Supported asset types

This topic lists the supported asset types in Cloud Asset Inventory. Please see the overview topic for all Cloud Asset API services.

For types supported by the export and monitor services, see supported resource types and supported policy types.

For types supported by the search service, see searchable asset types.

For types supported by the analysis service, see analyzable asset types.

Supported resource types

Cloud Asset Inventory supports and returns the following resource types. You need to use the correct resource name format when using Cloud Asset Inventory.

Service Launch stage/Resource
App Engine

Note: location field may not be populated for App Engine assets.
GA

API reference
appengine.googleapis.com/Application
appengine.googleapis.com/Service
appengine.googleapis.com/Version
Artifact Registry GA

API reference
artifactregistry.googleapis.com/DockerImage
artifactregistry.googleapis.com/Repository
BigQuery GA

API reference
bigquery.googleapis.com/Dataset
bigquery.googleapis.com/Table
Cloud Bigtable GA

API reference
bigtableadmin.googleapis.com/AppProfile
bigtableadmin.googleapis.com/Backup
bigtableadmin.googleapis.com/Cluster
bigtableadmin.googleapis.com/Instance
bigtableadmin.googleapis.com/Table
Cloud Billing GA

API reference
cloudbilling.googleapis.com/BillingAccount
Certificate Authority Service

Note: IAM policies may be missing for privateca.googleapis.com/CertificateRevocationList.
GA

API reference
privateca.googleapis.com/CaPool
privateca.googleapis.com/CertificateAuthority
privateca.googleapis.com/CertificateRevocationList
privateca.googleapis.com/CertificateTemplate
Cloud Functions GA

API reference
cloudfunctions.googleapis.com/CloudFunction
Cloud Run GA

API reference
run.googleapis.com/DomainMapping
run.googleapis.com/Revision
run.googleapis.com/Service
Container Registry

Note: Container Registry implements the Docker HTTP API V2 and does not provide a public API.
GA

containerregistry.googleapis.com/Image
Dataproc GA

API reference
dataproc.googleapis.com/Cluster
dataproc.googleapis.com/Job
Cloud DNS GA

API reference
dns.googleapis.com/ManagedZone
dns.googleapis.com/Policy
Eventarc GA

API reference
eventarc.googleapis.com/Trigger
Identity and Access Management GA

API reference
iam.googleapis.com/Role
iam.googleapis.com/ServiceAccount
iam.googleapis.com/ServiceAccountKey
Cloud Key Management Service GA

API reference

cloudkms.googleapis.com/KeyRing
cloudkms.googleapis.com/CryptoKey
cloudkms.googleapis.com/CryptoKeyVersion
cloudkms.googleapis.com/ImportJob
Pub/Sub GA

API reference
pubsub.googleapis.com/Topic
pubsub.googleapis.com/Subscription
pubsub.googleapis.com/Snapshot
Cloud Spanner GA

API reference
spanner.googleapis.com/Instance
spanner.googleapis.com/Database
spanner.googleapis.com/Backup
Cloud SQL

Note that Cloud SQL asset change history can be incomplete, and data freshness can be stale for 2+ hours.
GA

API reference
sqladmin.googleapis.com/Instance
Cloud Storage GA

API reference
storage.googleapis.com/Bucket
Cloud OS Config

Note that Cloud OS Config asset change history can be incomplete, and data freshness can be stale for 7+ hours.
GA

API reference
osconfig.googleapis.com/PatchDeployment
Compute Engine GA

API reference
compute.googleapis.com/Autoscaler
compute.googleapis.com/Address
compute.googleapis.com/GlobalAddress
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Commitment
compute.googleapis.com/Disk
compute.googleapis.com/ExternalVpnGateway
compute.googleapis.com/Firewall
compute.googleapis.com/ForwardingRule
compute.googleapis.com/GlobalForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network
compute.googleapis.com/NetworkEndpointGroup
compute.googleapis.com/NodeGroup
compute.googleapis.com/NodeTemplate
compute.googleapis.com/PacketMirroring
compute.googleapis.com/Project
compute.googleapis.com/RegionBackendService
compute.googleapis.com/RegionDisk
compute.googleapis.com/Reservation
compute.googleapis.com/ResourcePolicy
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/SecurityPolicy
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/SslPolicy
compute.googleapis.com/Subnetwork
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnGateway
compute.googleapis.com/VpnTunnel
Google Kubernetes Engine
GA

API reference
container.googleapis.com/Cluster
container.googleapis.com/NodePool

API reference
k8s.io/Node
k8s.io/Pod
k8s.io/Namespace
k8s.io/Service
rbac.authorization.k8s.io/Role
rbac.authorization.k8s.io/RoleBinding
rbac.authorization.k8s.io/ClusterRole
rbac.authorization.k8s.io/ClusterRoleBinding
networking.k8s.io/Networkpolicy
Beta

API reference
extensions.k8s.io/Ingress
networking.k8s.io/Ingress
Resource Manager GA

API reference
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
Service Usage

Note that Service Usage asset change history might be incomplete, data freshness can be stale for 12+ hours, and the field config in the metadata is not supported yet.
GA

API reference
serviceusage.googleapis.com/Service
Cloud Data Fusion GA

API reference
datafusion.googleapis.com/Instance
Cloud Logging

Note that Cloud Logging asset change history might be incomplete, data freshness can be stale for 7+ hours.
GA

API reference
logging.googleapis.com/LogBucket
logging.googleapis.com/LogMetric
logging.googleapis.com/LogSink
Network Management API GA

API reference
networkmanagement.googleapis.com/ConnectivityTest
Managed Service for Microsoft Active Directory GA

API reference
managedidentities.googleapis.com/Domain
Game Servers GA

API reference
gameservices.googleapis.com/GameServerCluster
gameservices.googleapis.com/Realm
gameservices.googleapis.com/GameServerConfig
gameservices.googleapis.com/GameServerDeployment
Dataflow

Note that Dataflow asset change history can be incomplete, and data freshness can be stale for 7+ hours.
GA

API reference
dataflow.googleapis.com/Job
Hub GA

gkehub.googleapis.com/Membership
Secret Manager

Note that the location field in the Secret Manager asset does not reflect the replication policy of the Secret. Instead use the replication field to get that information.
GA

API reference
secretmanager.googleapis.com/Secret
secretmanager.googleapis.com/SecretVersion
Cloud TPU GA

API reference
tpu.googleapis.com/Node
Cloud Composer

Note that Cloud Composer v1beta1 is supported. The resources in v1beta1 are a superset of those in v1.
Beta

API reference
composer.googleapis.com/Environment
Filestore
GA

API reference
file.googleapis.com/Instance
Beta

API reference
file.googleapis.com/Backup
Service Directory GA

API reference
servicedirectory.googleapis.com/Namespace
Assured Workloads GA

API reference
assuredworkloads.googleapis.com/Workload
API Gateway GA

API reference
apigateway.googleapis.com/Api
apigateway.googleapis.com/ApiConfig
apigateway.googleapis.com/Gateway
App Engine Memcache GA

API reference
memcache.googleapis.com/Instance
Document AI GA

API reference
documentai.googleapis.com/HumanReviewConfig
documentai.googleapis.com/LabelerPool
documentai.googleapis.com/Processor
Memorystore for Redis GA

API reference
redis.googleapis.com/Instance
Vertex AI

Note that `deployedModels` field in Model and Endpoint is not populated. Vertex AI asset change history can be incomplete, and data freshness can be stale for 7+ hours. Some Datasets' metadata (e.g. TABLE data type) could be stale due to an ongoing data issue.
GA

API reference
aiplatform.googleapis.com/BatchPredictionJob
aiplatform.googleapis.com/CustomJob
aiplatform.googleapis.com/DataLabelingJob
aiplatform.googleapis.com/Dataset
aiplatform.googleapis.com/Endpoint
aiplatform.googleapis.com/HyperparameterTuningJob
aiplatform.googleapis.com/Model
aiplatform.googleapis.com/SpecialistPool
aiplatform.googleapis.com/TrainingPipeline
Cloud Monitoring GA

API reference
monitoring.googleapis.com/AlertPolicy
Serverless VPC Access GA

API reference
vpcaccess.googleapis.com/Connector
Service Management

Note that Service Management asset change history can be incomplete, data freshness can be stale for 7+ hours.
GA

API reference
servicemanagement.googleapis.com/ManagedService

Supported policy types

The Cloud Asset API supports the following policy types in Google Cloud:

Policy Launch stage/Supported resource
IAM GA

API reference
All supported resource types above

The following IAP resource types:
iap.googleapis.com/Web
iap.googleapis.com/WebTypes
iap.googleapis.com/WebServices
iap.googleapis.com/WebServiceVersions
iap.googleapis.com/Tunnel
iap.googleapis.com/TunnelZones
iap.googleapis.com/TunnelInstance
Organization Policy GA

API reference
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
Access Policy (VPC Service Controls Policy) GA

API reference
cloudresourcemanager.googleapis.com/Organization

Supported runtime information types

The Cloud Asset API supports the following runtime information types in Google Cloud:

Runtime information Launch stage/Supported resource
OS inventory

Provides information on the operating system, installed packages, and available package updates for an instance. Learn more about OS inventory management.
GA

compute.googleapis.com/Instance

Supported relationship types

The Cloud Asset API supports the following relationship types in Google Cloud:

Relationships Launch stage/Supported resource
INSTANCE_TO_INSTANCEGROUP

Provides information about the instance groups that an instance is in. Learn more about instance groups.
Beta

compute.googleapis.com/Instance

Searchable asset types

The following asset types are supported by the Search Assets APIs:

Service Resource/API Reference Searchable Attributes
App Engine appengine.googleapis.com/Application
defaultHostname
defaultBucket
appengine.googleapis.com/Service
appengine.googleapis.com/Version
versionUrl
Artifact Registry artifactregistry.googleapis.com/Repository
artifactregistry.googleapis.com/DockerImage
BigQuery bigquery.googleapis.com/Dataset
bigquery.googleapis.com/Table
Cloud Bigtable bigtableadmin.googleapis.com/Cluster
bigtableadmin.googleapis.com/Instance
bigtableadmin.googleapis.com/Table
Cloud Billing cloudbilling.googleapis.com/BillingAccount
Cloud Composer composer.googleapis.com/Environment
Cloud Functions cloudfunctions.googleapis.com/CloudFunction
Cloud Key Management Service cloudkms.googleapis.com/KeyRing
cloudkms.googleapis.com/CryptoKey
cloudkms.googleapis.com/CryptoKeyVersion
cloudkms.googleapis.com/ImportJob
Cloud Logging logging.googleapis.com/LogBucket
logging.googleapis.com/LogMetric
logging.googleapis.com/LogSink
Cloud Run run.googleapis.com/DomainMapping
run.googleapis.com/Revision
run.googleapis.com/Service
Cloud Spanner spanner.googleapis.com/Instance
spanner.googleapis.com/Database
spanner.googleapis.com/Backup
Cloud SQL sqladmin.googleapis.com/Instance
Dataflow dataflow.googleapis.com/Job
Dataproc dataproc.googleapis.com/Cluster
dataproc.googleapis.com/Job
Document AI documentai.googleapis.com/Processor
documentai.googleapis.com/HumanReviewConfig
documentai.googleapis.com/LabelerPool
Cloud DNS dns.googleapis.com/ManagedZone dnsName
peeringConfig.targetNetwork.networkUrl
dns.googleapis.com/Policy
Hub gkehub.googleapis.com/Membership
Identity and Access Management iam.googleapis.com/Role includedPermissions
iam.googleapis.com/ServiceAccount email
uniqueId
iam.googleapis.com/ServiceAccountKey
Pub/Sub pubsub.googleapis.com/Topic
pubsub.googleapis.com/Subscription
pubsub.googleapis.com/Snapshot
Cloud OS Config

Note that Cloud OS Config asset change history can be incomplete, and data freshness can be stale for 7+ hours.
osconfig.googleapis.com/PatchDeployment
Cloud Storage storage.googleapis.com/Bucket
Compute Engine

Note that Compute Engine types cover zonal, regional, and global resources.
compute.googleapis.com/Autoscaler
compute.googleapis.com/Address
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Commitment
compute.googleapis.com/Disk
compute.googleapis.com/ExternalVpnGateway
compute.googleapis.com/Firewall
compute.googleapis.com/ForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance externalIPs
internalIPs
networkInterfaceNetworks
networkInterfaceNames
machineType
deletionProtection

The following attributes are from the OS Inventory, which is attached on this Compute Instance to provide information on operating system and packages. Learn more about OS inventory management.

osShortName
osLongName
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network gatewayIPv4
compute.googleapis.com/NetworkEndpointGroup
compute.googleapis.com/NodeGroup
compute.googleapis.com/NodeTemplate
compute.googleapis.com/PacketMirroring
compute.googleapis.com/Project
compute.googleapis.com/Reservation
compute.googleapis.com/ResourcePolicy
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/SecurityPolicy
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/SslPolicy
compute.googleapis.com/Subnetwork gatewayAddress
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnGateway
compute.googleapis.com/VpnTunnel
Filestore file.googleapis.com/Backup
file.googleapis.com/Instance
Google Kubernetes Engine container.googleapis.com/Cluster endpoint
container.googleapis.com/NodePool locations
k8s.io/Pod
k8s.io/Node
k8s.io/Namespace
k8s.io/Service
apps.k8s.io/Deployment
apps.k8s.io/ReplicaSet
batch.k8s.io/Job
rbac.authorization.k8s.io/Role
rbac.authorization.k8s.io/RoleBinding
rbac.authorization.k8s.io/ClusterRole
rbac.authorization.k8s.io/ClusterRoleBinding
extensions.k8s.io/Ingress
networking.k8s.io/Ingress
Managed Service for Microsoft Active Directory managedidentities.googleapis.com/Domain
Resource Manager cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project projectId
Secret Manager

Note that the location field in the Secret Manager asset does not reflect the replication policy of the Secret.
secretmanager.googleapis.com/Secret
secretmanager.googleapis.com/SecretVersion
Service Usage

Note that Service Usage data freshness can be stale for 12+ hours.
serviceusage.googleapis.com/Service
Cloud TPU tpu.googleapis.com/Node
Cloud Data Fusion datafusion.googleapis.com/Instance
Memorystore for Redis redis.googleapis.com/Instance
API Gateway apigateway.googleapis.com/Api
apigateway.googleapis.com/ApiConfig
apigateway.googleapis.com/Gateway
Vertex AI aiplatform.googleapis.com/BatchPredictionJob
aiplatform.googleapis.com/CustomJob
aiplatform.googleapis.com/DataLabelingJob
aiplatform.googleapis.com/Dataset
aiplatform.googleapis.com/Endpoint
aiplatform.googleapis.com/HyperparameterTuningJob
aiplatform.googleapis.com/Model
aiplatform.googleapis.com/SpecialistPool
aiplatform.googleapis.com/TrainingPipeline
Assured Workloads assuredworkloads.googleapis.com/Workload

Analyzable asset types

The following asset types are supported by the Asset Analysis APIs:

Service Resource/API Reference
App Engine appengine.googleapis.com/Application
appengine.googleapis.com/Service
appengine.googleapis.com/Version
BigQuery bigquery.googleapis.com/Dataset
bigquery.googleapis.com/Table
Cloud Bigtable bigtableadmin.googleapis.com/Cluster
bigtableadmin.googleapis.com/Instance
bigtableadmin.googleapis.com/Table
Cloud Billing cloudbilling.googleapis.com/BillingAccount
Cloud Composer composer.googleapis.com/Environment
Cloud Functions cloudfunctions.googleapis.com/CloudFunction
Cloud Key Management Service cloudkms.googleapis.com/KeyRing
cloudkms.googleapis.com/CryptoKey
cloudkms.googleapis.com/CryptoKeyVersion
cloudkms.googleapis.com/ImportJob
Cloud Run run.googleapis.com/Revision
run.googleapis.com/Service
Cloud SQL sqladmin.googleapis.com/Instance
Dataflow dataflow.googleapis.com/Job
Dataproc dataproc.googleapis.com/Cluster
dataproc.googleapis.com/Job
Cloud DNS dns.googleapis.com/ManagedZone
dns.googleapis.com/Policy
Identity and Access Management iam.googleapis.com/Role
iam.googleapis.com/ServiceAccount
iam.googleapis.com/ServiceAccountKey
Pub/Sub pubsub.googleapis.com/Topic
pubsub.googleapis.com/Subscription
pubsub.googleapis.com/Snapshot
Cloud Storage storage.googleapis.com/Bucket
Compute Engine compute.googleapis.com/Address
compute.googleapis.com/Autoscaler
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Commitment
compute.googleapis.com/Disk
compute.googleapis.com/ExternalVpnGateway
compute.googleapis.com/Firewall
compute.googleapis.com/ForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network
compute.googleapis.com/NetworkEndpointGroup
compute.googleapis.com/NodeGroup
compute.googleapis.com/NodeTemplate
compute.googleapis.com/PacketMirroring
compute.googleapis.com/Project
compute.googleapis.com/Reservation
compute.googleapis.com/ResourcePolicy
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/SecurityPolicy
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/SslPolicy
compute.googleapis.com/Subnetwork
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnGateway
compute.googleapis.com/VpnTunnel
Google Kubernetes Engine container.googleapis.com/Cluster
container.googleapis.com/NodePool
Resource Manager cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
Service Usage

Note that Service Usage data freshness can be stale for 12+ hours.
serviceusage.googleapis.com/Service
Cloud TPU tpu.googleapis.com/Node
Cloud Data Fusion datafusion.googleapis.com/Instance
Memorystore for Redis redis.googleapis.com/Instance