1b5af2d923
* first working example for asset inventory feeds * move tf files out of the tf folder * add input/outputs to README * smaller diagram * use narrow scoped service account for cf, account for gke tags in code * Update README.md * new top-level folder README * Update README.md * add TODO for DNS example in operations README * fix README conflict * Update README.md * Update README.md * update diagram * cloud shell * cloud shell * Update README.md * rename outputs, first complete README draft * Update main.py * Update README.md * Update README.md * better error handling in the cloud function * remove branch from cloud shell link |
||
|---|---|---|
| .. | ||
| asset-inventory-feed-remediation | ||
| README.md | ||
README.md
Operations examples
The examples in this folder show how to wire together different Google Cloud services to simplify operations, and are meant for testing, or as minimal but sufficiently complete starting points for actual use.
Resource tracking and remediation via Cloud Asset feeds
This example shows how to leverage Cloud Asset Inventory feeds to stream resource changes in real time, and how to programmatically use the feed change notifications for alerting or remediation, via a Cloud Function wired to the feed PubSub queue.
The example's feed tracks changes to Google Compute instances, and the Cloud Function enforces policy compliance on each change so that tags match a set of simple rules. The obious use case is when instance tags are used to scope firewall rules, bu the example can easily be adapted to suit different use cases.
Granular Cloud DNS IAM via Service Directory
TODO(ludoo): publish the working example