This page lists the resource types on which you can set allow policies.
Select a service to see which of its resource types support allow policies:
| Service | Resources that accept allow policies |
|---|---|
| Identity-Aware Proxy |
All web services Individual web services Tunnel Tunnel instances Tunnel zones Web service types Web service versions |
| Access Context Manager | Access policies |
| Analytics Hub |
Data exchanges Listings |
| API Gateway |
APIs Configs Gateways |
| Apigee | Environments |
| Apigee Registry |
APIs Artifacts Deployments Instances Runtime Specs Versions |
| Artifact Registry | Repositories |
| AutoML |
Datasets Locations Models |
| BeyondCorp Enterprise |
App connections App connectors App gateways Client connector services Client gateways |
| BigQuery |
Row access policies Tables |
| BigQuery Connection API | Connections |
| Cloud Bigtable |
Backups Instances Tables |
| Binary Authorization |
Attestors Policy |
| Cloud Billing | Billing accounts |
| Google Cloud Deploy |
Delivery pipelines Targets |
| Cloud Functions | Functions |
| Cloud IoT |
Groups Registries |
| Cloud Key Management Service |
Crypto keys EKM connections Import jobs Key rings |
| Resource Manager |
Folders Organizations Projects Tag keys Tag values |
| Cloud Tasks | Queues |
| Compute Engine |
Disks Firewall policies Images Instance templates Instances Licenses Machine images Network firewall policies Node groups Node templates Region disks Region network firewall policies Reservations Resource policies Service attachments Snapshots Subnetworks |
| Container Analysis |
Notes Occurrences |
| Data Catalog |
Entry groups Policy tags Tag templates Taxonomies |
| Cloud Data Fusion | Instances |
| Database Migration Service |
Connection profiles Migration jobs |
| Dataplex |
Assets Content Content items Environments Lakes Tasks Zones |
| Dataproc |
Autoscaling policies Clusters Jobs Operations Workflow templates |
| Cloud Deployment Manager | Deployments |
| Cloud DNS | Managed zones |
| Cloud Domains | Registrations |
| Eventarc |
Channel connections Channels Triggers |
| Game Servers | Game server deployments |
| Backup for GKE |
Backup plans Backups Restore plans Restores Volume backups Volume restores |
| GKE Hub |
Features Memberships |
| Cloud Healthcare API |
Consent stores Datasets DICOM stores FHIR stores HL7v2 stores |
| Identity and Access Management | Service accounts |
| Cloud Intrusion Detection System | Endpoints |
| Managed Service for Microsoft Active Directory |
Backups Domains Peerings |
| Dataproc Metastore |
Backups Databases Federations Services Tables |
| AI Platform |
Jobs Models |
| Network Connectivity Center |
Hubs Policy-based routes Spokes |
| Network Management API | Connectivity tests |
| Network Security |
Authorization policies Client TLS policies Server TLS policies |
| Network Services |
Edge cache keysets Edge cache origins Edge cache services Endpoint policies Gateways Meshes Service bindings |
| Notebooks |
Instances Runtimes |
| Certificate Authority Service |
CA pools Certificate revocation lists Certificate templates |
| Pub/Sub |
Schemas Snapshots Subscriptions Topics |
| Cloud Run |
Jobs Services |
| Secret Manager | Secrets |
| Security Command Center | Sources |
| Service Directory |
Namespaces Services |
| Service Management |
Consumers Services |
| Cloud Source Repositories | Repos |
| Cloud Spanner |
Backups Databases Instances |
| Cloud Storage | Buckets |