steampipe plugin install gcp

Table: gcp_cloud_asset - Query GCP Cloud Asset using SQL

GCP Cloud Asset is a powerful tool for organizations to maintain visibility and control over their cloud resources, ensuring that they can manage these assets effectively in terms of security, compliance, and operational efficiency.

Table Usage Guide

The gcp_cloud_asset table provides an management system for resources and policies within GCP. It allows users to keep track of their cloud assets across various GCP services.

Examples

Basic info

It provides a quick snapshot of all assets in the GCP environment. This is helpful for administrators and cloud architects to get an overview of the resources, their types, and recent updates.

select
name,
asset_type,
update_time,
ancestors
from
gcp_cloud_asset;
select
name,
asset_type,
update_time,
ancestors
from
gcp_cloud_asset;

Get access policy of the resources

This query is particularly useful for administrators and security professionals who need to oversee and manage access policies within a GCP environment. It provides a detailed view of how access is controlled and managed across various cloud assets.

select
name,
access_policy ->> 'Etag' as access_policy_etag,
access_policy ->> 'Name' as access_policy_name,
access_policy ->> 'Parent' as access_policy_parent,
access_policy -> 'Scopes' as access_policy_scopes
from
gcp_cloud_asset;
select
name,
json_extract(access_policy, '$.Etag') as access_policy_etag,
json_extract(access_policy, '$.Name') as access_policy_name,
json_extract(access_policy, '$.Parent') as access_policy_parent,
json_extract(access_policy, '$.Scopes') as access_policy_scopes
from
gcp_cloud_asset;

Schema for gcp_cloud_asset

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
access_leveljsonbAccess levels are used for permitting access to resources based on contextual information about the request.
access_policyjsonbAn access policy is a container for all of your Access Context Manager resources.
ancestorsjsonbThe ancestry path of an asset in Google Cloud resource hierarchy.
asset_typetextThe type of the asset.
iam_policyjsonbA representation of the IAM policy set on a Google Cloud resource.
nametextThe full name of the asset.
org_policyjsonbA representation of an organization policy.
os_inventoryjsonbA representation of runtime OS Inventory information.
projecttext=, !=, ~~, ~~*, !~~, !~~*The GCP Project in which the resource is located.
related_assetjsonbOne related asset of the current asset.
resourcejsonbA representation of the resource.
service_perimeterjsonbAn overview of VPC Service Controls and describes its advantages and capabilities.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.
update_timetimestamp with time zoneThe last update timestamp of an asset.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp

You can pass the configuration to the command with the --config argument:

steampipe_export_gcp --config '<your_config>' gcp_cloud_asset