Control types for @turbot/gcp
- GCP > Folder > CMDB
- GCP > Folder > Discovery
- GCP > Global Region > Discovery
- GCP > Multi-Region > Discovery
- GCP > Multi-Region > Stack
- GCP > Organization > CMDB
- GCP > Project > CMDB
- GCP > Project > Discovery
- GCP > Project > Labels
- GCP > Project > Resource AKA Cleanup
- GCP > Project > Service APIs
- GCP > Project > Service APIs > Approved
- GCP > Project > Stack
- GCP > Region > Discovery
- GCP > Region > Stack
- GCP > Turbot
- GCP > Turbot > Event Handlers
- GCP > Turbot > Event Handlers > Logging
- GCP > Turbot > Event Handlers > Pub/Sub
- GCP > Turbot > Event Poller
- GCP > Zone > Discovery
GCP > Folder > CMDB
Record and synchronize details for the GCP Folder into the CMDB.
GCP > Folder > Discovery
Discover GCP Folders for record in the CMDB.
tmod:@turbot/gcp#/control/types/folderDiscovery
GCP > Global Region > Discovery
Discover GCP global-region and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB.
Note: The Discovery control also uses the Regions policy associated with
the resource. If the global region is not in GCP > Project > Regions
policy, the
Discovery control will delete the region from the CMDB.
Status:
- Enabled
- If the global region is in the policy and supported by turbot
- Skipped
- If the global region is not in the policy
- Unknown
- If the region is not recognized by Guardrails or GCP
tmod:@turbot/gcp#/control/types/globalRegionDiscovery
GCP > Multi-Region > Discovery
Discover GCP multi-regions and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB.
Note: The Discovery control also uses the Regions policy associated with
the resource. If the multi region is not in GCP > Project > Regions
policy, the
Discovery control will delete the region from the CMDB.
Status:
- Enabled
- If the multi-region is in the policy and supported by turbot
- Skipped
- If the multi-region is not in the policy
- Unknown
- If the multi-region is not recognized by Guardrails or GCP
tmod:@turbot/gcp#/control/types/multiRegionDiscovery
GCP > Multi-Region > Stack
Configure a custom stack on GCP, per the custom Stack > Source
.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/gcp#/control/types/multiRegionStack
GCP > Organization > CMDB
Record and synchronize details for the GCP Organization into the CMDB.
tmod:@turbot/gcp#/control/types/organizationCmdb
GCP > Project > CMDB
Record and synchronize details for the GCP Project into the CMDB.
GCP > Project > Discovery
Discover GCP Projects for record in the CMDB.
tmod:@turbot/gcp#/control/types/projectDiscovery
GCP > Project > Labels
Take an action when an GCP project labels is not updated based on the GCP > Project > Labels > *
policies.
If the resource is not updated with the labels defined in GCP > Project > Labels > Template
, this control raises an alarm and takes the defined enforcement action.
See Labels for more information.
tmod:@turbot/gcp#/control/types/projectLabels
GCP > Project > Resource AKA Cleanup
Delete resources with invalid AKAs.
If set to "Enforce: Deleted", this control will delete resources with AKAs
that are missing or have incorrect information. You can set this policy to
"Check: Deleted" to preview the changes.
This is required to fix a bug that resulted in disk resources with
incorrect AKAs. It is highly recommended that you set this control to
"Enforce: Deleted".
tmod:@turbot/gcp#/control/types/resourceAkaCleanup
GCP > Project > Service APIs
tmod:@turbot/gcp#/control/types/projectServiceApis
GCP > Project > Service APIs > Approved
Check whether the Enabled Service APIs on the Project are approved for usage, per GCP > Project > Service APIs > Approved > *
policies.
tmod:@turbot/gcp#/control/types/projectServiceApisApproved
GCP > Project > Stack
Configure a custom stack on GCP, per the custom Stack > Source
.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/gcp#/control/types/projectStack
GCP > Region > Discovery
Discover GCP regions and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB.
Note: The Discovery control also uses the Regions policy associated with
the resource. If the region is not in GCP > Project > Regions
policy, the
Discovery control will delete the region from the CMDB.
Status:
- Enabled
- If the region is in the policy and enabled in GCP
- Skipped
- If the region is not in the policy and enabled in GCP
- Unknown
- If the region is in the policy and not recognized by GCP or Guardrails
tmod:@turbot/gcp#/control/types/regionDiscovery
GCP > Region > Stack
Configure a custom stack on the GCP Region, per the Stack > Source
.
A Guardrails Stack
is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured
control.
tmod:@turbot/gcp#/control/types/regionStack
GCP > Turbot
Turbot control root.
GCP > Turbot > Event Handlers
Configure the set of resources in a Guardrails Stack per the Event Handlers ><br />Source
policy.
Guardrails Stacks are used to manage a set of resources via Terraform.
Stacks are responsible for the creation and deletion of multiple resources,
but once created, the resources are responsible for configuring themselves
with their Configured
control, using the Source from the parent stack.
The GCP Event Handlers stack is responsible for configuring the resources
required for the Guardrails Event Handler, which attaches the Guardrails Router to
a cloud provider's audit trail. This is a pre-requisite for Guardrails to
process and respond to real-time events -- a core capability that allows
Guardrails to respond to changes on resources as they occur.
GCP > Turbot > Event Handlers > Logging
Configure the Guardrails Event Handler stack. This stack configures
the logging sink required for Guardrails real-time event routing.
tmod:@turbot/gcp#/control/types/logging
GCP > Turbot > Event Handlers > Pub/Sub
Configure the Guardrails Event Handler stack. This stack configures the pub/sub
topic and subscription resources required for Guardrails real-time event routing.
tmod:@turbot/gcp#/control/types/pubSub
GCP > Turbot > Event Poller
Poll GCP events and re-raise in Guardrails
tmod:@turbot/gcp#/control/types/projectEventPoller