This page lists the resource types on which you can set allow policies.
Select a service to see which of its resource types support allow policies:
Service | Resources that accept allow policies |
---|---|
Identity-Aware Proxy |
All web services Individual web services Tunnel Tunnel instances Tunnel zones Web service types Web service versions |
Access Context Manager | Access policies |
Analytics Hub |
Data exchanges Listings |
API Gateway |
APIs Configs Gateways |
Apigee | Environments |
Apigee Registry |
APIs Artifacts Deployments Instances Runtime Specs Versions |
Artifact Registry | Repositories |
AutoML |
Datasets Locations Models |
BeyondCorp Enterprise |
App connections App connectors App gateways Client connector services Client gateways |
BigQuery |
Row access policies Tables |
BigQuery Connection API | Connections |
Cloud Bigtable |
Backups Instances Tables |
Binary Authorization |
Attestors Policy |
Cloud Billing | Billing accounts |
Google Cloud Deploy |
Delivery pipelines Targets |
Cloud Functions | Functions |
Cloud IoT |
Groups Registries |
Cloud Key Management Service |
Crypto keys EKM connections Import jobs Key rings |
Resource Manager |
Folders Organizations Projects Tag keys Tag values |
Cloud Tasks | Queues |
Compute Engine |
Disks Firewall policies Images Instance templates Instances Licenses Machine images Network firewall policies Node groups Node templates Region disks Region network firewall policies Reservations Resource policies Service attachments Snapshots Subnetworks |
Container Analysis |
Notes Occurrences |
Data Catalog |
Entry groups Policy tags Tag templates Taxonomies |
Cloud Data Fusion | Instances |
Database Migration Service |
Connection profiles Migration jobs |
Dataplex |
Assets Content Content items Environments Lakes Tasks Zones |
Dataproc |
Autoscaling policies Clusters Jobs Operations Workflow templates |
Cloud Deployment Manager | Deployments |
Cloud DNS | Managed zones |
Cloud Domains | Registrations |
Eventarc |
Channel connections Channels Triggers |
Game Servers | Game server deployments |
Backup for GKE |
Backup plans Backups Restore plans Restores Volume backups Volume restores |
GKE Hub |
Features Memberships |
Cloud Healthcare API |
Consent stores Datasets DICOM stores FHIR stores HL7v2 stores |
Identity and Access Management | Service accounts |
Cloud Intrusion Detection System | Endpoints |
Managed Service for Microsoft Active Directory |
Backups Domains Peerings |
Dataproc Metastore |
Backups Databases Federations Services Tables |
AI Platform |
Jobs Models |
Network Connectivity Center |
Hubs Policy-based routes Spokes |
Network Management API | Connectivity tests |
Network Security |
Authorization policies Client TLS policies Server TLS policies |
Network Services |
Edge cache keysets Edge cache origins Edge cache services Endpoint policies Gateways Meshes Service bindings |
Notebooks |
Instances Runtimes |
Certificate Authority Service |
CA pools Certificate revocation lists Certificate templates |
Pub/Sub |
Schemas Snapshots Subscriptions Topics |
Cloud Run |
Jobs Services |
Secret Manager | Secrets |
Security Command Center | Sources |
Service Directory |
Namespaces Services |
Service Management |
Consumers Services |
Cloud Source Repositories | Repos |
Cloud Spanner |
Backups Databases Instances |
Cloud Storage | Buckets |