This page lists the resource types on which you can set allow policies.
Select a service to see which of its resource types support allow policies:
- All services
- BigQuery
- Identity-Aware Proxy
- Access Context Manager
- Vertex AI
- Analytics Hub
- API Gateway
- Apigee
- Apigee Registry
- App Hub
- Artifact Registry
- AutoML
- Backup and Disaster Recovery
- Chrome Enterprise Premium
- BigQuery Connection API
- BigQuery Data Policy
- Cloud Bigtable Admin API
- Binary Authorization
- Cloud Billing
- Cloud Build
- Cloud Deploy
- Cloud Run functions
- Cloud Key Management Service
- Resource Manager
- Cloud Tasks
- Compute Engine
- Cloud Config Manager API
- Artifact Analysis
- Data Catalog
- Dataform
- Cloud Data Fusion
- Database Migration Service
- Dataplex
- Dataproc
- Cloud Deployment Manager
- Cloud DNS
- Cloud Domains
- Eventarc
- Backup for GKE
- GKE Hub
- Google Distributed Cloud
- Cloud Healthcare API
- Identity and Access Management
- Cloud Intrusion Detection System
- Cloud Logging
- Looker
- Managed Service for Microsoft Active Directory
- Dataproc Metastore
- AI Platform
- Network Connectivity Center
- Network Management API
- Network Security
- Network Services
- Notebooks
- Certificate Authority Service
- Pub/Sub
- Cloud Run
- Secret Manager
- Security Command Center
- Service Directory
- Service Management
- Spanner
- Cloud Storage
- Google Cloud VMware Engine
- Cloud Workstations
Service | Resources that accept allow policies |
---|---|
Access Context Manager | Access policies |
AI Platform |
Jobs Models |
Analytics Hub |
Data exchanges Listings Subscriptions |
API Gateway |
APIs Configs Gateways |
Apigee |
Deployments Environments |
Apigee Registry |
APIs Artifacts Deployments Documents Instances Runtime Specs Versions |
App Hub | Applications |
Artifact Analysis |
Notes Occurrences |
Artifact Registry | Repositories |
AutoML |
Datasets Locations Models |
Backup and Disaster Recovery | Management servers |
Backup for GKE |
Backup plans Backups Restore plans Restores Volume backups Volume restores |
BigQuery |
Datasets Routines Tables |
BigQuery Connection API | Connections |
BigQuery Data Policy | Data policies |
Binary Authorization |
Attestors Policy |
Certificate Authority Service |
CA pools Certificate revocation lists Certificate templates |
Chrome Enterprise Premium |
App connections App connectors App gateways Applications Browser DLP rules Client connector services Client gateways Partner tenants Proxy configs Security gateways |
Cloud Bigtable Admin API |
Authorized views Backups Instances Tables |
Cloud Billing | Billing accounts |
Cloud Build | Connections |
Cloud Config Manager API | Deployments |
Cloud Data Fusion | Instances |
Cloud Deploy |
Custom target types Delivery pipelines Deploy policies Targets |
Cloud Deployment Manager | Deployments |
Cloud DNS | Managed zones |
Cloud Domains | Registrations |
Cloud Healthcare API |
Consent stores Data mapper workspaces Datasets DICOM stores FHIR stores HL7v2 stores |
Cloud Intrusion Detection System | Endpoints |
Cloud Key Management Service |
Crypto keys EKM config EKM connections Import jobs Key rings |
Cloud Logging | Views |
Cloud Run |
Jobs Services |
Cloud Run functions | Functions |
Cloud Storage |
Buckets Managed folders |
Cloud Tasks | Queues |
Cloud Workstations |
Workstation configs Workstations |
Compute Engine |
Backend buckets Backend services Disks Firewall policies Images Instance templates Instances Instant snapshots Licenses Machine images Network attachments Network firewall policies Node groups Node templates Region backend services Region disks Region instant snapshots Region network firewall policies Reservations Resource policies Service attachments Snapshots Storage pools Subnetworks |
Data Catalog |
Entry groups Policy tags Tag templates Taxonomies |
Database Migration Service |
Connection profiles Conversion workspaces Migration jobs Objects Private connections |
Dataform |
Repositories Workspaces |
Dataplex |
Aspect types Assets Attributes Categories Content Content items Data attribute bindings Data scans Data taxonomies Encryption configs Entry groups Entry link types Entry types Environments Glossaries Governance rules Lakes Tasks Terms Zones |
Dataproc |
Autoscaling policies Clusters Jobs Operations Workflow templates |
Dataproc Metastore |
Backups Databases Federations Services Tables |
Eventarc |
Channel connections Channels Enrollments Google API sources Kafka sources Message buses Pipelines Triggers |
GKE Hub |
Features Memberships Scopes |
Google Cloud VMware Engine |
Clusters HCX activation keys Private clouds |
Google Distributed Cloud |
Bare metal admin clusters Bare metal clusters Bare metal node pools VMware admin clusters VMware clusters VMware node pools |
Identity and Access Management |
Service accounts Workforce identity pools |
Identity-Aware Proxy |
All web services Individual web services Tunnel Tunnel instances Tunnel zones Web service types Web service versions |
Looker |
Backups Instances |
Managed Service for Microsoft Active Directory |
Backups Domains Peerings |
Network Connectivity Center |
Groups Hubs Policy-based routes Service classes Service connection maps Service connection policies Spokes |
Network Management API | Connectivity tests |
Network Security |
Address groups Authorization policies Authz policies Client TLS policies Server TLS policies |
Network Services |
Edge cache keysets Edge cache origins Edge cache services |
Notebooks |
Instances Runtimes |
Pub/Sub |
Schemas Snapshots Subscriptions Topics |
Resource Manager |
Folders Organizations Projects Tag keys Tag values |
Secret Manager | Secrets |
Security Command Center | Sources |
Service Directory |
Namespaces Services |
Service Management |
Consumers Services |
Spanner |
Backup schedules Backups Databases Instances |
Vertex AI |
Entity types Feature online stores Feature views Featurestores Models Notebook runtime templates |