Cloud Asset Inventory provides inventory services based on a time series database. This database keeps a five week history of Google Cloud asset metadata. Cloud Asset Inventory allows you to:
- Search asset metadata by using a custom query language
- Export all asset metadata at a certain timestamp or export event change history during a specific timeframe
- Monitor asset changes by subscribing to real-time notifications
- Analyze IAM policy to find out who has access to what
Features
Search assets
The Cloud Asset Inventory search service allows you to search asset metadata within a project, folder, or organization using a custom query language.
See Search Resources Guide and Search IAM Policies Guide for more information.
Export asset history and metadata
The Cloud Asset Inventory export service allows you to export all the asset metadata at a given timestamp to a Cloud Storage file or a BigQuery table. You can also export the event change history of multiple assets during a given timeframe. The exported event change history shows you all the create, delete, and update events for the specified assets over time.
See Exporting assets to BigQuery Exporting assets to Cloud Storage and Viewing asset history for more information.
Monitoring asset changes
You can use Cloud Asset Inventory to monitor resource and policy changes you're subscribed to through real-time notifications. By creating and subscribing to an asset feed, you'll receive immediate updates about any changes for the desired asset names or asset types.
See Monitoring asset changes for more information.
Analyze IAM policies
The Cloud Asset Inventory analysis service allows you to analyze IAM policies within a folder or organization.
See Analyzing IAM policies and Exporting IAM policy analysis to Cloud Storage for more information.
Key Concepts
Assets
An asset refers to a Google Cloud resource or policy. Cloud Asset Inventory supports two main asset content types:
- Resources: Resource metadata of a Google Cloud asset. Examples
include:
- Compute Engine virtual machines (VMs)
- Cloud Storage buckets
- App Engine instances
- Policies: Metadata of one of the following policies set on a
Google Cloud resource. Examples include:
- IAM policy
- Organization Policy policy
- Access Context Manager policy
See Supported asset types for more information.
Asset snapshot
An asset snapshot is the set of available assets under a Resource Manager project, folder, or organization at a specific timestamp.
Asset history
For a given asset, asset history includes all metadata create, delete, and update events between timestamp T1 and T2. See Viewing asset history for more information.
Next steps
- Try out the Cloud Asset Inventory Quickstart to start exporting assets.