π Google Cloud Asset Inventory API is not enabled π’
- Contextual name: π Asset Inventory API is not enabled π’
- ID:
/ce/ca/google/api/cloud-asset-inventory - Located in: π Google API & Services
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
RELIABILITY
Similar Policiesβ
- Cloud Conformity
Logicβ
- π§ prod.logic.yaml π’
- π Google Project
- π Google Project - object.extracts.yaml
- π§ͺ test-data.json
Descriptionβ
Descriptionβ
GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.
Cloud Asset Inventory Service (CAIS) API enablement is not required for operation of the service, but rather enables the mechanism for searching/exporting CAIS asset data directly.
Rationaleβ
The GCP resources and IAM policies captured by GCP Cloud Asset Inventory enables security analysis, resource change tracking, and compliance auditing.
It is recommended GCP Cloud Asset Inventory be enabled for all GCP projects.
Auditβ
From Google Cloud Consoleβ
Ensure that the Cloud Asset API is enabled:
- Go to
API & Services/Libraryby visiting https://console.cloud.google.com/apis/library- Search for
Cloud Asset APIand select the result for Cloud Asset API- Ensure that
API Enabledis displayed.... see more
Remediationβ
Remediationβ
From Google Cloud Consoleβ
Enable the Cloud Asset API:
- Go to
API & Services/Libraryby visiting https://console.cloud.google.com/apis/library- Search for
Cloud Asset APIand select the result for Cloud Asset API- Click the
ENABLEbutton.From Google Cloud CLIβ
Enable the Cloud Asset API:
Enable the Cloud Asset API through the services interface:
gcloud services enable cloudasset.googleapis.com
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CIS GCP v3.0.0 β πΌ 2.13 Ensure Cloud Asset Inventory Is Enabled - Level 1 (Automated) | 1 | |||
| πΌ Cloudaware Framework β πΌ System Configuration | 24 |