This repository will focus on providing visibility of Cloud Resources and IAM, Org, Access policies at the GCP organization level. The imperative scripts will provide examples of commands to use during an incident or an analysis view in Bigquery. The declaritive Terraform templates will create real time pub/sub feeds at the GCP organization level for CONTENT_TYPE_UNSPECIFIED, RESOURCE, IAM_POLICY, ORG_POLICY, and ACCESS_POLICY events. Enjoy being able to say I know whats going on in my GCP organization!
Download the latest gcloud SDK https://cloud.google.com/sdk/docs/
- Terraform 0.12.x
- [terraform-provider-google](https://github.com/terraform-providers terraform-provider-google) plugin v3.4.0
-
Individual permissions https://cloud.google.com/asset-inventory/docs/access-control#required_permissions
-
Predefined roles https://cloud.google.com/asset-inventory/docs/access-control#roles
- Bigquery write permission for export or storage is delegated to Cloud Asset service account: [email protected]"
$ search_assets.sh --dns-domain
$ search_permission.sh --dns-domain
$ bq --location=US mk -d --description "$(gcloud config list --format 'value(core.account)') created assets dataset" $(gcloud config list --format 'value(core.project)'):assets
$ load_assets_bq.sh --dns-domain
$ entitlement_report.sh --dns-domain
$ create_asset_feeds.sh --dns-domain
$ delete_asset_feeds.sh --dns-domain
- Create a Google Storage bucket to store Terraform state
gsutil mb gs://<your state bucket>
- Copy terraform.tfvars.template to terraform.tfvars
cp terraform.tfvars.template terraform.tfvars
- Update required variables in terraform.tfvars for Splunk Software, GCS Bucket, and DNS configuration
terraform init
to get the plugins- Enter Google Storage bucket that will store the Terraform state
terraform plan
to see the infrastructure planterraform apply
to apply the infrastructure buildterraform destroy
to destroy the built infrastructure
Please refer the variables.tf
file for the required and optional variables.
- /main.tf: main file for this module, contains all the resources to create
- /variables.tf: all the variables for the module
- /versions.tf: Terraform version and forcing to Terraform state to Google Storage
- /readme.MD: this file
SQL Examples https://cloud.google.com/asset-inventory/docs/exporting-to-bigquery#querying_an_asset_snapshot
SELECT *
FROM `<Path to your BQ Table>`
JOIN UNNEST(org_policy) AS op
WHERE
op.constraint = "constraints/compute.vmExternalIpAccess"
AND (op.boolean_policy IS NULL OR op.boolean_policy.enforced = FALSE);