Table: gcp_compute_resource_policy - Query GCP Compute Engine Resource Policies using SQL
Resource Policies in Google Cloud's Compute Engine are used to schedule operations for your instances. For example, they can be used to schedule periodic snapshot creation for persistent disk, VM start and stop schedules, and more. These policies help to automate routine tasks, which can increase operational efficiency and reduce the potential for error.
Table Usage Guide
The gcp_compute_resource_policy table offers insights into Resource Policies within Google Cloud's Compute Engine. As a cloud engineer, you can leverage this table to explore policy-specific details, including the scheduled operations, the frequency of these operations, and the instances to which they apply. Use this table to understand your resource scheduling policies, verify their configurations, and ensure they are operating as intended.
Examples
Basic info
Explore which GCP compute resource policies are currently active by assessing their status, providing a quick way to monitor and manage your resources effectively.
select name, status, self_linkfrom gcp_compute_resource_policy;select name, status, self_linkfrom gcp_compute_resource_policy;List policies used to schedule an instance
Explore which policies are used to schedule instances in your GCP Compute Engine. This can help you understand and manage your resource allocation more effectively.
select p.name as policy_name, i.name, p.instance_schedule_policyfrom gcp_compute_resource_policy as p join gcp_compute_instance as i on i.resource_policies ?| array [ p.self_link ]where p.instance_schedule_policy is not null;select p.name as policy_name, i.name, p.instance_schedule_policyfrom gcp_compute_resource_policy as p join gcp_compute_instance as i on json_extract(i.resource_policies, p.self_link) is not nullwhere p.instance_schedule_policy is not null;List invalid policies
Explore which policies in your Google Cloud Platform compute resources are invalid. This can be beneficial for maintaining optimal resource management and troubleshooting potential issues.
select name, self_link, statusfrom gcp_compute_resource_policywhere status = 'INVALID';select name, self_link, statusfrom gcp_compute_resource_policywhere status = 'INVALID';Schema for gcp_compute_resource_policy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| creation_timestamp | timestamp with time zone | The date and time, when the policy was created. | |
| description | text | An user-defined, human-readable description for this resource. | |
| group_placement_policy | jsonb | Resource policy for instances for placement configuration. | |
| iam_policy | jsonb | An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. | |
| id | bigint | The unique identifier for the resource. | |
| instance_schedule_policy | jsonb | Resource policy for scheduling instance operations. | |
| kind | text | Type of the resource. Always compute#resource_policies for resource policies. | |
| location | text | The GCP multi-region, region, or zone in which the resource is located. | |
| name | text | = | The name of the resource, provided by the client when initially creating the resource. |
| project | text | The GCP Project in which the resource is located. | |
| resource_status | jsonb | The system status of the resource policy. | |
| self_link | text | A server-defined fully-qualified URL for this resource. | |
| snapshot_schedule_policy | jsonb | Resource policy for persistent disks for creating snapshots. | |
| status | text | !=, = | The status of resource policy creation. Possible values are: 'CREATING', 'DELETING', 'INVALID', and 'READY'. |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcpYou can pass the configuration to the command with the --config argument:
steampipe_export_gcp --config '<your_config>' gcp_compute_resource_policy