Cloud Asset Inventory
A global metadata inventory service for managing Google Cloud resources and policies.
| Category | Compliance & Governance |
|---|---|
| This page updated | 2 months ago |
| Pricing Details | Pricing may vary based on data retention and export operations. |
| Target Audience | Cloud administrators, DevOps engineers, and IT professionals managing Google Cloud environments. |
Cloud Asset Inventory manages maintaining visibility and control over the vast array of resources and policies within Google Cloud environments. This global metadata inventory service enables you to view, search, export, monitor, and analyze your Google Cloud asset metadata, including up to 35 days of create, update, and delete history.
Technically, Cloud Asset Inventory aggregates metadata from various sources such as Google Cloud resources (e.g., Compute Engine VM instances, Cloud Storage buckets), policies (IAM policies, organization policies, Access Context Manager policies), and runtime information from OS inventory management. The service supports multiple asset types, including resources, policies, and relationships, which can be specified in requests to tailor the response detail.
To interact with Cloud Asset Inventory, you can use the Cloud Asset API, which provides methods for listing, searching, and exporting assets. The API allows you to specify asset types, asset names, and content types to retrieve detailed metadata. For example, content types such as RESOURCE, IAM_POLICY, and OS_INVENTORY can be requested to obtain specific metadata about the assets.
Operationally, enabling Cloud Asset Inventory involves activating the Cloud Asset Inventory API and creating asset feeds. This can be done using the gcloud CLI or through programming languages like Python by leveraging the google-cloud-asset library. Authentication and authorization are managed through service accounts and IAM roles, ensuring that only authorized entities can access and manipulate asset metadata.
Key operational considerations include managing the retention period of asset metadata, which is limited to 35 days, and handling the scalability of the service. While Cloud Asset Inventory provides real-time monitoring capabilities, it may incur additional costs for data retention and export operations, particularly in multi-project or multi-organization setups.
In terms of technical details, the service uses a time series database to store asset metadata, allowing for efficient querying and analysis. The API supports various methods such as ListAssets, SearchAllResources, and ExportAssets, each with specific parameters and response formats. For instance, the SearchAllResources method can be used to query resources across an entire organization with sub-minute granularity for most metrics.