Introduction to Cloud Asset Inventory

Cloud Asset Inventory provides inventory services based on a time series database. This database keeps a five week history of Google Cloud asset metadata. Cloud Asset Inventory allows you to:

  • Search asset metadata by using a custom query language
  • Export all asset metadata at a certain timestamp or export event change history during a specific timeframe
  • Monitor asset changes by subscribing to real-time notifications
  • Analyze IAM policy to find out who has access to what

Features

Search assets

The Cloud Asset Inventory search service allows you to search asset metadata within a project, folder, or organization using a custom query language.

See Search Resources Guide and Search IAM Policies Guide for more information.

Export asset history and metadata

The Cloud Asset Inventory export service allows you to export all the asset metadata at a given timestamp to a Cloud Storage file or a BigQuery table. You can also export the event change history of multiple assets during a given timeframe. The exported event change history shows you all the create, delete, and update events for the specified assets over time.

See Exporting assets to BigQuery and Exporting assets to Cloud Storage for more information.

Monitoring asset changes

You can use Cloud Asset Inventory to monitor resource and policy changes you're subscribed to through real-time notifications. By creating and subscribing to an asset feed, you'll receive immediate updates about any changes for the desired asset names or asset types.

See Monitoring asset changes for more information.

Analyze Cloud IAM policies

The Cloud Asset Inventory analysis service allows you to analyze Cloud IAM policies within a folder or organization.

See Analyzing Cloud IAM policies and Exporting Cloud IAM policy analysis to Cloud Storage for more information.

Key Concepts

Assets

An asset refers to a Google Cloud resource or policy. Cloud Asset Inventory supports two main asset content types:

  • Resources: Resource metadata of a Google Cloud asset. Examples include:
    • Compute Engine virtual machines (VMs)
    • Cloud Storage buckets
    • App Engine instances
  • Policies: Metadata of one of the following policies set on a Google Cloud resource. Examples include:
    • Cloud IAM policy
    • Organization Policy policy
    • Access Context Manager policy

See Supported asset types for more information.

Asset snapshot

An asset snapshot is the set of available assets under a Resource Manager project, folder, or organization at a specific timestamp.

Asset history

For a given asset, asset history includes all metadata create, delete, and update events between timestamp T1 and T2. See Viewing asset history for more information.

Next steps