Introduction to Cloud Asset Inventory

Cloud Asset Inventory provides inventory services based on a time series database. This database keeps a five week history of Google Cloud Platform (GCP) asset metadata. The Cloud Asset Inventory export service allows you to export all asset metadata at a certain timestamp or export event change history during a timeframe.

Features

Export asset metadata at a timestamp

The Cloud Asset Inventory export service allows you to export all the asset metadata at a given timestamp to a Cloud Storage file.

Export asset history

The Cloud Asset Inventory export service allows you to export the event change history of multiple assets during a given timeframe. The exported event change history shows you all the create, delete, and update events for the specifed assets over time.

Supported resource types

The Cloud Asset Inventory export service currently supports the following resource types in GCP:

Cloud Key Management Service

  • cloudkms.googleapis.com/KeyRing

  • cloudkms.googleapis.com/CryptoKey

  • cloudkms.googleapis.com/CryptoKeyVersion

Resource Manager

  • cloudresourcemanager.googleapis.com/Organization

  • cloudresourcemanager.googleapis.com/Folder

  • cloudresourcemanager.googleapis.com/Project

Compute Engine

  • compute.googleapis.com/Autoscaler

  • compute.googleapis.com/BackendBucket

  • compute.googleapis.com/BackendService

  • compute.googleapis.com/Disk

  • compute.googleapis.com/Firewall

  • compute.googleapis.com/ForwardingRule

  • compute.googleapis.com/HealthCheck

  • compute.googleapis.com/HttpHealthCheck

  • compute.googleapis.com/HttpsHealthCheck

  • compute.googleapis.com/Image

  • compute.googleapis.com/Instance

  • compute.googleapis.com/InstanceGroup

  • compute.googleapis.com/InstanceGroupManager

  • compute.googleapis.com/InstanceTemplate

  • compute.googleapis.com/License

  • compute.googleapis.com/Network

  • compute.googleapis.com/Project

  • compute.googleapis.com/Route

  • compute.googleapis.com/Router

  • compute.googleapis.com/Snapshot

  • compute.googleapis.com/SslCertificate

  • compute.googleapis.com/Subnetwork

  • compute.googleapis.com/TargetHttpProxy

  • compute.googleapis.com/TargetHttpsProxy

  • compute.googleapis.com/TargetInstance

  • compute.googleapis.com/TargetPool

  • compute.googleapis.com/TargetTcpProxy

  • compute.googleapis.com/TargetSslProxy

  • compute.googleapis.com/TargetVpnGateway

  • compute.googleapis.com/UrlMap

  • compute.googleapis.com/VpnTunnel

App Engine

  • appengine.googleapis.com/Application

  • appengine.googleapis.com/Service

  • appengine.googleapis.com/Version

Google Kubernetes Engine

Note that Google Kubernetes Engine asset change history can be incomplete, and data freshness can be stale for up to 6 hours.

  • container.googleapis.com/Cluster

Cloud Billing

  • cloudbilling.googleapis.com/BillingAccount

Cloud Storage

  • storage.googleapis.com/Bucket

Cloud DNS

  • dns.googleapis.com/ManagedZone

  • dns.googleapis.com/Policy

Cloud Spanner

  • spanner.googleapis.com/Instance

  • spanner.googleapis.com/Database

BigQuery

Note that BigQuery asset metadata and change history might be incomplete.

  • bigquery.googleapis.com/Dataset

  • bigquery.googleapis.com/Table

Cloud Identity and Access Management

  • iam.googleapis.com/Role

  • iam.googleapis.com/ServiceAccount

Cloud Pub/Sub

  • pubsub.googleapis.com/Topic
  • pubsub.googleapis.com/Subscription

Cloud Dataproc

  • dataproc.googleapis.com/Cluster

  • dataproc.googleapis.com/Job

Cloud SQL

Note that Cloud SQL asset change history can be incomplete, and data freshness can be stale for up to an hour.

  • sqladmin.googleapis.com/Instance

Cloud Bigtable

Note that Cloud Asset Inventory support for the following resources is in Beta.

  • bigtableadmin.googleapis.com/Cluster

  • bigtableadmin.googleapis.com/Instance

  • bigtableadmin.googleapis.com/Table

Supported policy types

The Cloud Asset API currently supports the following policy types in GCP:

Key Concepts

Asset

An asset refers to a GCP resource or policy. Examples of resources include Compute Engine virtual machines (VMs), Cloud Storage buckets, and App Engine instances. Examples of policies include Cloud Identity and Access Management (Cloud IAM) policies and org policies (currently not supported).

Asset content type

Cloud Asset Inventory supports the following asset types:

  • Resource: Resource metadata of a GCP asset.

  • IAM Policy: Metadata of the Cloud IAM policy set on a GCP asset.

Asset snapshot

An asset snapshot is the set of available assets under a Resource Manager project, folder, or organization at a timestamp.

Asset history

For a given asset, asset history includes all metadata create, delete, and update events between timestamp T1 and T2.

API reference

REST API documentation

RPC API documentation

Next steps

Was this page helpful? Let us know how we did:

Send feedback about...

Resource Manager Documentation