Table: gcp_cloud_asset - Query GCP Cloud Asset using SQL
GCP Cloud Asset is a powerful tool for organizations to maintain visibility and control over their cloud resources, ensuring that they can manage these assets effectively in terms of security, compliance, and operational efficiency.
Table Usage Guide
The gcp_cloud_asset table provides an management system for resources and policies within GCP. It allows users to keep track of their cloud assets across various GCP services.
Examples
Basic info
It provides a quick snapshot of all assets in the GCP environment. This is helpful for administrators and cloud architects to get an overview of the resources, their types, and recent updates.
select name, asset_type, update_time, ancestorsfrom gcp_cloud_asset;select name, asset_type, update_time, ancestorsfrom gcp_cloud_asset;Get access policy of the resources
This query is particularly useful for administrators and security professionals who need to oversee and manage access policies within a GCP environment. It provides a detailed view of how access is controlled and managed across various cloud assets.
select name, access_policy ->> 'Etag' as access_policy_etag, access_policy ->> 'Name' as access_policy_name, access_policy ->> 'Parent' as access_policy_parent, access_policy -> 'Scopes' as access_policy_scopesfrom gcp_cloud_asset;select name, json_extract(access_policy, '$.Etag') as access_policy_etag, json_extract(access_policy, '$.Name') as access_policy_name, json_extract(access_policy, '$.Parent') as access_policy_parent, json_extract(access_policy, '$.Scopes') as access_policy_scopesfrom gcp_cloud_asset;Schema for gcp_cloud_asset
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| access_level | jsonb | Access levels are used for permitting access to resources based on contextual information about the request. | |
| access_policy | jsonb | An access policy is a container for all of your Access Context Manager resources. | |
| ancestors | jsonb | The ancestry path of an asset in Google Cloud resource hierarchy. | |
| asset_type | text | The type of the asset. | |
| iam_policy | jsonb | A representation of the IAM policy set on a Google Cloud resource. | |
| name | text | The full name of the asset. | |
| org_policy | jsonb | A representation of an organization policy. | |
| os_inventory | jsonb | A representation of runtime OS Inventory information. | |
| project | text | The GCP Project in which the resource is located. | |
| related_asset | jsonb | One related asset of the current asset. | |
| resource | jsonb | A representation of the resource. | |
| service_perimeter | jsonb | An overview of VPC Service Controls and describes its advantages and capabilities. | |
| title | text | Title of the resource. | |
| update_time | timestamp with time zone | The last update timestamp of an asset. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcpYou can pass the configuration to the command with the --config argument:
steampipe_export_gcp --config '<your_config>' gcp_cloud_asset