Supported asset types

This topic lists the supported asset types in Cloud Asset Inventory. Please see the overview topic for all Cloud Asset API services.

For types supported by the export, list and monitor services, see supported resource types, supported policy types, supported runtime information types and supported relationship types.

For types supported by the search service, see searchable asset types and supported relationship types.

For types supported by the analysis service, see analyzable asset types.

Supported resource types

Cloud Asset Inventory supports and returns the following resource types. You can use this list to identify which types the service supports, but be sure to use the full resource name format when working with Cloud Asset Inventory. Learn more about Cloud API resource naming.

Service Launch stage/Resource
API keys

Note: location field may not be populated for API keys assets.
GA

API reference
apikeys.googleapis.com/Key
App Engine

Note: location field may not be populated for App Engine assets.
GA

API reference
appengine.googleapis.com/Application
appengine.googleapis.com/Service
appengine.googleapis.com/Version
Artifact Registry GA

API reference
artifactregistry.googleapis.com/DockerImage
artifactregistry.googleapis.com/Repository
Backup for GKE GA

API reference
gkebackup.googleapis.com/BackupPlan
gkebackup.googleapis.com/Backup
gkebackup.googleapis.com/VolumeBackup
gkebackup.googleapis.com/RestorePlan
gkebackup.googleapis.com/Restore
gkebackup.googleapis.com/VolumeRestore
BigQuery GA

API reference
bigquery.googleapis.com/Dataset
bigquery.googleapis.com/Table
bigquery.googleapis.com/Model
Cloud Bigtable GA

API reference
bigtableadmin.googleapis.com/AppProfile
bigtableadmin.googleapis.com/Backup
bigtableadmin.googleapis.com/Cluster
bigtableadmin.googleapis.com/Instance
bigtableadmin.googleapis.com/Table
Cloud Billing GA

API reference
cloudbilling.googleapis.com/BillingAccount
cloudbilling.googleapis.com/ProjectBillingInfo
Certificate Authority Service

Note: IAM policies may be missing for privateca.googleapis.com/CertificateRevocationList.
GA

API reference
privateca.googleapis.com/CaPool
privateca.googleapis.com/Certificate
privateca.googleapis.com/CertificateAuthority
privateca.googleapis.com/CertificateRevocationList
privateca.googleapis.com/CertificateTemplate
Cloud Functions GA

API reference
cloudfunctions.googleapis.com/CloudFunction
Cloud Run GA

API reference
run.googleapis.com/DomainMapping
run.googleapis.com/Execution
run.googleapis.com/Job
run.googleapis.com/Revision
run.googleapis.com/Service
Container Registry

Note: Container Registry implements the Docker HTTP API V2 and does not provide a public API.
GA

containerregistry.googleapis.com/Image
Dataplex GA

API reference
dataplex.googleapis.com/Lake
dataplex.googleapis.com/Task
dataplex.googleapis.com/Zone
dataplex.googleapis.com/Asset
Dataproc GA

API reference
dataproc.googleapis.com/AutoscalingPolicy
dataproc.googleapis.com/Batch
dataproc.googleapis.com/Cluster
dataproc.googleapis.com/Job
dataproc.googleapis.com/WorkflowTemplate
Dialogflow CX GA

API reference
dialogflow.googleapis.com/Agent
dialogflow.googleapis.com/LocationSettings
Dialogflow ES GA

API reference
dialogflow.googleapis.com/ConversationProfile
dialogflow.googleapis.com/KnowledgeBase
Cloud Data Loss Prevention GA

API reference
dlp.googleapis.com/StoredInfoType
dlp.googleapis.com/DeidentifyTemplate
dlp.googleapis.com/DlpJob
dlp.googleapis.com/InspectTemplate
dlp.googleapis.com/JobTrigger
Cloud DNS GA

API reference
dns.googleapis.com/ManagedZone
dns.googleapis.com/Policy
Eventarc GA

API reference
eventarc.googleapis.com/Trigger
Identity and Access Management GA

API reference
iam.googleapis.com/Role
iam.googleapis.com/ServiceAccount
iam.googleapis.com/ServiceAccountKey
Cloud Key Management Service GA

API reference

cloudkms.googleapis.com/KeyRing
cloudkms.googleapis.com/CryptoKey
cloudkms.googleapis.com/CryptoKeyVersion
cloudkms.googleapis.com/ImportJob
cloudkms.googleapis.com/EkmConnection
Pub/Sub GA

API reference
pubsub.googleapis.com/Topic
pubsub.googleapis.com/Subscription
pubsub.googleapis.com/Snapshot
Cloud Spanner GA

API reference
spanner.googleapis.com/Instance
spanner.googleapis.com/Database
spanner.googleapis.com/Backup
Cloud SQL

Note that Cloud SQL asset change history can be incomplete, and data freshness can be stale for 2+ hours.
GA

API reference
sqladmin.googleapis.com/Instance
sqladmin.googleapis.com/BackupRun
Cloud Storage GA

API reference
storage.googleapis.com/Bucket
Cloud OS Config

Note that Cloud OS Config asset change history can be incomplete, and data freshness can be stale for 7+ hours.
GA

API reference
osconfig.googleapis.com/PatchDeployment
osconfig.googleapis.com/VulnerabilityReport
osconfig.googleapis.com/OSPolicyAssignment
osconfig.googleapis.com/OSPolicyAssignmentReport
Compute Engine GA

API reference
compute.googleapis.com/Autoscaler
compute.googleapis.com/Address
compute.googleapis.com/GlobalAddress
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Commitment
compute.googleapis.com/Disk
compute.googleapis.com/ExternalVpnGateway
compute.googleapis.com/Firewall
compute.googleapis.com/FirewallPolicy
compute.googleapis.com/ForwardingRule
compute.googleapis.com/GlobalForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network
compute.googleapis.com/NetworkEndpointGroup
compute.googleapis.com/NodeGroup
compute.googleapis.com/NodeTemplate
compute.googleapis.com/PacketMirroring
compute.googleapis.com/Project
compute.googleapis.com/RegionBackendService
compute.googleapis.com/RegionDisk
compute.googleapis.com/Reservation
compute.googleapis.com/ResourcePolicy
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/SecurityPolicy
compute.googleapis.com/ServiceAttachment
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/SslPolicy
compute.googleapis.com/Subnetwork
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnGateway
compute.googleapis.com/VpnTunnel
Google Kubernetes Engine


Note that networking.k8s.io/Ingress is only supported for Google Kubernetes Engine Cluster Version 1.18 or earlier. Note also that asset change history for networking.k8s.io/Ingress might be incomplete and data freshness can be stale.
GA

API reference
container.googleapis.com/Cluster
container.googleapis.com/NodePool

API reference
k8s.io/Node
k8s.io/Pod
k8s.io/Namespace
k8s.io/Service
apps.k8s.io/Deployment
apps.k8s.io/ReplicaSet
rbac.authorization.k8s.io/Role
rbac.authorization.k8s.io/RoleBinding
rbac.authorization.k8s.io/ClusterRole
rbac.authorization.k8s.io/ClusterRoleBinding
networking.k8s.io/NetworkPolicybatch.k8s.io/Job
Beta

API reference
extensions.k8s.io/Ingress
networking.k8s.io/Ingress
Resource Manager

Note that TagKey, TagValue and TagBinding asset change history might be incomplete, data freshness can be stale for 7+ hours.
GA

API reference
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
cloudresourcemanager.googleapis.com/TagKey
cloudresourcemanager.googleapis.com/TagValue
cloudresourcemanager.googleapis.com/TagBinding
Service Usage

Note that Service Usage asset change history might be incomplete, data freshness can be stale for 12+ hours, and the field config in the metadata is not supported yet.
GA

API reference
serviceusage.googleapis.com/Service
Cloud Data Fusion GA

API reference
datafusion.googleapis.com/Instance
Cloud Logging

Note that Cloud Logging asset change history might be incomplete. Data freshness can be stale for 12+ hours.
GA

API reference
logging.googleapis.com/LogBucket
logging.googleapis.com/LogMetric
logging.googleapis.com/LogSink
Network Management API GA

API reference
networkmanagement.googleapis.com/ConnectivityTest
Managed Service for Microsoft Active Directory GA

API reference
managedidentities.googleapis.com/Domain
Game Servers GA

API reference
gameservices.googleapis.com/GameServerCluster
gameservices.googleapis.com/Realm
gameservices.googleapis.com/GameServerConfig
gameservices.googleapis.com/GameServerDeployment
Dataflow

Note that Dataflow asset change history can be incomplete, and data freshness can be stale for 7+ hours.
GA

API reference
dataflow.googleapis.com/Job
Hub GA

API reference
gkehub.googleapis.com/Membership
Secret Manager

Note that the location field in the Secret Manager asset does not reflect the replication policy of the Secret. Instead use the replication field to get that information.
GA

API reference
secretmanager.googleapis.com/Secret
secretmanager.googleapis.com/SecretVersion
Cloud TPU GA

API reference
tpu.googleapis.com/Node
Cloud Composer

Note that Cloud Composer v1beta1 is supported. The resources in v1beta1 are a superset of those in v1.
Beta

API reference
composer.googleapis.com/Environment
Filestore
GA

API reference
file.googleapis.com/Instance
Beta

API reference
file.googleapis.com/Backup
Service Directory GA

API reference
servicedirectory.googleapis.com/Namespace
Assured Workloads GA

API reference
assuredworkloads.googleapis.com/Workload
API Gateway GA

API reference
apigateway.googleapis.com/Api
apigateway.googleapis.com/ApiConfig
apigateway.googleapis.com/Gateway
App Engine Memcache GA

API reference
memcache.googleapis.com/Instance
Document AI GA

API reference
documentai.googleapis.com/HumanReviewConfig
documentai.googleapis.com/LabelerPool
documentai.googleapis.com/Processor
documentai.googleapis.com/ProcessorVersion
Memorystore for Redis GA

API reference
redis.googleapis.com/Instance
Vertex AI

Note that deployedModels field in Model and Endpoint is not populated. Vertex AI asset change history can be incomplete, and data freshness can be stale for 7+ hours. Some Datasets' metadata (e.g. TABLE data type) could be stale due to an ongoing data issue.
GA

API reference
aiplatform.googleapis.com/BatchPredictionJob
aiplatform.googleapis.com/CustomJob
aiplatform.googleapis.com/DataLabelingJob
aiplatform.googleapis.com/Dataset
aiplatform.googleapis.com/Endpoint
aiplatform.googleapis.com/HyperparameterTuningJob
aiplatform.googleapis.com/MetadataStore
aiplatform.googleapis.com/Model
aiplatform.googleapis.com/ModelDeploymentMonitoringJob
aiplatform.googleapis.com/PipelineJob
aiplatform.googleapis.com/SpecialistPool
aiplatform.googleapis.com/TrainingPipeline
Cloud Monitoring GA

API reference
monitoring.googleapis.com/AlertPolicy
Serverless VPC Access GA

API reference
vpcaccess.googleapis.com/Connector
Service Management

Note that Service Management asset change history can be incomplete, data freshness can be stale for 7+ hours.
GA

API reference
servicemanagement.googleapis.com/ManagedService
Dataproc Metastore GA

API reference
metastore.googleapis.com/Service
metastore.googleapis.com/MetadataImport
metastore.googleapis.com/Backup
Cloud Healthcare API

Note that Cloud Healthcare API asset change history can be incomplete, data freshness can be stale for 7+ hours.
GA

API reference
healthcare.googleapis.com/ConsentStore
healthcare.googleapis.com/Dataset
healthcare.googleapis.com/DicomStore
healthcare.googleapis.com/FhirStore
healthcare.googleapis.com/Hl7V2Store
Firestore GA

API reference
firestore.googleapis.com/Database
Firebase GA

API reference
firebase.googleapis.com/FirebaseProject
firebase.googleapis.com/FirebaseAppInfo
Network Connectivity

Note that Network Connectivity Hub.routing_vpcs data freshness can be delayed by several hours.
GA

API reference
networkconnectivity.googleapis.com/Hub
networkconnectivity.googleapis.com/Spoke
Database Migration Service

GA

API reference
datamigration.googleapis.com/MigrationJob
datamigration.googleapis.com/ConnectionProfile
Datastream GA

API reference
datastream.googleapis.com/ConnectionProfile
datastream.googleapis.com/PrivateConnection
datastream.googleapis.com/Stream
Anthos clusters on-prem

Note that Anthos clusters on-prem metadata is from Confluence, which has no public API.
Beta

API reference
anthos.googleapis.com/ConnectedCluster
Organization Policy Service GA

API reference
orgpolicy.googleapis.com/Policy

Supported policy types

The Cloud Asset API supports the following policy types in Google Cloud:

Policy Launch stage/Supported resource
IAM GA

API reference
All supported resource types above

The following IAP resource types:
iap.googleapis.com/Web
iap.googleapis.com/WebType
iap.googleapis.com/WebService
iap.googleapis.com/WebServiceVersion
iap.googleapis.com/Tunnel
iap.googleapis.com/TunnelZone
iap.googleapis.com/TunnelInstance
Organization Policy GA

API reference
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
Access Policy (VPC Service Controls Policy) GA

API reference
cloudresourcemanager.googleapis.com/Organization

Supported runtime information types

The Cloud Asset API supports the following runtime information types in Google Cloud:

Runtime information Launch stage/Supported resource
OS inventory

Provides information on the operating system, installed packages, and available package updates for an instance. Learn more about OS inventory management.
GA

compute.googleapis.com/Instance

Supported relationship types

To use relationship types, you must subscribe to Security Command Center at the Premium tier.

These relationship types are supported in the export, list, search and monitor services. The analysis service does not support relationship types.

Supported asset type Relationship types
compute.googleapis.com/Instance
INSTANCE_TO_INSTANCEGROUP
Represents a relationship from a Compute Engine instance to Compute Engine instance group(s) which provides information about the instance group(s) that an instance is in.

INSTANCE_TO_INSTANCEGROUPMANAGER
Represents a relationship from a Compute Engine instance to Compute Engine instance group manager(s) which provides information about the instance group manager(s) that an instance is managed by.
compute.googleapis.com/InstanceGroup
INSTANCEGROUP_TO_INSTANCEGROUPMANAGER
Represents a relationship from a Compute Engine instance-group to a Compute Engine instance group manager which provides information about the instance group manager that an instance group is managed by.
k8s.io/Namespace
NAMESPACE_TO_CLUSTER
Represents a relationship from a Kubernetes namespace to a Google Kubernetes Engine(GKE) cluster which provides information about the GKE cluster that a Kubernetes namespace is in.
k8s.io/Node
NODE_TO_CLUSTER
Represents a relationship from a Kubernetes node to a GKE cluster which provides information about the GKE cluster that a Kubernetes node is in.

NODE_TO_COMPUTE_INSTANCE
Represents a relationship from a Kubernetes node to a Compute Engine instance which provides information about the compute instance that a Kubernetes node is in.
appengine.googleapis.com/Service
SERVICE_TO_APPLICATION
Represents a relationship from an App Engine service to an App Engine application which provides information about the App Engine application that a service is in.
appengine.googleapis.com/Version
VERSION_TO_APPLICATION
Represents a relationship from an App Engine version to an App Engine application which provides information about the App Engine application that a version is in.

VERSION_TO_SERVICE
Represents a relationship from an App Engine version to an App Engine service which provides information about the App Engine service that a version is in.

Searchable asset types

The following asset types are supported by the Search Assets APIs:

Service Resource/API Reference Searchable Attributes
API Keys apikeys.googleapis.com/Key
App Engine appengine.googleapis.com/Application
defaultHostname
defaultBucket
appengine.googleapis.com/Service
appengine.googleapis.com/Version
versionUrl
Artifact Registry artifactregistry.googleapis.com/Repository
artifactregistry.googleapis.com/DockerImage
BigQuery bigquery.googleapis.com/Dataset
bigquery.googleapis.com/Table
bigquery.googleapis.com/Model
Cloud Bigtable bigtableadmin.googleapis.com/AppProfile
bigtableadmin.googleapis.com/Backup
bigtableadmin.googleapis.com/Cluster
bigtableadmin.googleapis.com/Instance
bigtableadmin.googleapis.com/Table
Cloud Billing cloudbilling.googleapis.com/BillingAccount
cloudbilling.googleapis.com/ProjectBillingInfo
Cloud Composer composer.googleapis.com/Environment
Cloud DNS dns.googleapis.com/ManagedZone dnsName
peeringConfig.targetNetwork.networkUrl
dns.googleapis.com/Policy
Cloud Functions cloudfunctions.googleapis.com/CloudFunction
Cloud Key Management Service cloudkms.googleapis.com/KeyRing
cloudkms.googleapis.com/CryptoKey
cloudkms.googleapis.com/CryptoKeyVersion
cloudkms.googleapis.com/ImportJob
cloudkms.googleapis.com/EkmConnection
Cloud Logging logging.googleapis.com/LogBucket
logging.googleapis.com/LogMetric
logging.googleapis.com/LogSink
Cloud Run run.googleapis.com/DomainMapping
run.googleapis.com/Execution
run.googleapis.com/Job
run.googleapis.com/Revision
run.googleapis.com/Service
Cloud Spanner spanner.googleapis.com/Instance
spanner.googleapis.com/Database
spanner.googleapis.com/Backup
Cloud SQL sqladmin.googleapis.com/BackupRun
sqladmin.googleapis.com/Instance
Dataflow dataflow.googleapis.com/Job
Dataplex dataplex.googleapis.com/Asset
dataplex.googleapis.com/Lake
dataplex.googleapis.com/Task
dataplex.googleapis.com/Zone
Dataproc dataproc.googleapis.com/Cluster
dataproc.googleapis.com/Job
Dialogflow CX dialogflow.googleapis.com/Agent
dialogflow.googleapis.com/LocationSettings
Dialogflow ES dialogflow.googleapis.com/ConversationProfile
dialogflow.googleapis.com/KnowledgeBase
Cloud Data Loss Prevention dlp.googleapis.com/DlpJob
dlp.googleapis.com/DeidentifyTemplate
dlp.googleapis.com/InspectTemplate
dlp.googleapis.com/JobTrigger
dlp.googleapis.com/StoredInfoType
Document AI documentai.googleapis.com/Processor
documentai.googleapis.com/ProcessorVersion
documentai.googleapis.com/HumanReviewConfig
documentai.googleapis.com/LabelerPool
Eventarc eventarc.googleapis.com/Trigger
Hub gkehub.googleapis.com/Membership
Identity and Access Management iam.googleapis.com/Role includedPermissions
iam.googleapis.com/ServiceAccount email
uniqueId
iam.googleapis.com/ServiceAccountKey
Pub/Sub pubsub.googleapis.com/Topic
pubsub.googleapis.com/Subscription
pubsub.googleapis.com/Snapshot
Certificate Authority Service privateca.googleapis.com/CaPool
privateca.googleapis.com/Certificate
privateca.googleapis.com/CertificateAuthority
privateca.googleapis.com/CertificateRevocationList
privateca.googleapis.com/CertificateTemplate
Cloud OS Config

Note that Cloud OS Config asset change history can be incomplete, and data freshness can be stale for 7+ hours.
osconfig.googleapis.com/PatchDeployment
Cloud Storage storage.googleapis.com/Bucket
Compute Engine

Note that Compute Engine types cover zonal, regional, and global resources.
compute.googleapis.com/Autoscaler
compute.googleapis.com/Address
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Commitment
compute.googleapis.com/Disk
compute.googleapis.com/ExternalVpnGateway
compute.googleapis.com/Firewall
compute.googleapis.com/FirewallPolicy
compute.googleapis.com/ForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance externalIPs
internalIPs
networkInterfaceNetworks
networkInterfaceNames
machineType
deletionProtection

The following attributes are from the OS Inventory, which is attached on this Compute Instance to provide information on operating system and packages. Learn more about OS inventory management.

osShortName
osLongName
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network gatewayIPv4
compute.googleapis.com/NetworkEndpointGroup
compute.googleapis.com/NodeGroup
compute.googleapis.com/NodeTemplate
compute.googleapis.com/PacketMirroring
compute.googleapis.com/Project
compute.googleapis.com/Reservation
compute.googleapis.com/ResourcePolicy
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/SecurityPolicy
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/SslPolicy
compute.googleapis.com/Subnetwork gatewayAddress
compute.googleapis.com/ServiceAttachment
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnGateway
compute.googleapis.com/VpnTunnel
Filestore file.googleapis.com/Backup
file.googleapis.com/Instance
Google Kubernetes Engine

Note that networking.k8s.io/Ingress is only supported for Google Kubernetes Engine Cluster Version 1.18 or earlier. Note also that data freshness for networking.k8s.io/Ingress can be stale.
container.googleapis.com/Cluster endpoint
container.googleapis.com/NodePool locations
k8s.io/Pod
k8s.io/Node
k8s.io/Namespace
k8s.io/Service
apps.k8s.io/Deployment
apps.k8s.io/ReplicaSet
batch.k8s.io/Job
rbac.authorization.k8s.io/Role
rbac.authorization.k8s.io/RoleBinding
rbac.authorization.k8s.io/ClusterRole
rbac.authorization.k8s.io/ClusterRoleBinding
extensions.k8s.io/Ingress
networking.k8s.io/Ingress
networking.k8s.io/NetworkPolicy
Managed Service for Microsoft Active Directory managedidentities.googleapis.com/Domain
Resource Manager

Note that TagKey and TagValue data freshness can be stale for 7+ hours.
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project projectId
cloudresourcemanager.googleapis.com/TagKey
cloudresourcemanager.googleapis.com/TagValue
Secret Manager

Note that the location field in the Secret Manager asset does not reflect the replication policy of the Secret.
secretmanager.googleapis.com/Secret
secretmanager.googleapis.com/SecretVersion
Service Usage

Note that Service Usage data freshness can be stale for 12+ hours.
serviceusage.googleapis.com/Service
Cloud TPU tpu.googleapis.com/Node
Cloud Data Fusion datafusion.googleapis.com/Instance
Memorystore for Redis redis.googleapis.com/Instance
API Gateway apigateway.googleapis.com/Api
apigateway.googleapis.com/ApiConfig
apigateway.googleapis.com/Gateway
Vertex AI aiplatform.googleapis.com/BatchPredictionJob
aiplatform.googleapis.com/CustomJob
aiplatform.googleapis.com/DataLabelingJob
aiplatform.googleapis.com/Dataset
aiplatform.googleapis.com/Endpoint
aiplatform.googleapis.com/HyperparameterTuningJob
aiplatform.googleapis.com/MetadataStore
aiplatform.googleapis.com/Model
aiplatform.googleapis.com/ModelDeploymentMonitoringJob
aiplatform.googleapis.com/PipelineJob
aiplatform.googleapis.com/SpecialistPool
aiplatform.googleapis.com/TrainingPipeline
Assured Workloads assuredworkloads.googleapis.com/Workload
App Engine Memcache memcache.googleapis.com/Instance
Service Management servicemanagement.googleapis.com/ManagedService
Cloud Monitoring monitoring.googleapis.com/AlertPolicy
Game Servers gameservices.googleapis.com/GameServerCluster
gameservices.googleapis.com/Realm
gameservices.googleapis.com/GameServerConfig
gameservices.googleapis.com/GameServerDeployment
Dataproc Metastore metastore.googleapis.com/Service
metastore.googleapis.com/MetadataImport
metastore.googleapis.com/Backup
Access Policy (Access Context Manager) identity.accesscontextmanager.googleapis.com/AccessPolicy
identity.accesscontextmanager.googleapis.com/AccessLevel
identity.accesscontextmanager.googleapis.com/ServicePerimeter
Cloud Healthcare API

Note that Cloud Healthcare API asset change history can be incomplete, data freshness can be stale for 7+ hours.
healthcare.googleapis.com/ConsentStore
healthcare.googleapis.com/Dataset
healthcare.googleapis.com/DicomStore
healthcare.googleapis.com/FhirStore
healthcare.googleapis.com/Hl7V2Store
Network Management API networkmanagement.googleapis.com/ConnectivityTest
Database Migration Service datamigration.googleapis.com/MigrationJob
datamigration.googleapis.com/ConnectionProfile
Datastream datastream.googleapis.com/ConnectionProfile
datastream.googleapis.com/PrivateConnection
datastream.googleapis.com/Stream
Anthos clusters on-prem anthos.googleapis.com/ConnectedCluster
Organization Policy Service v2 orgpolicy.googleapis.com/Policy
Firestore firestore.googleapis.com/Database
Firebase firebase.googleapis.com/FirebaseProject
firebase.googleapis.com/FirebaseAppInfo
Serverless VPC Access vpcaccess.googleapis.com/Connector
Network Connectivity networkconnectivity.googleapis.com/Spoke
networkconnectivity.googleapis.com/Hub

Analyzable asset types

The following asset types are supported by the Asset Analysis APIs:

Service Resource/API Reference
API keys apikeys.googleapis.com/Key
App Engine appengine.googleapis.com/Application
appengine.googleapis.com/Service
appengine.googleapis.com/Version
BigQuery bigquery.googleapis.com/Dataset
bigquery.googleapis.com/Table
bigquery.googleapis.com/Model
Cloud Bigtable bigtableadmin.googleapis.com/AppProfile
bigtableadmin.googleapis.com/Backup
bigtableadmin.googleapis.com/Cluster
bigtableadmin.googleapis.com/Instance
bigtableadmin.googleapis.com/Table
Cloud Billing cloudbilling.googleapis.com/BillingAccount
Cloud Composer composer.googleapis.com/Environment
Cloud DNS dns.googleapis.com/ManagedZone
dns.googleapis.com/Policy
Cloud Functions cloudfunctions.googleapis.com/CloudFunction
Cloud Key Management Service cloudkms.googleapis.com/KeyRing
cloudkms.googleapis.com/CryptoKey
cloudkms.googleapis.com/CryptoKeyVersion
cloudkms.googleapis.com/ImportJob
cloudkms.googleapis.com/EkmConnection
Cloud Logging logging.googleapis.com/LogBucket
logging.googleapis.com/LogMetric
logging.googleapis.com/LogSink
Cloud OS Config osconfig.googleapis.com/PatchDeployment
osconfig.googleapis.com/OSPolicyAssignment
osconfig.googleapis.com/OSPolicyAssignmentReport
Cloud Run run.googleapis.com/Revision
run.googleapis.com/Service
run.googleapis.com/Job
run.googleapis.com/Execution
Game Servers gameservices.googleapis.com/GameServerCluster
gameservices.googleapis.com/Realm
gameservices.googleapis.com/GameServerConfig
gameservices.googleapis.com/GameServerDeployment
Cloud Spanner spanner.googleapis.com/Instance
spanner.googleapis.com/Database
spanner.googleapis.com/Backup
Cloud SQL sqladmin.googleapis.com/Instance
sqladmin.googleapis.com/BackupRun
Dataflow dataflow.googleapis.com/Job
Dataproc dataproc.googleapis.com/Cluster
dataproc.googleapis.com/Job
Document AI documentai.googleapis.com/HumanReviewConfig
documentai.googleapis.com/Processor
documentai.googleapis.com/ProcessorVersion
documentai.googleapis.com/LabelerPool
Eventarc eventarc.googleapis.com/Trigger
Identity and Access Management iam.googleapis.com/Role
iam.googleapis.com/ServiceAccount
iam.googleapis.com/ServiceAccountKey
Pub/Sub pubsub.googleapis.com/Topic
pubsub.googleapis.com/Subscription
pubsub.googleapis.com/Snapshot
Cloud Storage storage.googleapis.com/Bucket
Compute Engine compute.googleapis.com/Address
compute.googleapis.com/Autoscaler
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Commitment
compute.googleapis.com/Disk
compute.googleapis.com/ExternalVpnGateway
compute.googleapis.com/Firewall
compute.googleapis.com/ForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network
compute.googleapis.com/NetworkEndpointGroup
compute.googleapis.com/NodeGroup
compute.googleapis.com/NodeTemplate
compute.googleapis.com/PacketMirroring
compute.googleapis.com/Project
compute.googleapis.com/Reservation
compute.googleapis.com/ResourcePolicy
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/SecurityPolicy
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/SslPolicy
compute.googleapis.com/Subnetwork
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnGateway
compute.googleapis.com/VpnTunnel
Google Kubernetes Engine apps.k8s.io/Deployment
apps.k8s.io/ReplicaSet
batch.k8s.io/Job
container.googleapis.com/Cluster
container.googleapis.com/NodePool
k8s.io/Pod
k8s.io/Node
k8s.io/Namespace
k8s.io/Service
networking.k8s.io/NetworkPolicy
rbac.authorization.k8s.io/Role
rbac.authorization.k8s.io/RoleBinding
rbac.authorization.k8s.io/ClusterRole
rbac.authorization.k8s.io/ClusterRoleBinding
Resource Manager cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
cloudresourcemanager.googleapis.com/TagKey
cloudresourcemanager.googleapis.com/TagValue
Service Usage

Note that Service Usage data freshness can be stale for 12+ hours.
serviceusage.googleapis.com/Service
Service Management servicemanagement.googleapis.com/ManagedService
Cloud TPU tpu.googleapis.com/Node
Cloud Data Fusion datafusion.googleapis.com/Instance
Memorystore for Redis redis.googleapis.com/Instance
Managed Service for Microsoft Active Directory managedidentities.googleapis.com/Domain
API Gateway apigateway.googleapis.com/Api
apigateway.googleapis.com/ApiConfig
apigateway.googleapis.com/Gateway
Hub gkehub.googleapis.com/Membership
Secret Manager secretmanager.googleapis.com/Secret
secretmanager.googleapis.com/SecretVersion
App Engine Memcache memcache.googleapis.com/Instance
Filestore file.googleapis.com/Backup
file.googleapis.com/Instance
Vertex AI aiplatform.googleapis.com/BatchPredictionJob
aiplatform.googleapis.com/CustomJob
aiplatform.googleapis.com/DataLabelingJob
aiplatform.googleapis.com/Dataset
aiplatform.googleapis.com/Endpoint
aiplatform.googleapis.com/HyperparameterTuningJob
aiplatform.googleapis.com/MetadataStore
aiplatform.googleapis.com/Model
aiplatform.googleapis.com/ModelDeploymentMonitoringJob
aiplatform.googleapis.com/PipelineJob
aiplatform.googleapis.com/SpecialistPool
aiplatform.googleapis.com/TrainingPipeline
Artifact Registry artifactregistry.googleapis.com/Repository
artifactregistry.googleapis.com/DockerImage
Assured Workloads assuredworkloads.googleapis.com/Workload
Dialogflow CX dialogflow.googleapis.com/Agent
dialogflow.googleapis.com/LocationSettings
Dialogflow ES dialogflow.googleapis.com/ConversationProfile
dialogflow.googleapis.com/KnowledgeBase
Dataplex dataplex.googleapis.com/Asset
dataplex.googleapis.com/Lake
dataplex.googleapis.com/Task
dataplex.googleapis.com/Zone
Certificate Authority Service privateca.googleapis.com/CaPool
privateca.googleapis.com/CertificateAuthority
privateca.googleapis.com/CertificateRevocationList
privateca.googleapis.com/CertificateTemplate
privateca.googleapis.com/Certificate
Cloud Data Loss Prevention dlp.googleapis.com/DlpJob
dlp.googleapis.com/DeidentifyTemplate
dlp.googleapis.com/InspectTemplate
dlp.googleapis.com/JobTrigger
dlp.googleapis.com/StoredInfoType
Database Migration Service datamigration.googleapis.com/MigrationJob
datamigration.googleapis.com/ConnectionProfile
Datastream datastream.googleapis.com/ConnectionProfile
datastream.googleapis.com/PrivateConnection
datastream.googleapis.com/Stream
Access Policy (Access Context Manager) identity.accesscontextmanager.googleapis.com/AccessPolicy
identity.accesscontextmanager.googleapis.com/AccessLevel
identity.accesscontextmanager.googleapis.com/ServicePerimeter