Table: gcp_organization - Query GCP Organizations using SQL
A GCP Organization represents a collection of GCP resources that share common IAM policies. It is the root node in the GCP resource hierarchy and is associated with a domain that has a Google Workspace or Cloud Identity account. The Organization resource provides centralized control and oversight of all GCP resources.
Table Usage Guide
The gcp_organization table provides insights into GCP Organizations within Google Cloud Platform. As a cloud architect or administrator, explore organization-specific details through this table, including their associated metadata, lifecycle state, directory customer ID, and more. Utilize it to uncover information about organizations, such as their creation time, owner details, and the verification of IAM policies.
Important Notes
- This table requires the
resourcemanager.organizations.getpermission to retrieve organization details.
Examples
Basic info
Explore the general details of your Google Cloud Platform organizations, such as its display name, associated organization ID, lifecycle state, and creation time. This information can help you assess the status and history of your organizations, which can be useful for administrative and auditing purposes.
select display_name, organization_id, lifecycle_state, creation_timefrom gcp_organization;select display_name, organization_id, lifecycle_state, creation_timefrom gcp_organization;Get essential contacts for organizations
Explore which essential contacts are associated with specific organizations. This is useful for quickly identifying key contacts within each organization, which can streamline communication and improve operational efficiency.
select organization_id, jsonb_pretty(essential_contacts) as essential_contactsfrom gcp_organization;select organization_id, essential_contactsfrom gcp_organization;Control examples
- 1.1 Ensure that corporate login credentials are used
- 1.1 Ensure that corporate login credentials are used
- 1.1 Ensure that corporate login credentials are used
- 1.16 Ensure essential contacts is configured for Organization
- 1.16 Ensure essential contacts is configured for Organization
- Ensure essential contacts is configured for Organization
- Only allow members from my domain to be added to IAM roles
Schema for gcp_organization
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| creation_time | timestamp with time zone | Timestamp when the Organization was created. | |
| directory_customer_id | text | The G Suite customer id used in the Directory API. | |
| display_name | text | A human-readable string that refers to the Organization in the GCP Console UI. This string is set by the server and cannot be changed. | |
| essential_contacts | jsonb | The contacts for the specified resource. | |
| lifecycle_state | text | The organization's current lifecycle state. | |
| name | text | The resource name of the organization. | |
| organization_id | bigint | An unique, system generated ID for organization. | |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcpYou can pass the configuration to the command with the --config argument:
steampipe_export_gcp --config '<your_config>' gcp_organization