Asset relationships

This topic describes the asset relationships that connect Google Cloud assets.

Availability

To use relationship types, you must subscribe to Security Command Center at the Premium tier.

Relationship data is available from May 30th, 2022. A relationship might have its own update timestamp, as it might be inferred at a different time than the source/target asset updates.

Asset relationships

Many Google Cloud assets are connected to each other by relationships. For example, a Compute instance group can contain a Compute instance or a GKE cluster can contain a node. Learn more about supported relationships types.

Relationship queries

A relationship query returns the list of assets that have the specified relationship between two resources. For example, the following asset represents a relationship from a Compute instance to a Compute instance group:

{
  "name": "//compute.googleapis.com/projects/abc/zones/us-central1-c/instances/instance1",
  "asset_type": "compute.googleapis.com/Instance",
  "ancestors": ["projects/1234567"],
  "update_time": "2022-04-25T10:23:19.378972Z",
  "related_asset": {
    "asset": "//compute.googleapis.com/projects/abc/zones/us-central1-c/instanceGroups/group1",
    "asset_type": "compute.googleapis.com/InstanceGroup",
    "ancestors": ["projects/1234567"],
    "relationship_type": "INSTANCE_TO_INSTANCEGROUP"
  }
}