Google Cloud Asset Inventory Folder Feed

This page shows how to write Terraform for Cloud Asset Inventory Folder Feed and write them securely.

google_cloud_asset_folder_feed (Terraform)

The Folder Feed in Cloud Asset Inventory can be configured in Terraform with the resource name google_cloud_asset_folder_feed. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L54
resource "google_cloud_asset_folder_feed" "feed_iam_policy_folder" {
  for_each        = var.feed_iam_policy_folders
  billing_project = var.project_id
  folder          = each.key
  feed_id         = "ram-iam-policy"
  content_type    = "IAM_POLICY"

Parameters

  • asset_names optional - list / string
    • A list of the full names of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.

  • asset_types optional - list / string
    • A list of types of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: "compute.googleapis.com/Disk" See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all supported asset types.

  • billing_project required - string
    • The project whose identity will be used when sending messages to the destination pubsub topic. It also specifies the project for API enablement check, quota, and billing.

  • content_type optional - string
    • Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY"]

  • feed_id required - string
    • This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.

  • folder required - string
    • The folder this feed should be created in.

  • folder_id requiredcomputed - string
    • The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] and folders/[FOLDER_NUMBER] are accepted.

  • id optionalcomputed - string
  • name requiredcomputed - string
    • The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}.

Explanation in Terraform Registry

Describes a Cloud Asset Inventory feed used to to listen to asset updates. To get more information about FolderFeed, see:

  • API documentation
  • How-to Guides
    • Official Documentation resource "google_cloud_asset_folder_feed" "folder_feed" { billing_project = "my-project-name" folder = google_folder.my_folder.folder_id feed_id = "network-updates" content_type = "RESOURCE" asset_types = [

      "compute.googleapis.com/Subnetwork", "compute.googleapis.com/Network", ] feed_output_config { pubsub_destination { topic = google_pubsub_topic.feed_output.id } } condition { expression = <<-EOT !temporal_asset.deleted && temporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST EOT title = "created" description = "Send notifications on creation events" }

    Wait for the permission to be ready on the destination topic.

    depends_on = [

    google_pubsub_topic_iam_member.cloud_asset_writer, ] } resource "google_pubsub_topic" "feed_output" { project = "my-project-name" name = "network-updates" } resource "google_folder" "my_folder" { display_name = "Networking" parent = "organizations/123456789" } data "google_project" "project" { project_id = "my-project-name" } resource "google_pubsub_topic_iam_member" "cloud_asset_writer" { project = "my-project-name" topic = google_pubsub_topic.feed_output.id role = "roles/pubsub.publisher" member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-cloudasset.iam.gserviceaccount.com" }

Frequently asked questions

What is Google Cloud Asset Inventory Folder Feed?

Google Cloud Asset Inventory Folder Feed is a resource for Cloud Asset Inventory of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Cloud Asset Inventory Folder Feed?

For Terraform, the BrunoReboul/terraform-google-realtime-asset-monitor source code example is useful. See the Terraform Example section for further details.

security-icon

Scan your IaC problem in 3 minutes for free

You can keep your IaC security for free. No credit card required.