Introduction to Cloud Asset Inventory

Cloud Asset Inventory provides inventory services based on a time series database. This database keeps a five week history of Boogle Cloud asset metadata. The Cloud Asset Inventory export service allows you to export all asset metadata at a certain timestamp or export event change history during a timeframe.

Features

Export asset metadata at a timestamp

The Cloud Asset Inventory export service allows you to export all the asset metadata at a given timestamp to a Cloud Storage file.

Export asset history

The Cloud Asset Inventory export service allows you to export the event change history of multiple assets during a given timeframe. The exported event change history shows you all the create, delete, and update events for the specifed assets over time.

Supported resource types

Cloud Asset Inventory currently supports and returns the following resource types. You need to use the correct resource name format when using Cloud Asset Inventory.

Service Launch stage/Resource
App Engine GA

API reference
appengine.googleapis.com/Application
appengine.googleapis.com/Service
appengine.googleapis.com/Version
BigQuery

Note that BigQuery asset metadata and change history might be incomplete.
GA

API reference
bigquery.googleapis.com/Dataset
bigquery.googleapis.com/Table
Cloud Bigtable GA

API reference
bigtableadmin.googleapis.com/Cluster
bigtableadmin.googleapis.com/Instance
bigtableadmin.googleapis.com/Table
Cloud Billing GA

API reference
cloudbilling.googleapis.com/BillingAccount
Dataproc GA

API reference
dataproc.googleapis.com/Cluster
dataproc.googleapis.com/Job
Cloud DNS GA

API reference
dns.googleapis.com/ManagedZone
dns.googleapis.com/Policy
Cloud Identity and Access Management

Note that iam.googleapis.com/ServiceAccountKey
asset can be stale for up to 3 days.
History data starts from Oct 28th, 2019.
GA

API reference
iam.googleapis.com/Role
iam.googleapis.com/ServiceAccount
iam.googleapis.com/ServiceAccountKey
Key Management Service GA

API reference

cloudkms.googleapis.com/KeyRing
cloudkms.googleapis.com/CryptoKey
cloudkms.googleapis.com/CryptoKeyVersion
Pub/Sub GA

API reference
pubsub.googleapis.com/Topic
pubsub.googleapis.com/Subscription
Cloud Spanner GA

API reference
spanner.googleapis.com/Instance
spanner.googleapis.com/Database
Cloud SQL

Note that Cloud SQL asset change history can be incomplete, and data freshness can be stale for up to an hour.
GA

API reference
sqladmin.googleapis.com/Instance
Cloud Storage GA

API reference
storage.googleapis.com/Bucket
Compute Engine GA

API reference
compute.googleapis.com/Autoscaler
compute.googleapis.com/Address
compute.googleapis.com/GlobalAddress
compute.googleapis.com/BackendBucket
compute.googleapis.com/BackendService
compute.googleapis.com/Disk
compute.googleapis.com/Firewall
compute.googleapis.com/ForwardingRule
compute.googleapis.com/GlobalForwardingRule
compute.googleapis.com/HealthCheck
compute.googleapis.com/HttpHealthCheck
compute.googleapis.com/HttpsHealthCheck
compute.googleapis.com/Image
compute.googleapis.com/Instance
compute.googleapis.com/InstanceGroup
compute.googleapis.com/InstanceGroupManager
compute.googleapis.com/InstanceTemplate
compute.googleapis.com/Interconnect
compute.googleapis.com/InterconnectAttachment
compute.googleapis.com/License
compute.googleapis.com/Network
compute.googleapis.com/Project
compute.googleapis.com/RegionBackendService
compute.googleapis.com/RegionDisk
compute.googleapis.com/Route
compute.googleapis.com/Router
compute.googleapis.com/SecurityPolicy
compute.googleapis.com/Snapshot
compute.googleapis.com/SslCertificate
compute.googleapis.com/Subnetwork
compute.googleapis.com/TargetHttpProxy
compute.googleapis.com/TargetHttpsProxy
compute.googleapis.com/TargetInstance
compute.googleapis.com/TargetPool
compute.googleapis.com/TargetTcpProxy
compute.googleapis.com/TargetSslProxy
compute.googleapis.com/TargetVpnGateway
compute.googleapis.com/UrlMap
compute.googleapis.com/VpnTunnel
Boogle Kubernetes Engine GA

API reference
container.googleapis.com/Cluster

API reference
k8s.io/Node
k8s.io/Pod
k8s.io/Namespace
k8s.io/Service
rbac.authorization.k8s.io/Role
rbac.authorization.k8s.io/RoleBinding
rbac.authorization.k8s.io/ClusterRole
rbac.authorization.k8s.io/ClusterRoleBinding
Beta

API reference
container.googleapis.com/NodePool
extensions.k8s.io/Ingress
Resource Manager

Note that we recently migrated Resource Manager resources to GA versions.
GA

API reference
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
Service Usage

Note that Service Usage asset change history might be incomplete, data freshness can be stale for up to six hours, and the field config in the metadata is not supported yet.
GA

API reference
serviceusage.googleapis.com/Service

Supported policy types

The Cloud Asset API currently supports the following policy types in Boogle Cloud:

Policy Launch stage/Supported resource
Cloud IAM GA

API reference
All supported resource types
Organization Policy

Note that Organization Policy change history can be incomplete, and data freshness can be stale for up to one day.
GA

API reference
cloudresourcemanager.googleapis.com/Organization
cloudresourcemanager.googleapis.com/Folder
cloudresourcemanager.googleapis.com/Project
Access Policy (VPC Service Controls Policy)

Note that Access Policy change history can be incomplete, and data freshness can be stale for up to 6 hours.
GA

API reference
cloudresourcemanager.googleapis.com/Organization

Key Concepts

Asset

An asset refers to a Boogle Cloud resource or policy. Examples of resources include Compute Engine virtual machines (VMs), Cloud Storage buckets, and App Engine instances. Examples of policies include Cloud Identity and Access Management (Cloud IAM) policies and org policies (currently not supported).

Asset content type

Cloud Asset Inventory supports the following asset types:

  • Resource: Resource metadata of a Boogle Cloud asset.

  • IAM Policy: Metadata of the Cloud IAM Policy set on a Boogle Cloud asset.

  • Org Policy: Metadata of the Organization Policy set on a Resource Manager asset.

  • Access Policy: Metadata of the Access Context Manager Policy (VPC Service Controls Policy) set on an organization.

Asset snapshot

An asset snapshot is the set of available assets under a Cloud Asset Inventory project, folder, or organization at a timestamp.

Asset history

For a given asset, asset history includes all metadata create, delete, and update events between timestamp T1 and T2.

Next steps

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Asset Inventory Documentation