gcp.service

GCP Service Usage Management

https://cloud.google.com/service-usage/docs/reference/rest https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services

Filters

• event

• list-item

• metrics

• reduce

• scc-findings

• value

metrics

Supports metrics filters on resources.

All resources that have cloud watch metrics are supported.

Docs on cloud watch metrics

• Google Supported Metrics https://cloud.google.com/monitoring/api/metrics_gcp

• Custom Metrics https://cloud.google.com/monitoring/api/v3/metric-model#intro-custom-metrics

- name: firewall-hit-count
  resource: gcp.firewall
  filters:
  - type: metrics
    name: firewallinsights.googleapis.com/subnet/firewall_hit_count
    aligner: ALIGN_COUNT
    days: 14
    value: 1
    op: greater-than

properties:
  aligner:
    enum:
    - ALIGN_NONE
    - ALIGN_DELTA
    - ALIGN_RATE
    - ALIGN_INTERPOLATE
    - ALIGN_MIN
    - ALIGN_MAX
    - ALIGN_MEAN
    - ALIGN_COUNT
    - ALIGN_SUM
    - REDUCE_COUNT_FALSE
    - ALIGN_STDDEV
    - ALIGN_COUNT_TRUE
    - ALIGN_COUNT_FALSE
    - ALIGN_FRACTION_TRUE
    - ALIGN_PERCENTILE_99
    - ALIGN_PERCENTILE_95
    - ALIGN_PERCENTILE_50
    - ALIGN_PERCENTILE_05
    - ALIGN_PERCENT_CHANG
    type: string
  days:
    type: number
  filter:
    type: string
  group-by-fields:
    items:
      type: string
    type: array
  metric-key:
    type: string
  missing-value:
    type: number
  name:
    type: string
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
    - mod
    type: string
  reducer:
    enum:
    - REDUCE_NONE
    - REDUCE_MEAN
    - REDUCE_MIN
    - REDUCE_MAX
    - REDUCE_MEAN
    - REDUCE_SUM
    - REDUCE_STDDEV
    - REDUCE_COUNT
    - REDUCE_COUNT_TRUE
    - REDUCE_COUNT_FALSE
    - REDUCE_FRACTION_TRUE
    - REDUCE_PERCENTILE_99
    - REDUCE_PERCENTILE_95
    - REDUCE_PERCENTILE_50
    - REDUCE_PERCENTILE_05
    type: string
  type:
    enum:
    - metrics
  value:
    type: number
required:
- value
- name
- op

Permissions - monitoring.timeSeries.list

Actions

• disable

• notify

• webhook

disable

Disable a service for the current project

Example:

policies:
  - name: disable-disallowed-services
    resource: gcp.service
    mode:
      type: gcp-audit
      methods:
       - google.api.servicemanagement.v1.ServiceManagerV1.ActivateServices
    filters:
     - config.name: translate.googleapis.com
    actions:
     - disable

properties:
  dependents:
    default: false
    type: boolean
  type:
    enum:
    - disable
  usage:
    enum:
    - SKIP
    - CHECK
required:
- type

Permissions - serviceusage.services.disable