gcp_alloydb_clustergcp_alloydb_instancegcp_apikeys_keygcp_app_engine_applicationgcp_artifact_registry_repositorygcp_audit_policygcp_bigquery_datasetgcp_bigquery_jobgcp_bigquery_tablegcp_bigtable_instancegcp_billing_accountgcp_billing_budgetgcp_cloud_assetgcp_cloud_identity_groupgcp_cloud_identity_group_membershipgcp_cloud_run_servicegcp_cloudfunctions_functiongcp_composer_environmentgcp_compute_addressgcp_compute_autoscalergcp_compute_backend_bucketgcp_compute_backend_servicegcp_compute_diskgcp_compute_disk_metric_read_opsgcp_compute_disk_metric_read_ops_dailygcp_compute_disk_metric_read_ops_hourlygcp_compute_disk_metric_write_opsgcp_compute_disk_metric_write_ops_dailygcp_compute_disk_metric_write_ops_hourlygcp_compute_firewallgcp_compute_forwarding_rulegcp_compute_global_addressgcp_compute_global_forwarding_rulegcp_compute_ha_vpn_gatewaygcp_compute_imagegcp_compute_instancegcp_compute_instance_groupgcp_compute_instance_metric_cpu_utilizationgcp_compute_instance_metric_cpu_utilization_dailygcp_compute_instance_metric_cpu_utilization_hourlygcp_compute_instance_templategcp_compute_machine_imagegcp_compute_machine_typegcp_compute_networkgcp_compute_node_groupgcp_compute_node_templategcp_compute_project_metadatagcp_compute_regiongcp_compute_resource_policygcp_compute_routegcp_compute_routergcp_compute_snapshotgcp_compute_ssl_policygcp_compute_subnetworkgcp_compute_target_https_proxygcp_compute_target_poolgcp_compute_target_ssl_proxygcp_compute_target_vpn_gatewaygcp_compute_url_mapgcp_compute_vpn_tunnelgcp_compute_zonegcp_dataplex_assetgcp_dataplex_lakegcp_dataplex_taskgcp_dataplex_zonegcp_dataproc_clustergcp_dataproc_metastore_servicegcp_dns_managed_zonegcp_dns_policygcp_dns_record_setgcp_iam_policygcp_iam_rolegcp_kms_keygcp_kms_key_ringgcp_kms_key_versiongcp_kubernetes_clustergcp_kubernetes_node_poolgcp_logging_bucketgcp_logging_exclusiongcp_logging_log_entrygcp_logging_metricgcp_logging_sinkgcp_monitoring_alert_policygcp_monitoring_groupgcp_monitoring_notification_channelgcp_organizationgcp_projectgcp_project_organization_policygcp_project_servicegcp_pubsub_snapshotgcp_pubsub_subscriptiongcp_pubsub_topicgcp_redis_instancegcp_secret_manager_secretgcp_service_accountgcp_service_account_keygcp_sql_backupgcp_sql_databasegcp_sql_database_instancegcp_sql_database_instance_metric_connectionsgcp_sql_database_instance_metric_connections_dailygcp_sql_database_instance_metric_connections_hourlygcp_sql_database_instance_metric_cpu_utilizationgcp_sql_database_instance_metric_cpu_utilization_dailygcp_sql_database_instance_metric_cpu_utilization_hourlygcp_storage_bucketgcp_storage_objectgcp_tag_bindinggcp_vertex_ai_endpointgcp_vertex_ai_modelgcp_vertex_ai_notebook_runtime_templategcp_vertex_ai_notebook_runtime_template,mdgcp_vpc_access_connector
Table: gcp_compute_network - Query Google Cloud Platform Compute Networks using SQL
A Google Cloud Platform Compute Network is a virtual version of the traditional physical networks that exist within and between physical data centers. A network provides the communication path between your Compute Engine virtual machine (VM) instances. They are global resources, spanning all regions, and are used to define the network topology, such as subnetworks and network peering connections.
Table Usage Guide
The gcp_compute_network table provides insights into Compute Networks within Google Cloud Platform. As a network engineer or cloud architect, you can use this table to explore network-specific details, including its subnetworks, firewall rules, and routing configurations. This allows you to manage and optimize your network infrastructure effectively, ensuring secure and efficient communication paths within your Google Cloud environment.
Examples
List networks having auto create subnetworks feature disabled
Identify the networks that have the auto-create subnetworks feature turned off. This can be useful for assessing network configurations where manual subnet creation is preferred for more control over network segmentation.
select name, id, auto_create_subnetworksfrom gcp_compute_networkwhere not auto_create_subnetworks;select name, id, auto_create_subnetworksfrom gcp_compute_networkwhere auto_create_subnetworks = 0;List networks having routing_mode set to REGIONAL
Discover the segments that have their routing mode set to 'REGIONAL' within your network settings. This can be useful in understanding and managing network traffic flow within specific regions.
select name, id, routing_modefrom gcp_compute_networkwhere routing_mode = 'REGIONAL';select name, id, routing_modefrom gcp_compute_networkwhere routing_mode = 'REGIONAL';Subnets counts for each network
Explore which networks have the most subnets, allowing you to understand the distribution of subnets across your networks for better resource management and allocation.
select name, count(d) as num_subnetsfrom gcp_compute_network as i, jsonb_array_elements(subnetworks) as dgroup by name;select g.name, count(d.value) as num_subnetsfrom gcp_compute_network g, json_each(g.subnetworks) as dgroup by g.name;Query examples
- auto_create_subnetwork
- compute_backend_services_for_compute_network
- compute_firewalls_for_compute_network
- compute_firewalls_for_kubernetes_cluster
- compute_forwarding_rules_for_compute_network
- compute_instance_group_network_detail
- compute_instances_for_compute_network
- compute_network_by_creation_mode
- compute_network_by_project
- compute_network_by_routing_mode
- compute_network_count
- compute_network_default_count
- compute_network_input
- compute_network_is_default
- compute_network_mtu
- compute_network_no_subnet_count
- compute_network_overview
- compute_network_peering
- compute_network_routing_mode
- compute_network_subnet
- compute_network_subnet_count
- compute_network_total_mtu
- compute_networks_for_compute_instance
- compute_networks_for_compute_instance_group
- compute_networks_for_compute_subnetwork
- compute_networks_for_kubernetes_cluster
- compute_networks_for_sql_database_instance
- compute_routers_for_compute_network
- compute_subnetwork_network
- compute_subnetworks_for_compute_network
- compute_vpn_gateways_for_compute_network
- dns_policies_for_compute_network
- kubernetes_clusters_for_compute_network
- network_firewall_rules_count
- sql_database_instances_for_compute_network
Control examples
- All Controls > Compute > Compute Networks should have auto create subnetwork enabled
- CIS v1.2.0 > 2 Logging and Monitoring > 2.12 Ensure that Cloud DNS logging is enabled for all VPC networks
- CIS v1.2.0 > 3 Networking > 3.1 Ensure that the default network does not exist in a project
- CIS v1.2.0 > 3 Networking > 3.2 Ensure legacy networks do not exist for a project
- CIS v1.3.0 > 2 Logging and Monitoring > 2.12 Ensure that Cloud DNS logging is enabled for all VPC networks
- CIS v1.3.0 > 3 Networking > 3.1 Ensure that the default network does not exist in a project
- CIS v1.3.0 > 3 Networking > 3.2 Ensure legacy networks do not exist for a project
- CIS v2.0.0 > 2 Logging and Monitoring > 2.12 Ensure that Cloud DNS logging is enabled for all VPC networks
- CIS v2.0.0 > 3 Networking > 3.1 Ensure that the default network does not exist in a project
- CIS v2.0.0 > 3 Networking > 3.2 Ensure legacy networks do not exist for a project
- CIS v3.0.0 > 2 Logging and Monitoring > 2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks
- CIS v3.0.0 > 3 Networking > 3.1 Ensure That the Default Network Does Not Exist in a Project
- CIS v3.0.0 > 3 Networking > 3.2 Ensure Legacy Networks Do Not Exist for Older Projects
- Ensure legacy networks do not exist for a project
- Ensure that Cloud DNS logging is enabled for all VPC networks
- Ensure that the default network does not exist in a project
Schema for gcp_compute_network
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| auto_create_subnetworks | boolean | !=, = | When set to true, the VPC network is created in auto mode. When set to false, the VPC network is created in custom mode. |
| creation_timestamp | timestamp with time zone | Creation timestamp in RFC3339 text format. | |
| description | text | An optional description of this resource. Provide this field when you create the resource. | |
| gateway_ipv4 | inet | The gateway address for default routing out of the network, selected by GCP | |
| id | bigint | The unique identifier for the resource. This identifier is defined by the server. | |
| ipv4_range | cidr | The range of internal addresses that are legal on this network. Deprecated in favor of subnet mode networks. This range is a CIDR specification, for example: 192.168.0.0/16. Provided by the client when the network is created. | |
| kind | text | Type of the resource. Always compute#network for networks. | |
| location | text | The GCP multi-region, region, or zone in which the resource is located. | |
| mtu | bigint | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 and the maximum value is 1500 bytes. | |
| name | text | = | Name of the resource. Provided by the client when the resource is created. |
| peerings | jsonb | A list of network peerings for the resource. NetworkPeering: A network peering attached to a network resource. The message includes the peering name, peer network, peering state, and a flag indicating whether Google Compute Engine should automatically create routes for the peering | |
| project | text | =, !=, ~~, ~~*, !~~, !~~* | The GCP Project in which the resource is located. |
| routing_mode | text | The network-wide routing mode to use. If set to REGIONAL, this network's Cloud Routers will only advertise routes with subnets of this network in the same region as the router. If set to GLOBAL, this network's Cloud Routers will advertise routes with all subnets of this network, across regions. Possible values: "GLOBAL" "REGIONAL" | |
| self_link | text | Server-defined URL for the resource. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subnetworks | jsonb | Server-defined fully-qualified URLs for all subnetworks in this VPC network. | |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcpYou can pass the configuration to the command with the --config argument:
steampipe_export_gcp --config '<your_config>' gcp_compute_network