Custom organization policies allow administrators to define their own restrictions on Google Cloud services. For more information about custom constraints, see the Custom organization policy overview.
Each service defines the set of custom constraint fields that can be used to enforce organization policies on their service resources. See the list below to learn which Google Cloud services support custom constraints. To learn how to create custom constraints, see Creating and managing custom constraints.
Supported service resources
Resources associated with the following services can be subjected to custom constraints. Not all resource attributes are available for these resources. See the service-specific documentation linked below to find the resources and attributes that are available for use.
| Google Cloud service | Resource type | Launch status |
|---|---|---|
| GKE | container.googleapis.com/NodePool
| GA |
container.googleapis.com/Cluster
| GA |
|
| Dataproc Serverless | dataproc.googleapis.com/Batch
| Preview |
| Dataproc | dataproc.googleapis.com/Cluster
| GA |
| Compute Engine | compute.googleapis.com/Disk
| GA |
compute.googleapis.com/Image
| GA |
|
compute.googleapis.com/Instance
| GA |
|
| Cloud Next Generation Firewall | compute.googleapis.com/Firewall
| GA |
compute.googleapis.com/FirewallPolicy
| GA |
|
| Virtual Private Cloud | compute.googleapis.com/Network
| GA |
compute.googleapis.com/Route
| GA |
|
compute.googleapis.com/Subnetwork
| GA |
|
| Cloud Load Balancing | compute.googleapis.com/SslPolicy
| GA |
| Identity and Access Management | iam.googleapis.com/AllowPolicy
| Preview |
| Cloud Storage | storage.googleapis.com/Bucket
| GA |
| Cloud SQL | sqladmin.googleapis.com/Instance
| GA |
| Contact Center AI Platform | contactcenteraiplatform.googleapis.com/ContactCenter
| Preview |
| Dataflow | dataflow.googleapis.com/Job
| GA |
| Cloud Build | cloudbuild.googleapis.com/BitbucketServerConfig
| GA |
cloudbuild.googleapis.com/BuildTrigger
| GA |
|
cloudbuild.googleapis.com/WorkerPool
| GA |
|
| AlloyDB for PostgreSQL | alloydb.googleapis.com/Instance
| Preview |
| Hub | gkehub.googleapis.com/Fleet
| GA |
gkehub.googleapis.com/Membership
| GA |
|
gkehub.googleapis.com/Feature
| GA |
|
gkehub.googleapis.com/MembershipBinding
| GA |
|
gkehub.googleapis.com/Scope
| GA |
|
gkehub.googleapis.com/Namespace
| GA |
|
gkehub.googleapis.com/RBACRoleBinding
| GA |
|
| Cloud Run | run.googleapis.com/Service
| Preview |
run.googleapis.com/Job
| Preview |