Supported asset types

This topic lists the supported asset types in Cloud Asset Inventory. Please see the overview topic for all Cloud Asset API services.

For types supported by the export and monitor services, see supported resource types and supported policy types.

For types supported by the search service, see searchable asset types.

For types supported by the analysis service, see analyzable asset types.

Supported resource types

Cloud Asset Inventory currently supports and returns the following resource types. You need to use the correct resource name format when using Cloud Asset Inventory.

Service Launch stage/Resource
App Engine

Note: location field may not be populated for App Engine assets. 		GA

API reference
appengine.googleapis.com/Application
appengine.googleapis.com/Service
appengine.googleapis.com/Version
BigQuery GA

API reference
bigquery.googleapis.com/Dataset
bigquery.googleapis.com/Table
Cloud Bigtable GA

API reference
bigtableadmin.googleapis.com/Cluster
bigtableadmin.googleapis.com/Instance
bigtableadmin.googleapis.com/Table
Cloud Billing GA

API reference
cloudbilling.googleapis.com/BillingAccount
Cloud Run GA

API reference
run.googleapis.com/DomainMapping
run.googleapis.com/Revision
run.googleapis.com/Service
Dataproc GA

API reference
dataproc.googleapis.com/Cluster
dataproc.googleapis.com/Job
Cloud DNS GA

API reference
dns.googleapis.com/ManagedZone
dns.googleapis.com/Policy
Identity and Access Management GA

API reference
iam.googleapis.com/Role
iam.googleapis.com/ServiceAccount
iam.googleapis.com/ServiceAccountKey
Cloud Key Management Service GA

API reference
cloudkms.googleapis.com/KeyRing
cloudkms.googleapis.com/CryptoKey
cloudkms.googleapis.com/CryptoKeyVersion
cloudkms.googleapis.com/ImportJob
Pub/Sub GA

API reference
pubsub.googleapis.com/Topic
pubsub.googleapis.com/Subscription
Cloud Spanner GA

API reference
spanner.googleapis.com/Instance
spanner.googleapis.com/Database
spanner.googleapis.com/Backup
Cloud SQL

Note that Cloud SQL asset change history can be incomplete, and data freshness can be stale for up to an hour.		 GA

API reference
sqladmin.googleapis.com/Instance
Cloud Storage GA

API reference
storage.googleapis.com/Bucket
Cloud OS Config GA

API reference
osconfig.googleapis.com/PatchDeployment
Compute Engine GA

API reference
compute.googleapis.com/Autoscaler
compute.googleapis.com/Address
compute.googleapis.com/GlobalAddress
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Disk
compute.googleapis.com/ExternalVpnGateway
compute.googleapis.com/Firewall
compute.googleapis.com/ForwardingRule
compute.googleapis.com/GlobalForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network
compute.googleapis.com/NetworkEndpointGroup
compute.googleapis.com/PacketMirroring
compute.googleapis.com/Project
compute.googleapis.com/RegionBackendService
compute.googleapis.com/RegionDisk
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/SecurityPolicy
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/SslPolicy
compute.googleapis.com/Subnetwork
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnGateway
compute.googleapis.com/VpnTunnel
Google Kubernetes Engine
 		GA

API reference
container.googleapis.com/Cluster
container.googleapis.com/NodePool

API reference
k8s.io/Node
k8s.io/Pod
k8s.io/Namespace
k8s.io/Service
rbac.authorization.k8s.io/Role
rbac.authorization.k8s.io/RoleBinding
rbac.authorization.k8s.io/ClusterRole
rbac.authorization.k8s.io/ClusterRoleBinding
Beta

API reference
extensions.k8s.io/Ingress
networking.k8s.io/Ingress
Resource Manager GA

API reference
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
Service Usage

Note that Service Usage asset change history might be incomplete, data freshness can be stale for up to six hours, and the field config in the metadata is not supported yet.		 GA

API reference
serviceusage.googleapis.com/Service
Cloud Data Fusion

Note that Cloud Data Fusion asset change history might be incomplete, data freshness can be stale for up to an hour.		 GA

API reference
datafusion.googleapis.com/Instance
Cloud Logging

Note that Cloud Logging asset change history might be incomplete, data freshness can be stale for up to six hours.		 GA

API reference
logging.googleapis.com/LogMetric
logging.googleapis.com/LogSink
Network Management API GA

API reference
networkmanagement.googleapis.com/ConnectivityTest
Managed Service for Microsoft Active Directory GA

API reference
managedidentities.googleapis.com/Domain

Supported policy types

The Cloud Asset API currently supports the following policy types in Google Cloud:

Policy Launch stage/Supported resource
IAM GA

API reference
All supported resource types above

The following IAP resource types:
iap.googleapis.com/Web
iap.googleapis.com/WebTypes
iap.googleapis.com/WebServices
iap.googleapis.com/WebServiceVersions
iap.googleapis.com/Tunnel
iap.googleapis.com/TunnelZones
iap.googleapis.com/TunnelInstances
Organization Policy GA

API reference
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
Access Policy (VPC Service Controls Policy) GA

API reference
cloudresourcemanager.googleapis.com/Organization

Searchable asset types

The following asset types are supported by the Search Assets APIs:

Service Resource/API Reference Searchable Attributes
App Engine appengine.googleapis.com/Application
 defaultHostname
defaultBucket
appengine.googleapis.com/Service
appengine.googleapis.com/Version
 versionUrl
BigQuery bigquery.googleapis.com/Dataset
Cloud Billing cloudbilling.googleapis.com/BillingAccount
Dataproc dataproc.googleapis.com/Cluster
dataproc.googleapis.com/Job
Cloud DNS dns.googleapis.com/ManagedZone dnsName
dns.googleapis.com/Policy
Identity and Access Management iam.googleapis.com/Role includedPermissions
iam.googleapis.com/ServiceAccount email
uniqueId
iam.googleapis.com/ServiceAccountKey
Compute Engine compute.googleapis.com/Autoscaler
compute.googleapis.com/Address
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Disk
compute.googleapis.com/Firewall
compute.googleapis.com/ForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/SecurityPolicy
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/Subnetwork
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnTunnel
Google Kubernetes Engine container.googleapis.com/Cluster endpoint
Resource Manager cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project projectId

Analyzable asset types

The following asset types are supported by the Asset Analysis APIs:

Service Resource/API Reference
BigQuery bigquery.googleapis.com/Dataset
Cloud Billing cloudbilling.googleapis.com/BillingAccount
Cloud DNS dns.googleapis.com/Policy
Identity and Access Management iam.googleapis.com/Role
iam.googleapis.com/ServiceAccount
Compute Engine compute.googleapis.com/Address
compute.googleapis.com/Autoscaler
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Disk
compute.googleapis.com/Firewall
compute.googleapis.com/ForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/Subnetwork
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnTunnel
Google Kubernetes Engine container.googleapis.com/Cluster
Resource Manager cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project