Table: gcp_project - Query Google Cloud Platform Projects using SQL
A Google Cloud Platform Project acts as an organizational unit within GCP where resources are allocated. It is used to group resources that belong to the same logical application or business unit. Each project is linked to a billing account and can have users, roles, and permissions assigned to it.
Table Usage Guide
The gcp_project
table provides insights into Projects within Google Cloud Platform. As a DevOps engineer, explore project-specific details through this table, including ID, name, labels, and lifecycle state. Utilize it to uncover information about projects, such as their associated resources, user roles, permissions, and billing details.
Examples
Basic info
Explore which Google Cloud Platform projects are active, by looking at their lifecycle state and creation time. This can help you manage resources effectively and keep track of ongoing projects.
select name, project_id, project_number, lifecycle_state, create_timefrom gcp_project;
select name, project_id, project_number, lifecycle_state, create_timefrom gcp_project;
Get access approval settings for all projects
Explore the access approval settings across your various projects. This can help you understand and manage permissions and approvals more effectively.
select name, jsonb_pretty(access_approval_settings) as access_approval_settingsfrom gcp_project;
select name, access_approval_settingsfrom gcp_project;
Query examples
- compute_disk_by_project
- compute_disk_encryption_table
- compute_disk_storage_by_project
- compute_instance_by_project
- compute_network_by_project
- kms_key_age_table
- kms_key_by_project
- kubernetes_cluster_by_project
- project_count
- project_table
- service_account_key_age_table
- sql_database_instance_by_project
- storage_bucket_age_table
- storage_bucket_by_project
Control examples
- 1.12 Ensure API keys are not created for a project
- 1.12 Ensure API keys are not created for a project
- 1.12 Ensure API Keys Only Exist for Active Services
- 1.18 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager
- 1.18 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager
- 1.2 Ensure that multi-factor authentication is enabled for all non-service accounts
- 1.2 Ensure that multi-factor authentication is enabled for all non-service accounts
- 1.2 Ensure that multi-factor authentication is enabled for all non-service accounts
- 1.3 Ensure that Security Key Enforcement is enabled for all admin accounts
- 1.3 Ensure that Security Key Enforcement is enabled for all admin accounts
- 1.3 Ensure that Security Key Enforcement is enabled for all admin accounts
- 2.10 Ensure that the log metric filter and alerts exist for Cloud Storage IAM permission changes
- 2.10 Ensure that the log metric filter and alerts exist for Cloud Storage IAM permission changes
- 2.10 Ensure that the log metric filter and alerts exist for Cloud Storage IAM permission changes
- 2.11 Ensure that the log metric filter and alerts exist for SQL instance configuration changes
- 2.11 Ensure that the log metric filter and alerts exist for SQL instance configuration changes
- 2.11 Ensure that the log metric filter and alerts exist for SQL instance configuration changes
- 2.14 Ensure 'Access Transparency' is 'Enabled'
- 2.14 Ensure 'Access Transparency' is 'Enabled'
- 2.15 Ensure 'Access Approval' is 'Enabled'
- 2.15 Ensure 'Access Approval' is 'Enabled'
- 2.2 Ensure that sinks are configured for all log entries
- 2.2 Ensure that sinks are configured for all log entries
- 2.2 Ensure that sinks are configured for all log entries
- 2.4 Ensure log metric filter and alerts exist for project ownership assignments/changes
- 2.4 Ensure log metric filter and alerts exist for project ownership assignments/changes
- 2.4 Ensure log metric filter and alerts exist for project ownership assignments/changes
- 2.5 Ensure that the log metric filter and alerts exist for Audit Configuration changes
- 2.5 Ensure that the log metric filter and alerts exist for Audit Configuration changes
- 2.5 Ensure that the log metric filter and alerts exist for Audit Configuration changes
- 2.6 Ensure that the log metric filter and alerts exist for Custom Role changes
- 2.6 Ensure that the log metric filter and alerts exist for Custom Role changes
- 2.6 Ensure that the log metric filter and alerts exist for Custom Role changes
- 2.7 Ensure that the log metric filter and alerts exist for VPC Network Firewall rule changes
- 2.7 Ensure that the log metric filter and alerts exist for VPC Network Firewall rule changes
- 2.7 Ensure that the log metric filter and alerts exist for VPC Network Firewall rule changes
- 2.8 Ensure that the log metric filter and alerts exist for VPC network route changes
- 2.8 Ensure that the log metric filter and alerts exist for VPC network route changes
- 2.8 Ensure that the log metric filter and alerts exist for VPC network route changes
- 2.9 Ensure that the log metric filter and alerts exist for VPC network changes
- 2.9 Ensure that the log metric filter and alerts exist for VPC network changes
- 2.9 Ensure that the log metric filter and alerts exist for VPC network changes
- 4.10 Ensure that App Engine applications enforce HTTPS connections
- 4.10 Ensure that App Engine applications enforce HTTPS connections
- 4.10 Ensure that App Engine applications enforce HTTPS connections
- 4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
- 4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
- 6.1.1 Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges
- 6.1.1 Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges
- 6.1.1 Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges
- 6.2.1 Ensure 'log_error_verbosity' database flag for Cloud SQL PostgreSQL instance is set to 'DEFAULT' or stricter
- 6.2.13 Ensure that the 'log_min_messages' database flag for Cloud SQL PostgreSQL instance is set appropriately
- 6.2.2 Ensure 'log_error_verbosity' database flag for Cloud SQL PostgreSQL instance is set to 'DEFAULT' or stricter
- 6.2.4 Ensure 'log_statement' database flag for Cloud SQL PostgreSQL instance is set appropriately
- 6.2.6 Ensure that the 'log_min_messages' database flag for Cloud SQL PostgreSQL instance is set appropriately
- 6.2.7 Ensure 'log_statement' database flag for Cloud SQL PostgreSQL instance is set appropriately
- Ensure 'Access Approval' is 'Enabled'
- Ensure log metric filter and alerts exist for project ownership assignments/changes
- Ensure that sinks are configured for all log entries
- Ensure that the log metric filter and alerts exist for Audit Configuration changes
- Ensure that the log metric filter and alerts exist for Cloud Storage IAM permission changes
- Ensure that the log metric filter and alerts exist for Custom Role changes
- Ensure that the log metric filter and alerts exist for SQL instance configuration changes
- Ensure that the log metric filter and alerts exist for VPC network changes
- Ensure that the log metric filter and alerts exist for VPC Network Firewall rule changes
- Ensure that the log metric filter and alerts exist for VPC network route changes
- Limit the number of App Engine application versions simultaneously running or installed
- Project should not have use api keys
Schema for gcp_project
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
access_approval_settings | jsonb | The access approval settings associated with this project. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
create_time | timestamp with time zone | Creation time of the project. | |
labels | jsonb | A list of labels attached to this project. | |
lifecycle_state | text | Specifies the project lifecycle state. | |
name | text | The name of the project. | |
parent | jsonb | An optional reference to a parent Resource. | |
project_id | text | An unique, user-assigned ID of the Project. | |
project_number | bigint | The number uniquely identifying the project. | |
self_link | text | Server-defined URL for the resource. | |
tags | jsonb | A map of tags for the resource. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp
You can pass the configuration to the command with the --config
argument:
steampipe_export_gcp --config '<your_config>' gcp_project