Introduction to Cloud Asset Inventory

Cloud Asset Inventory provides inventory services based on a time series database. This database keeps a five week history of Google Cloud asset metadata. The Cloud Asset Inventory export service allows you to export all asset metadata at a certain timestamp or export event change history during a timeframe.

Features

Export asset metadata at a timestamp

The Cloud Asset Inventory export service allows you to export all the asset metadata at a given timestamp to a Cloud Storage file.

Export asset history

The Cloud Asset Inventory export service allows you to export the event change history of multiple assets during a given timeframe. The exported event change history shows you all the create, delete, and update events for the specifed assets over time.

Supported resource types

Cloud Asset Inventory currently supports and returns the following resource types. You need to use the correct resource name format when using Cloud Asset Inventory.

Service	Launch stage/Resource
App Engine	GA API reference • `appengine.googleapis.com/Application` • `appengine.googleapis.com/Service` • `appengine.googleapis.com/Version`
BigQuery Note that BigQuery asset metadata and change history might be incomplete.	GA API reference • `bigquery.googleapis.com/Dataset` • `bigquery.googleapis.com/Table`
Cloud Bigtable	GA API reference • `bigtableadmin.googleapis.com/Cluster` • `bigtableadmin.googleapis.com/Instance` • `bigtableadmin.googleapis.com/Table`
Cloud Billing	GA API reference • `cloudbilling.googleapis.com/BillingAccount`
Dataproc	GA API reference • `dataproc.googleapis.com/Cluster` • `dataproc.googleapis.com/Job`
Cloud DNS	GA API reference • `dns.googleapis.com/ManagedZone` • `dns.googleapis.com/Policy`
Cloud Identity and Access Management Note that `iam.googleapis.com/ServiceAccountKey` asset can be stale for up to 3 days. History data starts from Oct 28th, 2019.	GA API reference • `iam.googleapis.com/Role` • `iam.googleapis.com/ServiceAccount` • `iam.googleapis.com/ServiceAccountKey`
Key Management Service	GA API reference • `cloudkms.googleapis.com/KeyRing` • `cloudkms.googleapis.com/CryptoKey` • `cloudkms.googleapis.com/CryptoKeyVersion`
Pub/Sub	GA API reference • `pubsub.googleapis.com/Topic` • `pubsub.googleapis.com/Subscription`
Cloud Spanner	GA API reference • `spanner.googleapis.com/Instance` • `spanner.googleapis.com/Database`
Cloud SQL Note that Cloud SQL asset change history can be incomplete, and data freshness can be stale for up to an hour.	GA API reference • `sqladmin.googleapis.com/Instance`
Cloud Storage	GA API reference • `storage.googleapis.com/Bucket`
Compute Engine	GA API reference • `compute.googleapis.com/Autoscaler` • `compute.googleapis.com/Address` • `compute.googleapis.com/GlobalAddress` • `compute.googleapis.com/BackendBucket` • `compute.googleapis.com/BackendService` • `compute.googleapis.com/Disk` • `compute.googleapis.com/Firewall` • `compute.googleapis.com/ForwardingRule` • `compute.googleapis.com/GlobalForwardingRule` • `compute.googleapis.com/HealthCheck` • `compute.googleapis.com/HttpHealthCheck` • `compute.googleapis.com/HttpsHealthCheck` • `compute.googleapis.com/Image` • `compute.googleapis.com/Instance` • `compute.googleapis.com/InstanceGroup` • `compute.googleapis.com/InstanceGroupManager` • `compute.googleapis.com/InstanceTemplate` • `compute.googleapis.com/Interconnect` • `compute.googleapis.com/InterconnectAttachment` • `compute.googleapis.com/License` • `compute.googleapis.com/Network` • `compute.googleapis.com/Project` • `compute.googleapis.com/RegionBackendService` • `compute.googleapis.com/RegionDisk` • `compute.googleapis.com/Route` • `compute.googleapis.com/Router` • `compute.googleapis.com/SecurityPolicy` • `compute.googleapis.com/Snapshot` • `compute.googleapis.com/SslCertificate` • `compute.googleapis.com/Subnetwork` • `compute.googleapis.com/TargetHttpProxy` • `compute.googleapis.com/TargetHttpsProxy` • `compute.googleapis.com/TargetInstance` • `compute.googleapis.com/TargetPool` • `compute.googleapis.com/TargetTcpProxy` • `compute.googleapis.com/TargetSslProxy` • `compute.googleapis.com/TargetVpnGateway` • `compute.googleapis.com/UrlMap` • `compute.googleapis.com/VpnTunnel`
Google Kubernetes Engine	GA API reference • `container.googleapis.com/Cluster` API reference • `k8s.io/Node` • `k8s.io/Pod` • `k8s.io/Namespace` • `k8s.io/Service` • `rbac.authorization.k8s.io/Role` • `rbac.authorization.k8s.io/RoleBinding` • `rbac.authorization.k8s.io/ClusterRole` • `rbac.authorization.k8s.io/ClusterRoleBinding`
Google Kubernetes Engine	Beta API reference • `container.googleapis.com/NodePool` • `extensions.k8s.io/Ingress`
Resource Manager Note that we recently migrated Resource Manager resources to GA versions.	GA API reference • `cloudresourcemanager.googleapis.com/Organization` • `cloudresourcemanager.googleapis.com/Folder` • `cloudresourcemanager.googleapis.com/Project`
Service Usage Note that Service Usage asset change history might be incomplete, data freshness can be stale for up to six hours, and the field config in the metadata is not supported yet.	GA API reference • `serviceusage.googleapis.com/Service`

Supported policy types

The Cloud Asset API currently supports the following policy types in Google Cloud:

Policy	Launch stage/Supported resource
Cloud IAM	GA API reference • `All supported resource types`
Organization Policy Note that Organization Policy change history can be incomplete, and data freshness can be stale for up to one day.	GA API reference • `cloudresourcemanager.googleapis.com/Organization` • `cloudresourcemanager.googleapis.com/Folder` • `cloudresourcemanager.googleapis.com/Project`
Access Policy (VPC Service Controls Policy) Note that Access Policy change history can be incomplete, and data freshness can be stale for up to 6 hours.	GA API reference • `cloudresourcemanager.googleapis.com/Organization`

Key Concepts

Asset

An asset refers to a Google Cloud resource or policy. Examples of resources include Compute Engine virtual machines (VMs), Cloud Storage buckets, and App Engine instances. Examples of policies include Cloud Identity and Access Management (Cloud IAM) policies and org policies (currently not supported).

Asset content type

Cloud Asset Inventory supports the following asset types:

Resource: Resource metadata of a Google Cloud asset.
IAM Policy: Metadata of the Cloud IAM Policy set on a Google Cloud asset.
Org Policy: Metadata of the Organization Policy set on a Resource Manager asset.
Access Policy: Metadata of the Access Context Manager Policy (VPC Service Controls Policy) set on an organization.

Asset snapshot

An asset snapshot is the set of available assets under a Cloud Asset Inventory project, folder, or organization at a timestamp.

Asset history

For a given asset, asset history includes all metadata create, delete, and update events between timestamp T₁ and T₂.

Next steps

Try out the Cloud Asset Inventory Quickstart to start exporting assets.

หน้านี้มีประโยชน์ไหม โปรดแสดงความคิดเห็น

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

อัปเดตล่าสุดเมื่อ ธันวาคม 4, 2019