Evaluate your workloads using custom rules

This document describes how to use custom rules in Workload Manager to evaluate your workloads against best practices recommended for your organization.

Before you begin

  • Create custom rules using Rego and upload rules to a Cloud Storage bucket.
  • Enable the following APIs in your Google Cloud project where you create and run the evaluation:
    • Service Usage API
    • Cloud Monitoring API

Required roles

For more information about the required IAM roles, see required permissions to create and run an evaluation.

Evaluate workloads using custom rules

To create a workload evaluation using custom rules, follow these steps:

  1. In the Google Cloud console, go to the Workload Manager page.

    Go to Workload Manager.

  2. Select a Google Cloud project.

  3. If prompted, to enable the required API for Workload Manager, click Enable.

  4. Click New evaluation.

  5. On the Evaluation details page, do the following:

    1. For Evaluation name, enter a name for the workload evaluation.
    2. For Description, enter a description for the workload evaluation.
    3. For Workload type, select General.
    4. Select the Cloud Storage bucket containing the custom rules.
    5. Optional: To export evaluation results to BigQuery dataset, select Save evaluation results to BigQuery dataset and specify the name of the dataset.
    6. Optional: To create a separate table for each evaluation, click Create a new results table for this evaluation.

  6. Click Continue.

  7. On the Evaluation scope page, select the resources that you want to include in the evaluation.

  8. Click Continue.

  9. On the Evaluation rules page, select the custom rules you want to validate the selected resources against.

  10. On the Scheduling page, select the schedule for your evaluation to run.

  11. Click Continue.

  12. On the Notifications page, select the notification channel and select the events for which you want to receive notifications.

  13. Click Continue.

  14. Review the evaluation settings and click Create.

Run the evaluation

To run a workload evaluation, follow these steps:

  1. In the Google Cloud console, go to the Workload Manager page.

    Go to Workload Manager.

  2. Click the Evaluation name.

  3. On the Evaluation information page, click Run. A workload evaluation takes a few minutes to complete. There might be evaluations that aren't completely real-time due to the time it takes for an evaluation to complete.

What's next