turbot/gcp

steampipe plugin install gcpsteampipe plugin install gcp
gcp_audit_policygcp_bigquery_datasetgcp_bigquery_jobgcp_bigquery_tablegcp_bigtable_instancegcp_cloudfunctions_functiongcp_compute_addressgcp_compute_backend_bucketgcp_compute_backend_servicegcp_compute_diskgcp_compute_disk_metric_read_opsgcp_compute_disk_metric_read_ops_dailygcp_compute_disk_metric_read_ops_hourlygcp_compute_disk_metric_write_opsgcp_compute_disk_metric_write_ops_dailygcp_compute_disk_metric_write_ops_hourlygcp_compute_firewallgcp_compute_forwarding_rulegcp_compute_global_addressgcp_compute_global_forwarding_rulegcp_compute_imagegcp_compute_instancegcp_compute_instance_metric_cpu_utilizationgcp_compute_instance_metric_cpu_utilization_dailygcp_compute_instance_metric_cpu_utilization_hourlygcp_compute_instance_templategcp_compute_machine_typegcp_compute_networkgcp_compute_node_groupgcp_compute_node_templategcp_compute_project_metadatagcp_compute_regiongcp_compute_resource_policygcp_compute_routergcp_compute_snapshotgcp_compute_ssl_policygcp_compute_subnetworkgcp_compute_target_https_proxygcp_compute_target_poolgcp_compute_target_ssl_proxygcp_compute_target_vpn_gatewaygcp_compute_url_mapgcp_compute_vpn_tunnelgcp_compute_zonegcp_dns_managed_zonegcp_dns_policygcp_dns_record_setgcp_iam_policygcp_iam_rolegcp_kms_keygcp_kms_key_ringgcp_logging_bucketgcp_logging_exclusiongcp_logging_metricgcp_logging_sinkgcp_monitoring_alert_policygcp_monitoring_groupgcp_monitoring_notification_channelgcp_organizationgcp_projectgcp_project_organization_policygcp_project_servicegcp_pubsub_snapshotgcp_pubsub_subscriptiongcp_pubsub_topicgcp_service_accountgcp_service_account_keygcp_sql_backupgcp_sql_databasegcp_sql_database_instancegcp_sql_database_instance_metric_connectionsgcp_sql_database_instance_metric_connections_dailygcp_sql_database_instance_metric_connections_hourlygcp_sql_database_instance_metric_cpu_utilizationgcp_sql_database_instance_metric_cpu_utilization_dailygcp_sql_database_instance_metric_cpu_utilization_hourlygcp_storage_bucket

Table: gcp_compute_firewall

VPC firewall rules allows or denies connections to or from your virtual machine (VM) instances based on a specified configuration. Enabled VPC firewall rules are always enforced, protecting instances regardless of their configuration and operating system, even if they have not started up.

Firewall rules basic info

select
name,
id,
description,
direction
from
gcp_compute_firewall;

List of rules which are applied to TCP protocol

select
name,
id,
p ->> 'IPProtocol' as ip_protocol,
p ->> 'ports' as ports
from
gcp_compute_firewall,
jsonb_array_elements(allowed) as p
where
p ->> 'IPProtocol' = 'tcp';

List of disabled rules

select
name,
id,
description,
disabled
from
gcp_compute_firewall
where
disabled

List of Egress rules

select
name,
id,
direction,
allowed,
denied
from
gcp_compute_firewall
where
direction = 'EGRESS';

.inspect gcp_compute_firewall

GCP Compute Firewall

NameTypeDescription
actiontextDescribes the type action specified by the rule.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
allowedjsonbThe list of ALLOW rules specified by this firewall.
creation_timestamptimestamp without time zoneThe creation timestamp of the resource.
deniedjsonbThe list of DENY rules specified by this firewall.
descriptiontextA user-specified, human-readable description of the firewall.
destination_rangesjsonbA list of CIDR ranges. The firewall rule applies only to traffic that has destination IP address in these ranges.
directiontextDirection of traffic to which this firewall applies.
disabledbooleanIndicates whether the firewall rule is disabled, or not.
idbigintThe unique identifier for the resource.
kindtextSpecifies the type of the resource.
locationtextThe GCP multi-region, region, or zone in which the resource is located.
log_config_enablebooleanSpecifies whether to enable logging for a particular firewall rule, or not.
log_config_metadatatextSpecifies whether to include or exclude metadata for firewall logs.
nametextA friendly name that identifies the resource.
networktextThe URL of the network resource for this firewall rule.
prioritybigintSpecifies the priority for this rule. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority.
projecttextThe GCP Project in which the resource is located.
self_linktextThe server-defined URL for the resource.
source_rangesjsonbA list of CIDR ranges. The firewall rule applies only to traffic originating from an instance with a service account in this list.
source_service_accountsjsonbA list of service account. The firewall rule applies only to traffic that has a source IP address in these ranges.
source_tagsjsonbA list of tags. The firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network.
target_service_accountsjsonbA list of service accounts indicating sets of instances located in the network that may make network connections as specified in Allowed
target_tagsjsonbA list of tags that controls which instances the firewall rule applies to.
titletextTitle of the resource.