Control: 2.13 Ensure Cloud Asset Inventory Is Enabled
Description
GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.
The GCP resources and IAM policies captured by GCP Cloud Asset Inventory enables security analysis, resource change tracking, and compliance auditing.
Remediation
From Console
Enable the Cloud Asset API:
- Go to API & Services/Library by visiting https://console.cloud.google.com/apis/library
- Search for Cloud Asset API and select the result for Cloud Asset API
- Click the ENABLE button.
From Command Line
Enable the Cloud Asset API:
- Enable the Cloud Asset API through the services interface:
gcloud services enable cloudasset.googleapis.com
Default Value: The Cloud Asset Inventory API is disabled by default in each project.
Usage
Run the control in your terminal:
powerpipe control run gcp_compliance.control.cis_v130_2_13
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run gcp_compliance.control.cis_v130_2_13 --share
SQL
This control uses a named query:
project_service_cloudasset_api_enabled