zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/cloud-operations
History
lcaggio 7555ec8859
Merge branch 'master' into asset_inventory 		2020-09-17 17:54:23 +02:00
..
asset-inventory-feed-remediation Add alias IP support in `compute-vm` (#127) 2020-08-29 10:12:30 +02:00
dns-fine-grained-iam Add alias IP support in `compute-vm` (#127) 2020-08-29 10:12:30 +02:00
quota-monitoring implement cf fix for https://issuetracker.google.com/issues/155215191 2020-09-01 07:52:48 +02:00
scheduled-asset-inventory-export-bq update diagram 2020-09-17 17:51:32 +02:00
README.md Merge branch 'master' into asset_inventory 2020-09-17 17:54:23 +02:00

README.md

Operations examples

The examples in this folder show how to wire together different Google Cloud services to simplify operations, and are meant for testing, or as minimal but sufficiently complete starting points for actual use.

Resource tracking and remediation via Cloud Asset feeds

This example shows how to leverage Cloud Asset Inventory feeds to stream resource changes in real time, and how to programmatically use the feed change notifications for alerting or remediation, via a Cloud Function wired to the feed PubSub queue.

The example's feed tracks changes to Google Compute instances, and the Cloud Function enforces policy compliance on each change so that tags match a set of simple rules. The obious use case is when instance tags are used to scope firewall rules, bu the example can easily be adapted to suit different use cases.


Scheduled Cloud Asset Inventory Export to Bigquery

This example shows how to leverage Cloud Asset Inventory Exporting to Bigquery feature to keep track of your organization wide assets over time storing information in Bigquery. Data stored in Bigquery can then be used for different purposes, for example: dashboarding, analysis.


Granular Cloud DNS IAM via Service Directory

This example shows how to leverage Service Directory and Cloud DNS Service Directory private zones, to implement fine-grained IAM controls on DNS. The example creates a Service Directory namespace, a Cloud DNS private zone that uses it as its authoritative source, service accounts with different levels of permissions, and VMs to test them.


Compute Engine quota monitoring

This example shows a practical way of collecting and monitoring Compute Engine resource quotas via Cloud Monitoring metrics as an alternative to the recently released built-in quota metrics. A simple alert on quota thresholds is also part of the example.