details for the GCP Network target vpn gateway into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > Target VPN Gateway > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Network > Target VPN Gateway > Configured

Maintain network Target VPN Gateway configuration

GCP > Network > Target VPN Gateway > Discovery

Discover GCP Network target vpn gateway resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > Target VPN Gateway > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Network > Target VPN Gateway > Usage

The Usage control determines whether the number of GCP Network target vpn gateway resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the GCP > Network > Target VPN Gateway > Usage policy, and set the limit with the GCP > Network > Target VPN Gateway > Usage > Limit policy.

GCP > Network > URL Map > Active

Take an action when an GCP Network url map is not active based on the
GCP > Network > URL Map > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > URL Map > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > URL Map > Approved

Take an action when a GCP Network url map is not approved based on GCP > Network > URL Map > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > URL Map > CMDB

Record and synchronize details for the GCP Network url map into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Network > URL Map > Discovery

Discover GCP Network url map resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Network > URL Map > Usage

The Usage control determines whether the number of GCP Network url map resources exceeds the configured usage limit for this project.

You can configure the behavior of this control with the GCP > Network > URL Map > Usage policy, and set the limit with the GCP > Network > URL Map > Usage > Limit policy.

GCP > Network > VPN Tunnel > Active

Take an action when an GCP Network vpn tunnel is not active based on the
GCP > Network > VPN Tunnel > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Network > VPN Tunnel > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Network > VPN Tunnel > Approved

Take an action when a GCP Network vpn tunnel is not approved based on GCP > Network > VPN Tunnel > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Network > VPN Tunnel > CMDB

Record and synchronize details for the GCP Network vpn tunnel into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Network > VPN Tunnel > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Network > VPN Tunnel > Configured

Maintain network vpnTunnel configuration

GCP > Network > VPN Tunnel > Discovery

Discover GCP Network vpn tunnel resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Network > VPN Tunnel > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Network > VPN Tunnel > Labels

Take an action when an GCP Network vpn tunnel labels is not updated based on the GCP > Network > VPN Tunnel > Labels > * policies.

If the resource is not updated with the labels defined in GCP > Network > VPN Tunnel > Labels > Template, this control raises an alarm and takes the defined enforcement action.

See Labels for more information.

GCP > Network > VPN Tunnel > Usage

The Usage control determines whether the number of GCP Network vpn tunnel resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the GCP > Network > VPN Tunnel > Usage policy, and set the limit with the GCP > Network > VPN Tunnel > Usage > Limit policy.