Skip to content

Latest commit

 

History

History
51 lines (40 loc) · 1.43 KB

README.md

File metadata and controls

51 lines (40 loc) · 1.43 KB

GC Cloud Guardrails

Source Links

Cloud Foundation Scorcard

Cloud Inventory Assets

Permissions

  • Cloud Asset Viewer
  • Service Usage Consumer

Process

Generate Inventory

  1. Enable Cloud Asset Inventory API
gcloud services enable cloudasset.googleapis.com
  1. Create a storage bucket for storing the asset inventory output
gsutil mb gs://<your_bucket_name>
  1. Run inventory report
gcloud asset export ---output-path=gs://<your_bucket_name>/resource_inventory.json \
	--content-type=resource \ # content types can be the following: resource, iam-policy, access-policy, org-policy
	--project=<your_project_id> \ # --folder or --organization can also be used
  1. Download the Cloud Foundation Toolkit
# OS X
curl -o cft https://storage.googleapis.com/cft-cli/latest/cft-darwin-amd64
# Linux
curl -o cft https://storage.googleapis.com/cft-cli/latest/cft-linux-amd64
# executable
chmod +x cft

# Windows
curl -o cft.exe https://storage.googleapis.com/cft-cli/latest/cft-windows-amd64

  1. Clone this repo

  2. RUn the Scorecard

./cft scorecard --policy-path=./guardrails/ \
	--bucket=<your_bucket_name>