Introduction to Cloud Asset Inventory

Cloud Asset Inventory provides inventory services based on a time series database. This database keeps a five week history of Google Cloud Platform (GCP) asset metadata. The Cloud Asset Inventory export service allows you to export all asset metadata at a certain timestamp or export event change history during a timeframe.

Features

Export asset metadata at a timestamp

The Cloud Asset Inventory export service allows you to export all the asset metadata at a given timestamp to a Cloud Storage file.

Export asset history

The Cloud Asset Inventory export service allows you to export the event change history of multiple assets during a given timeframe. The exported event change history shows you all the create, delete, and update events for the specifed assets over time.

Supported resource types

The Cloud Asset Inventory export service currently supports the following resource types in GCP:

Service Launch stage/Resource
App Engine GA

API reference
appengine.googleapis.com/Application
appengine.googleapis.com/Service
appengine.googleapis.com/Version
BigQuery

Note that BigQuery asset metadata and change history might be incomplete.
GA

API reference
bigquery.googleapis.com/Dataset
bigquery.googleapis.com/Table
Cloud Bigtable GA

API reference
bigtableadmin.googleapis.com/Cluster
bigtableadmin.googleapis.com/Instance
bigtableadmin.googleapis.com/Table
Cloud Billing GA

API reference
cloudbilling.googleapis.com/BillingAccount
Cloud Dataproc GA

API reference
dataproc.googleapis.com/Cluster
dataproc.googleapis.com/Job
Cloud DNS GA

API reference
dns.googleapis.com/ManagedZone
dns.googleapis.com/Policy
Cloud Identity and Access Management GA

API reference
iam.googleapis.com/Role
iam.googleapis.com/ServiceAccount
Cloud Key Management Service GA

API reference

cloudkms.googleapis.com/KeyRing
cloudkms.googleapis.com/CryptoKey
cloudkms.googleapis.com/CryptoKeyVersion
Cloud Pub/Sub GA

API reference
pubsub.googleapis.com/Topic
pubsub.googleapis.com/Subscription
Cloud Spanner GA

API reference
spanner.googleapis.com/Instance
spanner.googleapis.com/Database
Cloud SQL

Note that Cloud SQL asset change history can be incomplete, and data freshness can be stale for up to an hour.
GA

API reference
sqladmin.googleapis.com/Instance
Cloud Storage GA

API reference
storage.googleapis.com/Bucket
Compute Engine GA

API reference
compute.googleapis.com/Autoscaler
compute.googleapis.com/Address
compute.googleapis.com/GlobalAddress
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Disk
compute.googleapis.com/Firewall
compute.googleapis.com/ForwardingRule
compute.googleapis.com/GlobalForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network
compute.googleapis.com/Project
compute.googleapis.com/RegionBackendService
compute.googleapis.com/RegionDisk
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/SecurityPolicy
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/Subnetwork
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnTunnel
Google Kubernetes Engine GA

API reference
container.googleapis.com/Cluster

API reference
k8s.io/Node
k8s.io/Pod
k8s.io/Namespace
rbac.authorization.k8s.io/Role
rbac.authorization.k8s.io/RoleBinding
rbac.authorization.k8s.io/ClusterRole
rbac.authorization.k8s.io/ClusterRoleBinding
Beta

API reference
container.googleapis.com/NodePool
Resource Manager

Resource Manager assets in Alpha and Beta are in the process of migrating to GA. You might see data inconsistencies that can impact your data processes.
Beta

API reference
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Project
Alpha

API reference
cloudresourcemanager.googleapis.com/Folder

Supported policy types

The Cloud Asset API currently supports the following policy types in GCP:

Policy Launch stage/Supported resource
Cloud IAM GA

API reference
All supported resource types
Organization Policy

Note that Organization Policy change history can be incomplete, and data freshness can be stale for up to one day.
GA

API reference
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
Access Policy (VPC Service Controls Policy)

Note that Access Policy change history can be incomplete, and data freshness can be stale for up to 6 hours.
GA

API reference
cloudresourcemanager.googleapis.com/Organization

Key Concepts

Asset

An asset refers to a GCP resource or policy. Examples of resources include Compute Engine virtual machines (VMs), Cloud Storage buckets, and App Engine instances. Examples of policies include Cloud Identity and Access Management (Cloud IAM) policies and org policies.

Asset content type

Cloud Asset Inventory supports the following asset types:

  • Resource: Resource metadata of a GCP asset.

  • IAM Policy: Metadata of the Cloud IAM policy set on a GCP asset.

  • Organization Policy: Metadata of the organization policy set on a GCP project, folder or organization.

  • Access Policy: Metadata of the access policy set on an organization. An access policy contains three assets: the access policy itself, access levels, and service perimeters.

Asset snapshot

An asset snapshot is the set of available assets under a Resource Manager project, folder, or organization at a timestamp.

Asset history

For a given asset, asset history includes all metadata create, delete, and update events between timestamp T1 and T2.

API reference

REST API documentation

RPC API documentation

Next steps

Kunde den här sidan hjälpa dig? Berätta:

Skicka feedback om ...

Resource Manager Documentation