Resource types that accept allow policies

This page lists the resource types on which you can set allow policies.

Select a service to see which of its resource types support allow policies:

Service Resources that accept allow policies
Identity-Aware Proxy   All web services
Individual web services
Tunnel
Tunnel instances
Tunnel zones
Web service types
Web service versions
Access Context Manager   Access policies
Analytics Hub   Data exchanges
Listings
API Gateway   APIs
Configs
Gateways
Apigee   Environments
Apigee Registry   APIs
Artifacts
Deployments
Instances
Runtime
Specs
Versions
Artifact Registry   Repositories
AutoML   Datasets
Locations
Models
BeyondCorp Enterprise   App connections
App connectors
App gateways
Client connector services
Client gateways
BigQuery   Row access policies
Tables
BigQuery Connection API   Connections
Cloud Bigtable   Backups
Instances
Tables
Binary Authorization   Attestors
Policy
Cloud Billing   Billing accounts
Google Cloud Deploy   Delivery pipelines
Targets
Cloud Functions   Functions
Cloud Key Management Service   Crypto keys
EKM config
EKM connections
Import jobs
Key rings
Resource Manager   Folders
Organizations
Projects
Tag keys
Tag values
Cloud Tasks   Queues
Compute Engine   Backend services
Disks
Firewall policies
Images
Instance templates
Instances
Licenses
Machine images
Network attachments
Network firewall policies
Node groups
Node templates
Region backend services
Region disks
Region network firewall policies
Reservations
Resource policies
Service attachments
Snapshots
Subnetworks
Container Analysis   Notes
Occurrences
Data Catalog   Entry groups
Policy tags
Tag templates
Taxonomies
Dataform   Repositories
Workspaces
Cloud Data Fusion   Instances
Database Migration Service   Connection profiles
Conversion workspaces
Migration jobs
Private connections
Dataplex   Aspect types
Assets
Attributes
Content
Content items
Data attribute bindings
Data scans
Data taxonomies
Entry groups
Entry types
Environments
Lakes
Tasks
Zones
Dataproc   Autoscaling policies
Clusters
Jobs
Operations
Workflow templates
Cloud Deployment Manager   Deployments
Cloud DNS   Managed zones
Cloud Domains   Registrations
Eventarc   Channel connections
Channels
Triggers
Game Servers   Game server deployments
Backup for GKE   Backup plans
Backups
Restore plans
Restores
Volume backups
Volume restores
GKE Hub   Features
Memberships
Scopes
Anthos clusters on VMware (GKE on-prem)   Bare metal admin clusters
Bare metal clusters
Bare metal node pools
VMware admin clusters
VMware clusters
VMware node pools
Cloud Healthcare API   Consent stores
Datasets
DICOM stores
FHIR stores
HL7v2 stores
Identity and Access Management   Service accounts
Workforce identity pools
Cloud Intrusion Detection System   Endpoints
Managed Service for Microsoft Active Directory   Backups
Domains
Peerings
Dataproc Metastore   Backups
Federations
Services
AI Platform   Jobs
Models
Network Connectivity Center   Hubs
Policy-based routes
Service classes
Service connection maps
Service connection policies
Spokes
Network Management API   Connectivity tests
Network Security   Address groups
Authorization policies
Client TLS policies
Server TLS policies
Network Services   Edge cache keysets
Edge cache origins
Edge cache services
Endpoint policies
Gateways
Meshes
Service bindings
Notebooks   Instances
Runtimes
Certificate Authority Service   CA pools
Certificate revocation lists
Certificate templates
Pub/Sub   Schemas
Snapshots
Subscriptions
Topics
Cloud Run   Jobs
Services
Secret Manager   Secrets
Security Command Center   Sources
Service Directory   Namespaces
Services
Service Management   Consumers
Services
Cloud Source Repositories   Repos
Cloud Spanner   Backups
Databases
Instances
Cloud Storage   Buckets
Cloud Workstations   Workstation configs
Workstations