GCP ModesΒΆ

Custodian can run in numerous modes depending with the default being pull mode.

  • pull:

    Default mode, which runs locally where custodian is run.

    properties:
      type:
        enum:
        - pull
    required:
    - type
    
  • gcp-periodic:

    Runs in GCP Functions at user defined cron interval.

    properties:
      environment:
        type: object
      execution-options:
        type: object
      labels:
        type: object
      max-instances:
        type: integer
      memory-size:
        type: integer
      network:
        type: string
      region:
        type: string
      schedule:
        type: string
      service-account:
        type: string
      timeout:
        type: string
      trigger-type:
        enum:
        - http
        - pubsub
      type:
        enum:
        - gcp-periodic
      tz:
        type: string
    required:
    - schedule
    - type
    
  • gcp-audit:

    Runs in GCP Functions triggered by Audit logs. This allows you to apply your policies as soon as events occur. Audit logs creates an event for every api call that occurs in your aws account. See GCP Audit Logs for more details.

    properties:
      environment:
        type: object
      execution-options:
        type: object
      labels:
        type: object
      max-instances:
        type: integer
      memory-size:
        type: integer
      methods:
        items:
          type: string
        type: array
      network:
        type: string
      region:
        type: string
      service-account:
        type: string
      timeout:
        type: string
      type:
        enum:
        - gcp-audit
    required:
    - methods
    - type