Asset types

This document lists the supported asset types in Cloud Asset Inventory. These include resource types, policy types, and runtime information types.

You can use these asset types with the following Cloud Asset Inventory operations:

You might also need to make use of asset names associated with these asset types when working with Cloud Asset Inventory.

Unless otherwise specified, all resource types are available in the export, list, monitor, search, and analysis APIs. Effective tags are supported only in the search APIs.

Resource types

Cloud Asset Inventory uses the following asset types for the RESOURCE content type.

Service Asset type

Access Policy (Access Context Manager)

To retrieve all access policies in the export, list, and monitor APIs:

  • REST: Set the contentType to ACCESS_POLICY.
  • gcloud CLI: Set the --content-type flag to access-policy.

AlloyDB for PostgreSQL

API reference

API Gateway

API reference

API keys

The location field might not be populated for API keys assets.

API reference

Apigee

API reference

Apigee API hub

API reference

App Engine

The location field might not be populated for App Engine assets.

API reference

App Hub

API reference

Application Integration

API reference

Artifact Registry

API reference

Assured Workloads

API reference

Backup and DR Service

API reference

Backup for GKE

API reference

Batch

API reference

BigQuery

API reference

BigQuery Data Transfer Service

BigQuery Data Transfer Service asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

BigQuery Migration Service

API reference

Bigtable

API reference

Blockchain Node Engine

API reference

Certificate Authority Service

API reference

Certificate Manager

API reference

Chrome Enterprise Premium

API reference

Cloud Billing

API reference

Cloud Build

API reference

Cloud Composer

Cloud Composer v1beta1 is supported. The resources in v1beta1 are a superset of those in v1.

API reference

Cloud Config Manager API

API reference

Cloud Controls Partner API

API reference

Cloud Data Fusion

API reference

Cloud Deploy

API reference

Cloud DNS

API reference

Cloud Domains

API reference

Cloud Healthcare API

Cloud Healthcare API asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Cloud Intrusion Detection System

API reference

Cloud Key Management Service

API reference

Cloud Logging

Cloud Logging asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Cloud Monitoring

API reference

Cloud Next Generation Firewall Enterprise

Cloud Next Generation Firewall Enterprise asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Cloud OS Config

Cloud OS Config asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Cloud Quotas

API reference

Cloud Run

API reference

Cloud Run functions (1st and 2nd gen)

This includes both 1st and 2nd gen Cloud Run functions. The asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Cloud Run functions (1st gen)

This only includes 1st gen Cloud Run functions. The asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Cloud SQL

Cloud SQL asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Cloud Storage

API reference

Cloud Tasks

API reference

Cloud TPU

API reference

Cloud Workstations

API reference

Compute Engine

API reference

Container Registry

Container Registry implements Docker HTTP API V2 and does not provide a public API.

  • containerregistry.googleapis.com/Image

    Effective tags aren't supported. Not available in the analysis APIs.

Conversational Insights

API reference

Data Lineage

API reference

Database Migration Service

API reference

Dataflow

Dataflow asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Dataform

API reference

Dataplex

API reference

Dataproc

API reference

Dataproc Metastore

API reference

Datastream

API reference

Developer Connect

API reference

Dialogflow CX

API reference

Dialogflow ES

API reference

Discovery Engine

API reference

  • discoveryengine.googleapis.com/Collection

  • discoveryengine.googleapis.com/DataStore

  • discoveryengine.googleapis.com/Engine

    Not available in the analysis APIs.

Document AI

API reference

Eventarc

API reference

Filestore

API reference

Financial Services

API reference

  • financialservices.googleapis.com/BacktestResult

    Not available in the analysis APIs.

  • financialservices.googleapis.com/Dataset

    Not available in the analysis APIs.

  • financialservices.googleapis.com/EngineConfig

    Not available in the analysis APIs.

  • financialservices.googleapis.com/Instance

  • financialservices.googleapis.com/Model

    Not available in the analysis APIs.

  • financialservices.googleapis.com/PredictionResult

    Not available in the analysis APIs.

Firebase

Firestore

API reference

Gemini for Google Cloud API

API reference

GKE Multi-Cloud

API reference

GKE on GDC

GKE on GDC metadata is from Confluence, which has no public API.

GKE On-Prem API

API reference

Google Cloud NetApp Volumes

API reference

Google Cloud VMware Engine

API reference

Google Kubernetes Engine

API reference

Hub

API reference

Identity and Access Management v1

API reference

Identity and Access Management v2

API reference

Identity Platform

API reference

Integration Connectors

API reference

KRM API Hosting

  • krmapihosting.googleapis.com/KrmApiHost

    Not available in the analysis APIs.

Live Stream API

API reference

Looker

API reference

Managed Service for Microsoft Active Directory

API reference

Memorystore for Memcached

API reference

Memorystore for Redis

API reference

Migrate to Virtual Machines

API reference

Network Connectivity

API reference

Network Management API

API reference

Network Services API

API reference

Organization Policy Service

API reference

  • orgpolicy.googleapis.com/Policy

    Not available in the analysis APIs.

Organization Policy Service v2

Privileged Access Manager

API reference

  • privilegedaccessmanager.googleapis.com/Grant

Pub/Sub

API reference

Resource Manager

API reference

Secret Manager

The location field in the Secret Manager asset does not reflect the replication policy of the secret. Instead, use the replication field to get that information.

API reference

Secure Source Manager

Secure Source Manager asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Secure Web Proxy

Secure Web Proxy asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Sensitive Data Protection

API reference

Serverless VPC Access

API reference

Service Directory

API reference

Service Management

Service Management asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync.

API reference

Service Usage

Service Usage asset change history might be incomplete. The config field in the metadata is not supported yet.

API reference

Spanner

API reference

Speaker ID

API reference

Speech-to-Text

API reference

Transcoder API

API reference

Vertex AI

Vertex AI asset change history might be incomplete. Data freshness is synchronized every 7 hours. If a sync fails, freshness is delayed until the next successful sync. Some datasets' metadata (for example, the TABLE data type) could be stale due to an ongoing data issue.

API reference

Vertex AI Workbench

API reference

Video Stitcher API

API reference

Workflows

API reference

Policy types

Cloud Asset Inventory uses the following asset types for the ACCESS_POLICY, IAM_POLICY, and ORG_POLICY content types.

Service Asset type
Access policy (VPC Service Controls policy)

API reference

Supported policy parent

Supported policy scope

IAM policy

Data can be delayed by approximately 36 hours.

API reference

Supported resource types that IAM policies can be attached to:

  • All asset types in supported resource types.
  • All policy types in this table except for IAM policy itself.
  • The following IAP resource types:

    • iap.googleapis.com/Tunnel

      Not available in the analysis and search APIs.

    • iap.googleapis.com/TunnelInstance

      Not available in the analysis and search APIs.

    • iap.googleapis.com/TunnelZone

      Not available in the analysis and search APIs.

    • iap.googleapis.com/Web

      Not available in the analysis and search APIs.

    • iap.googleapis.com/WebService

      Not available in the analysis and search APIs.

    • iap.googleapis.com/WebServiceVersion

      Not available in the analysis and search APIs.

    • iap.googleapis.com/WebType

      Not available in the analysis and search APIs.

Organization policy

API reference

Supported resource types that organization policies can be attached to:

Runtime information types

Cloud Asset Inventory uses the following asset types for the OS_INVENTORY content type.

Service Asset type

OS inventory

Provides information on the operating system, installed packages, and available package updates for an instance. Learn more about OS inventory management.