This topic lists the supported asset types in Cloud Asset Inventory. Please see the overview topic for all Cloud Asset API services.
For types supported by the export and monitor services, see supported resource types and supported policy types.
For types supported by the search service, see searchable asset types.
For types supported by the analysis service, see analyzable asset types.
Supported resource types
Cloud Asset Inventory supports and returns the following resource types. You can use this list to identify which types the service supports, but be sure to use the full resource name format when working with Cloud Asset Inventory. Learn more about Cloud API resource naming.
| Service | Launch stage/Resource |
|---|---|
| App EngineNote: location field may not be populated for App Engine assets. | GAAPI reference • appengine.googleapis.com/Application• appengine.googleapis.com/Service• appengine.googleapis.com/Version |
| Artifact Registry | GAAPI reference
• artifactregistry.googleapis.com/DockerImage• artifactregistry.googleapis.com/Repository
|
| BigQuery | GAAPI reference• bigquery.googleapis.com/Dataset• bigquery.googleapis.com/Table• bigquery.googleapis.com/Model |
| Cloud Bigtable | GAAPI reference• bigtableadmin.googleapis.com/AppProfile• bigtableadmin.googleapis.com/Backup• bigtableadmin.googleapis.com/Cluster• bigtableadmin.googleapis.com/Instance• bigtableadmin.googleapis.com/Table |
| Cloud Billing | GAAPI reference• cloudbilling.googleapis.com/BillingAccount |
| Certificate Authority ServiceNote: IAM policies may be missing for privateca.googleapis.com/CertificateRevocationList. | GAAPI reference• privateca.googleapis.com/CaPool• privateca.googleapis.com/CertificateAuthority• privateca.googleapis.com/CertificateRevocationList• privateca.googleapis.com/CertificateTemplate |
| Cloud Functions | GAAPI reference• cloudfunctions.googleapis.com/CloudFunction |
| Cloud Run | GAAPI reference• run.googleapis.com/DomainMapping• run.googleapis.com/Revision• run.googleapis.com/Service |
| Container RegistryNote: Container Registry implements the Docker HTTP API V2 and does not provide a public API. | GA
• containerregistry.googleapis.com/Image
|
| Dataproc | GA API reference• dataproc.googleapis.com/Cluster• dataproc.googleapis.com/Job |
| Dialogflow | GAAPI reference
• dialogflow.googleapis.com/Agent• dialogflow.googleapis.com/LocationSettings
|
| Cloud Data Loss Prevention | GAAPI reference
• dlp.googleapis.com/StoredInfoType
• dlp.googleapis.com/DeidentifyTemplate
• dlp.googleapis.com/DlpJob
• dlp.googleapis.com/InspectTemplate
• dlp.googleapis.com/JobTrigger
|
| Cloud DNS | GAAPI reference• dns.googleapis.com/ManagedZone• dns.googleapis.com/Policy |
| Eventarc | GAAPI reference• eventarc.googleapis.com/Trigger |
| Identity and Access Management | GAAPI reference• iam.googleapis.com/Role• iam.googleapis.com/ServiceAccount• iam.googleapis.com/ServiceAccountKey |
| Cloud Key Management Service | GAAPI reference• cloudkms.googleapis.com/KeyRing • cloudkms.googleapis.com/CryptoKey• cloudkms.googleapis.com/CryptoKeyVersion• cloudkms.googleapis.com/ImportJob |
| Pub/Sub | GA API reference• pubsub.googleapis.com/Topic• pubsub.googleapis.com/Subscription• pubsub.googleapis.com/Snapshot |
| Cloud Spanner | GAAPI reference• spanner.googleapis.com/Instance• spanner.googleapis.com/Database• spanner.googleapis.com/Backup |
| Cloud SQL Note that Cloud SQL asset change history can be incomplete, and data freshness can be stale for 2+ hours. | GAAPI reference• sqladmin.googleapis.com/Instance• sqladmin.googleapis.com/BackupRun |
| Cloud Storage | GAAPI reference• storage.googleapis.com/Bucket |
| Cloud OS Config Note that Cloud OS Config asset change history can be incomplete, and data freshness can be stale for 7+ hours. | GAAPI reference• osconfig.googleapis.com/PatchDeployment• osconfig.googleapis.com/VulnerabilityReport |
| Compute Engine | GAAPI reference • compute.googleapis.com/Autoscaler• compute.googleapis.com/Address• compute.googleapis.com/GlobalAddress• compute.googleapis.com/BackendBucket• compute.googleapis.com/BackendService• compute.googleapis.com/Commitment• compute.googleapis.com/Disk• compute.googleapis.com/ExternalVpnGateway• compute.googleapis.com/Firewall• compute.googleapis.com/ForwardingRule• compute.googleapis.com/GlobalForwardingRule• compute.googleapis.com/HealthCheck• compute.googleapis.com/HttpHealthCheck• compute.googleapis.com/HttpsHealthCheck• compute.googleapis.com/Image• compute.googleapis.com/Instance• compute.googleapis.com/InstanceGroup• compute.googleapis.com/InstanceGroupManager• compute.googleapis.com/InstanceTemplate• compute.googleapis.com/Interconnect• compute.googleapis.com/InterconnectAttachment• compute.googleapis.com/License• compute.googleapis.com/Network• compute.googleapis.com/NetworkEndpointGroup• compute.googleapis.com/NodeGroup• compute.googleapis.com/NodeTemplate• compute.googleapis.com/PacketMirroring• compute.googleapis.com/Project• compute.googleapis.com/RegionBackendService• compute.googleapis.com/RegionDisk• compute.googleapis.com/Reservation• compute.googleapis.com/ResourcePolicy• compute.googleapis.com/Route• compute.googleapis.com/Router• compute.googleapis.com/SecurityPolicy• compute.googleapis.com/Snapshot• compute.googleapis.com/SslCertificate• compute.googleapis.com/SslPolicy• compute.googleapis.com/Subnetwork• compute.googleapis.com/TargetHttpProxy• compute.googleapis.com/TargetHttpsProxy• compute.googleapis.com/TargetInstance• compute.googleapis.com/TargetPool• compute.googleapis.com/TargetTcpProxy• compute.googleapis.com/TargetSslProxy• compute.googleapis.com/TargetVpnGateway• compute.googleapis.com/UrlMap• compute.googleapis.com/VpnGateway• compute.googleapis.com/VpnTunnel |
|
Google Kubernetes Engine Note that `networking.k8s.io/Ingress` is only supported for Google Kubernetes Engine Cluster Version 1.18 or earlier. Note also that asset change history for `networking.k8s.io/Ingress` might be incomplete and data freshness can be stale. |
GAAPI reference• container.googleapis.com/Cluster• container.googleapis.com/NodePoolAPI reference• k8s.io/Node• k8s.io/Pod• k8s.io/Namespace• k8s.io/Service• rbac.authorization.k8s.io/Role• rbac.authorization.k8s.io/RoleBinding• rbac.authorization.k8s.io/ClusterRole• rbac.authorization.k8s.io/ClusterRoleBinding• networking.k8s.io/NetworkPolicy |
BetaAPI reference• extensions.k8s.io/Ingress• networking.k8s.io/Ingress |
|
| Resource ManagerNote that TagKey and TagValue asset change history might be incomplete, data freshness can be stale for 7+ hours. | GAAPI reference• cloudresourcemanager.googleapis.com/Organization• cloudresourcemanager.googleapis.com/Folder• cloudresourcemanager.googleapis.com/Project• cloudresourcemanager.googleapis.com/TagKey• cloudresourcemanager.googleapis.com/TagValue |
| Service UsageNote that Service Usage asset change history might be incomplete, data freshness can be stale for 12+ hours, and the field config in the metadata is not supported yet. | GAAPI reference• serviceusage.googleapis.com/Service |
| Cloud Data Fusion | GAAPI reference• datafusion.googleapis.com/Instance |
| Cloud LoggingNote that Cloud Logging asset change history might be incomplete. Data freshness can be stale for 12+ hours. | GAAPI reference• logging.googleapis.com/LogBucket• logging.googleapis.com/LogMetric• logging.googleapis.com/LogSink |
| Network Management API | GA API reference • networkmanagement.googleapis.com/ConnectivityTest |
| Managed Service for Microsoft Active Directory | GA API reference • managedidentities.googleapis.com/Domain |
| Game Servers | GA API reference • gameservices.googleapis.com/GameServerCluster• gameservices.googleapis.com/Realm• gameservices.googleapis.com/GameServerConfig• gameservices.googleapis.com/GameServerDeployment |
| Dataflow Note that Dataflow asset change history can be incomplete, and data freshness can be stale for 7+ hours. | GA API reference • dataflow.googleapis.com/Job |
| Hub | GA API reference • gkehub.googleapis.com/Membership |
| Secret Manager Note that the location field in the Secret Manager asset does not reflect the replication policy of the Secret. Instead use the replication field to get that information. | GA API reference • secretmanager.googleapis.com/Secret• secretmanager.googleapis.com/SecretVersion |
| Cloud TPU | GA API reference • tpu.googleapis.com/Node |
| Cloud Composer Note that Cloud Composer v1beta1 is supported. The resources in v1beta1 are a superset of those in v1. | Beta API reference • composer.googleapis.com/Environment |
| Filestore |
GAAPI reference• file.googleapis.com/Instance |
BetaAPI reference• file.googleapis.com/Backup |
|
| Service Directory | GA API reference • servicedirectory.googleapis.com/Namespace |
| Assured Workloads | GA API reference • assuredworkloads.googleapis.com/Workload |
| API Gateway | GA API reference • apigateway.googleapis.com/Api• apigateway.googleapis.com/ApiConfig• apigateway.googleapis.com/Gateway |
| App Engine Memcache | GA API reference • memcache.googleapis.com/Instance |
| Document AI | GAAPI reference• documentai.googleapis.com/HumanReviewConfig• documentai.googleapis.com/LabelerPool• documentai.googleapis.com/Processor• documentai.googleapis.com/ProcessorVersion |
| Memorystore for Redis | GA API reference • redis.googleapis.com/Instance |
Vertex AI Note that `deployedModels` field in Model and Endpoint is not populated. Vertex AI asset change history can be incomplete, and data freshness can be stale for 7+ hours. Some Datasets' metadata (e.g. TABLE data type) could be stale due to an ongoing data issue. |
GA API reference • aiplatform.googleapis.com/BatchPredictionJob• aiplatform.googleapis.com/CustomJob• aiplatform.googleapis.com/DataLabelingJob• aiplatform.googleapis.com/Dataset• aiplatform.googleapis.com/Endpoint• aiplatform.googleapis.com/HyperparameterTuningJob• aiplatform.googleapis.com/MetadataStore• aiplatform.googleapis.com/Model• aiplatform.googleapis.com/ModelDeploymentMonitoringJob• aiplatform.googleapis.com/PipelineJob• aiplatform.googleapis.com/SpecialistPool• aiplatform.googleapis.com/TrainingPipeline |
| Cloud Monitoring | GA API reference • monitoring.googleapis.com/AlertPolicy |
| Serverless VPC Access | GA API reference • vpcaccess.googleapis.com/Connector |
| Service Management Note that Service Management asset change history can be incomplete, data freshness can be stale for 7+ hours. | GA API reference • servicemanagement.googleapis.com/ManagedService |
| Dataproc Metastore | GA API reference • metastore.googleapis.com/Service• metastore.googleapis.com/MetadataImport• metastore.googleapis.com/Backup |
Supported policy types
The Cloud Asset API supports the following policy types in Google Cloud:
| Policy | Launch stage/Supported resource |
|---|---|
| IAM | GAAPI reference • All supported resource types aboveThe following IAP resource types:• iap.googleapis.com/Web• iap.googleapis.com/WebTypes• iap.googleapis.com/WebServices• iap.googleapis.com/WebServiceVersions• iap.googleapis.com/Tunnel• iap.googleapis.com/TunnelZones• iap.googleapis.com/TunnelInstance |
| Organization Policy | GAAPI reference• cloudresourcemanager.googleapis.com/Organization• cloudresourcemanager.googleapis.com/Folder• cloudresourcemanager.googleapis.com/Project |
| Access Policy (VPC Service Controls Policy) | GAAPI reference• cloudresourcemanager.googleapis.com/Organization |
Supported runtime information types
The Cloud Asset API supports the following runtime information types in Google Cloud:
| Runtime information | Launch stage/Supported resource |
|---|---|
| OS inventoryProvides information on the operating system, installed packages, and available package updates for an instance. Learn more about OS inventory management. | GA• compute.googleapis.com/Instance |
Supported relationship types
The Cloud Asset API supports the following relationship types in Google Cloud:
| Relationships | Launch stage/Supported resource |
|---|---|
| INSTANCE_TO_INSTANCEGROUP Provides information about the instance groups that an instance is in. Learn more about instance groups. | Beta• compute.googleapis.com/Instance |
Searchable asset types
The following asset types are supported by the Search Assets APIs:
Analyzable asset types
The following asset types are supported by the Asset Analysis APIs: