Top / Google Cloud Platform / Google Cloud Asset Inventory / Project Feed

Google Cloud Asset Inventory Project Feed

This page shows how to write Terraform for Cloud Asset Inventory Project Feed and write them securely.

Review your .tf file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

google_cloud_asset_project_feed (Terraform)

The Project Feed in Cloud Asset Inventory can be configured in Terraform with the resource name google_cloud_asset_project_feed. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

niveklabs/google

main.tf#L7

resource "google_cloud_asset_project_feed" "this" {
  asset_names     = var.asset_names
  asset_types     = var.asset_types
  billing_project = var.billing_project
  content_type    = var.content_type
  feed_id         = var.feed_id

Find out how to use this setting securely with Shisho Cloud

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

asset_names optional - list of string

A list of the full names of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.

asset_types optional - list of string

A list of types of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: "compute.googleapis.com/Disk" See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all supported asset types.

billing_project optional - string

The project whose identity will be used when sending messages to the destination pubsub topic. It also specifies the project for API enablement check, quota, and billing. If not specified, the resource's project will be used.

content_type optional - string

Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", "RESOURCE", "IAM_POLICY", "ORG_POLICY", "ACCESS_POLICY"]

feed_id required - string

This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.

id optional computed - string
name optional computed - string

The format will be projects/[projectNumber]/feeds/[client-assigned_feed_identifier].

project optional computed - string
condition list block
- description optional - string
Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression required - string
Textual representation of an expression in Common Expression Language syntax.
- location optional - string
String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title optional - string
Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
feed_output_config list block
- pubsub_destination list block
  - topic required - string
  Destination on Cloud Pubsub topic.
timeouts single block
- create optional - string
- delete optional - string
- update optional - string

>> from Terraform Registry

Explanation in Terraform Registry

Describes a Cloud Asset Inventory feed used to to listen to asset updates. To get more information about ProjectFeed, see:
API documentation
How-to Guides
Official Documentation resource "google_cloud_asset_project_feed" "project_feed" { project = "my-project-name" feed_id = "network-updates" content_type = "RESOURCE" asset_types = [
"compute.googleapis.com/Subnetwork", "compute.googleapis.com/Network", ] feed_output_config { pubsub_destination { topic = google_pubsub_topic.feed_output.id } } condition { expression = <<-EOT !temporal_asset.deleted && temporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST EOT title = "created" description = "Send notifications on creation events" }
Wait for the permission to be ready on the destination topic.
depends_on = [
google_pubsub_topic_iam_member.cloud_asset_writer, ] } resource "google_pubsub_topic" "feed_output" { project = "my-project-name" name = "network-updates" } data "google_project" "project" { project_id = "my-project-name" } resource "google_pubsub_topic_iam_member" "cloud_asset_writer" { project = "my-project-name" topic = google_pubsub_topic.feed_output.id role = "roles/pubsub.publisher" member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-cloudasset.iam.gserviceaccount.com" }

>> from Terraform Registry

The Other Related Google Cloud Asset Inventory Resources

Google Cloud Asset Inventory Folder Feed

Google Cloud Asset Inventory Organization Feed

Frequently asked questions

What is Google Cloud Asset Inventory Project Feed?

Google Cloud Asset Inventory Project Feed is a resource for Cloud Asset Inventory of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Cloud Asset Inventory Project Feed?

For Terraform, the niveklabs/google source code example is useful. See the Terraform Example section for further details.

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

google_cloud_asset_project_feed
Frequently asked questions