GCP ModesΒΆ

Custodian can run in numerous modes depending with the default being pull Mode.

  • pull:

    Default mode, which runs locally where custodian is run.

    Schema:

    {}
    
  • gcp-periodic:

    Runs in GCP Functions at user defined cron interval.

    Schema:

    {
      "environment": {
        "type": "object"
      },
      "execution-options": {
        "type": "object"
      },
      "labels": {
        "type": "object"
      },
      "max-instances": {
        "type": "integer"
      },
      "memory-size": {
        "type": "integer"
      },
      "network": {
        "type": "string"
      },
      "region": {
        "type": "string"
      },
      "schedule": {
        "required": true,
        "type": "string"
      },
      "service-account": {
        "type": "string"
      },
      "timeout": {
        "type": "string"
      },
      "trigger-type": {
        "enum": [
          "http",
          "pubsub"
        ]
      },
      "tz": {
        "type": "string"
      }
    }
    
  • gcp-audit:

    Runs in GCP Functions triggered by Audit logs. This allows you to apply your policies as soon as events occur. Audit logs creates an event for every api call that occurs in your aws account. See GCP Audit Logs for more details.

    Schema:

    {
      "environment": {
        "type": "object"
      },
      "execution-options": {
        "type": "object"
      },
      "labels": {
        "type": "object"
      },
      "max-instances": {
        "type": "integer"
      },
      "memory-size": {
        "type": "integer"
      },
      "methods": {
        "items": {
          "type": "string"
        },
        "required": true,
        "type": "array"
      },
      "network": {
        "type": "string"
      },
      "region": {
        "type": "string"
      },
      "service-account": {
        "type": "string"
      },
      "timeout": {
        "type": "string"
      }
    }