GCP Execution Modes¶
pull¶
Pull mode execution of a policy.
Queries resources from cloud provider for filtering and actions.
properties:
type:
enum:
- pull
required:
- type
gcp-audit¶
Custodian policy execution on gcp api audit logs events.
Deploys as a Cloud Function triggered by api calls. This allows you to apply your policies as soon as an api call occurs. Audit logs creates an event for every api call that occurs in your gcp account. See GCP Audit Logs for more details.
Default region the function is deployed to is
us-central1
. In case you want to change that, use the cli
--region
flag.
properties:
environment:
patternProperties:
? ''
: type: string
type: object
execution-options:
patternProperties:
? ''
: oneOf:
- type: string
- type: boolean
- type: number
type: object
labels:
patternProperties:
? ''
: type: string
type: object
max-instances:
type: integer
memory-size:
type: integer
methods:
items:
type: string
type: array
network:
type: string
service-account:
type: string
timeout:
type: string
type:
enum:
- gcp-audit
required:
- methods
- type
gcp-periodic¶
Deploy a policy as a Cloud Functions triggered by Cloud Scheduler at user defined cron interval via Pub/Sub.
Default region the function is deployed to is us-central1
. In
case you want to change that, use the cli --region
flag.
properties:
environment:
patternProperties:
? ''
: type: string
type: object
execution-options:
patternProperties:
? ''
: oneOf:
- type: string
- type: boolean
- type: number
type: object
labels:
patternProperties:
? ''
: type: string
type: object
max-instances:
type: integer
memory-size:
type: integer
network:
type: string
schedule:
type: string
service-account:
type: string
timeout:
type: string
trigger-type:
enum:
- http
- pubsub
type:
enum:
- gcp-periodic
tz:
type: string
required:
- schedule
- type