Jenis aset dan kebijakan yang didukung untuk validasi IaC

Dokumen ini menjelaskan jenis dan kebijakan aset yang didukung dalam fitur validasi infrastruktur sebagai kode (IaC) di Security Command Center.

Jenis aset yang didukung

Berikut adalah daftar jenis aset Google Cloud yang didukung:

  • bigquery.googleapis.com/Dataset
  • bigquery.googleapis.com/Table
  • cloudkms.googleapis.com/KeyRing
  • cloudresourcemanager.googleapis.com/Folder
  • cloudresourcemanager.googleapis.com/Project
  • compute.googleapis.com/BackendService
  • compute.googleapis.com/Disk
  • compute.googleapis.com/Firewall
  • compute.googleapis.com/ForwardingRule
  • compute.googleapis.com/GlobalForwardingRule
  • compute.googleapis.com/Instance
  • compute.googleapis.com/Network
  • compute.googleapis.com/Snapshot
  • compute.googleapis.com/SslPolicy
  • compute.googleapis.com/Subnetwork
  • compute.googleapis.com/TargetHttpsProxy
  • compute.googleapis.com/TargetSslProxy
  • container.googleapis.com/Cluster
  • container.googleapis.com/NodePool
  • dns.googleapis.com/ManagedZone
  • dns.googleapis.com/Policy
  • file.googleapis.com/Instance
  • pubsub.googleapis.com/Subscription
  • pubsub.googleapis.com/Topic
  • run.googleapis.com/DomainMapping
  • run.googleapis.com/Service
  • serviceusage.googleapis.com/Service
  • spanner.googleapis.com/Database
  • spanner.googleapis.com/Instance
  • sqladmin.googleapis.com/Instance
  • storage.googleapis.com/Bucket
  • vpcaccess.googleapis.com/Connector

Validasi di kolom disks[].initializeParams.sourceImage dari compute.googleapis.com/Instance tidak didukung.

Kebijakan yang didukung

Bagian ini menjelaskan kebijakan yang didukung oleh validasi IaC.

Batasan kustom kebijakan organisasi

Semua batasan khusus kebijakan organisasi didukung. Namun, Anda tidak dapat memvalidasi kebijakan organisasi yang menyertakan tag.

Modul kustom Security Health Analytics

Semua modul kustom Security Health Analytics didukung.

Pendeteksi bawaan Security Health Analytics

Berikut adalah daftar detektor bawaan yang didukung:

  • AUTO_BACKUP_DISABLED
  • AUTO_REPAIR_DISABLED
  • AUTO_UPGRADE_DISABLED
  • BIGQUERY_TABLE_CMEK_DISABLED
  • BUCKET_CMEK_DISABLED
  • BUCKET_LOGGING_DISABLED
  • BUCKET_POLICY_ONLY_DISABLED
  • CLUSTER_LOGGING_DISABLED
  • CLUSTER_MONITORING_DISABLED
  • CLUSTER_SECRETS_ENCRYPTION_DISABLED
  • CLUSTER_SHIELDED_NODES_DISABLED
  • COS_NOT_USED
  • FIREWALL_RULE_LOGGING_DISABLED
  • FLOW_LOGS_DISABLED
  • VPC_FLOW_LOGS_SETTINGS_NOT_RECOMMENDED
  • INTEGRITY_MONITORING_DISABLED
  • INTRANODE_VISIBILITY_DISABLED
  • KMS_KEY_NOT_ROTATED
  • KMS_PUBLIC_KEY
  • LEGACY_AUTHORIZATION_ENABLED
  • LEGACY_METADATA_ENABLED
  • MASTER_AUTHORIZED_NETWORKS_DISABLED
  • NETWORK_POLICY_DISABLED
  • NODEPOOL_BOOT_CMEK_DISABLED
  • NODEPOOL_SECURE_BOOT_DISABLED
  • OVER_PRIVILEGED_ACCOUNT
  • OVER_PRIVILEGED_SCOPES
  • PRIVATE_GOOGLE_ACCESS_DISABLED
  • PUBLIC_BUCKET_ACL
  • PUBLIC_DATASET
  • PUBLIC_SQL_INSTANCE
  • RELEASE_CHANNEL_DISABLED
  • RSASHA1_FOR_SIGNING
  • SQL_CMEK_DISABLED
  • SQL_CONTAINED_DATABASE_AUTHENTICATION
  • SQL_CROSS_DB_OWNERSHIP_CHAINING
  • SQL_EXTERNAL_SCRIPTS_ENABLED
  • SQL_LOCAL_INFILE
  • SQL_LOG_CHECKPOINTS_DISABLED
  • SQL_LOG_CONNECTIONS_DISABLED
  • SQL_LOG_DISCONNECTIONS_DISABLED
  • SQL_LOG_DURATION_DISABLED
  • SQL_LOG_ERROR_VERBOSITY
  • SQL_LOG_EXECUTOR_STATS_ENABLED
  • SQL_LOG_HOSTNAME_ENABLED
  • SQL_LOG_LOCK_WAITS_DISABLED
  • SQL_LOG_MIN_DURATION_STATEMENT_ENABLED
  • SQL_LOG_MIN_ERROR_STATEMENT
  • SQL_LOG_MIN_ERROR_STATEMENT_SEVERITY
  • SQL_LOG_MIN_MESSAGES
  • SQL_LOG_PARSER_STATS_ENABLED
  • SQL_LOG_PLANNER_STATS_ENABLED
  • SQL_LOG_STATEMENT
  • SQL_LOG_STATEMENT_STATS_ENABLED
  • SQL_LOG_TEMP_FILES
  • SQL_PUBLIC_IP
  • SQL_REMOTE_ACCESS_ENABLED
  • SQL_SKIP_SHOW_DATABASE_DISABLED
  • SQL_TRACE_FLAG_3625
  • SQL_USER_CONNECTIONS_CONFIGURED
  • SQL_USER_OPTIONS_CONFIGURED
  • WEB_UI_ENABLED
  • WORKLOAD_IDENTITY_DISABLED

Langkah selanjutnya