About the Chef InSpec Google Cloud Platform resource pack
Chef InSpec has resources for auditing Google Cloud Platform (GCP).
Prerequisites
To use Chef InSpec GCP resources:
Initialize an InSpec profile for auditing GCP
To use the GCP resources, follow these steps:
Create a service account with the scopes appropriate for your needs.
Download the credential JSON file, for example
project-credentials.json, to your workspace and activate your service account:gcloud auth activate-service-account --key-file project-credentials.jsonCreate an InSpec profile for testing GCP resources:
inspec init profile --platform gcp <PROFILE_NAME>Create controls using the resources listed below.
Assuming the
inputs.ymlfile contains your GCP project ID, you execute the profile can then be executed using the following command:inspec exec <PROFILE_NAME> --input-file=<PROFILE_NAME>/inputs.yml -t gcp://
Google Cloud Platform resources
The following InSpec Google Cloud resources are available in this resource pack.
- google_access_context_manager_access_level resource
- google_access_context_manager_access_levels resource
- google_access_context_manager_access_policies resource
- google_access_context_manager_access_policy resource
- google_access_context_manager_service_perimeter resource
- google_access_context_manager_service_perimeters resource
- google_apigee_endpoint_attachment resource
- google_apigee_endpoint_attachments resource
- google_apigee_organization resource
- google_apigee_organization_api resource
- google_apigee_organization_apis resource
- google_apigee_organization_envgroup resource
- google_apigee_organization_envgroup_attachment resource
- google_apigee_organization_envgroup_attachments resource
- google_apigee_organization_envgroups resource
- google_apigee_organization_instance_attachment resource
- google_apigee_organization_instance_attachments resource
- google_apigee_organizations resource
- google_appengine_standard_app_version resource
- google_appengine_standard_app_versions resource
- google_artifactregistry_project_location_repositories resource
- google_artifactregistry_project_location_repository resource
- google_bigquery_dataset resource
- google_bigquery_datasets resource
- google_bigquery_table resource
- google_bigquery_tables resource
- google_bigtableadmin_cluster resource
- google_bigtableadmin_cluster_backup resource
- google_bigtableadmin_cluster_backups resource
- google_bigtableadmin_clusters resource
- google_bigtableadmin_instance_app_profile resource
- google_bigtableadmin_instance_app_profiles resource
- google_billing_project_billing_info resource
- google_cloud_scheduler_job resource
- google_cloud_scheduler_jobs resource
- google_cloudbuild_trigger resource
- google_cloudbuild_triggers resource
- google_cloudfunctions_cloud_function resource
- google_cloudfunctions_cloud_functions resource
- google_composer_project_location_environment resource
- google_composer_project_location_environments resource
- google_composer_project_location_image_versions resource
- google_compute_accelerator_type resource
- google_compute_accelerator_types resource
- google_compute_address resource
- google_compute_addresses resource
- google_compute_autoscaler resource
- google_compute_autoscalers resource
- google_compute_backend_bucket resource
- google_compute_backend_buckets resource
- google_compute_backend_service resource
- google_compute_backend_services resource
- google_compute_disk resource
- google_compute_disk_type resource
- google_compute_disk_types resource
- google_compute_disks resource
- google_compute_external_vpn_gateway resource
- google_compute_external_vpn_gateways resource
- google_compute_firewall resource
- google_compute_firewalls resource
- google_compute_forwarding_rule resource
- google_compute_forwarding_rules resource
- google_compute_global_address resource
- google_compute_global_addresses resource
- google_compute_global_forwarding_rule resource
- google_compute_global_forwarding_rules resource
- google_compute_global_network_endpoint_group resource
- google_compute_global_network_endpoint_groups resource
- google_compute_global_operation resource
- google_compute_global_operations resource
- google_compute_health_check resource
- google_compute_health_check_service resource
- google_compute_health_check_services resource
- google_compute_health_checks resource
- google_compute_http_health_check resource
- google_compute_http_health_checks resource
- google_compute_https_health_check resource
- google_compute_https_health_checks resource
- google_compute_image resource
- google_compute_image_family_view resource
- google_compute_instance resource
- google_compute_instance_group resource
- google_compute_instance_group_manager resource
- google_compute_instance_group_managers resource
- google_compute_instance_groups resource
- google_compute_instance_template resource
- google_compute_instance_templates resource
- google_compute_instances resource
- google_compute_interconnect resource
- google_compute_interconnect_attachment resource
- google_compute_interconnect_attachments resource
- google_compute_interconnect_location resource
- google_compute_interconnect_locations resource
- google_compute_interconnects resource
- google_compute_license resource
- google_compute_license_code resource
- google_compute_licenses resource
- google_compute_machine_image resource
- google_compute_machine_images resource
- google_compute_machine_type resource
- google_compute_machine_types resource
- google_compute_network resource
- google_compute_network_attachment resource
- google_compute_network_attachments resource
- google_compute_network_edge_security_service resource
- google_compute_network_endpoint_group resource
- google_compute_network_endpoint_groups resource
- google_compute_network_firewall_policies resource
- google_compute_network_firewall_policy resource
- google_compute_networks resource
- google_compute_node_group resource
- google_compute_node_groups resource
- google_compute_node_template resource
- google_compute_node_templates resource
- google_compute_node_type resource
- google_compute_node_types resource
- google_compute_packet_mirroring resource
- google_compute_packet_mirrorings resource
- google_compute_project_info resource
- google_compute_public_delegated_prefix resource
- google_compute_public_delegated_prefixes resource
- google_compute_region resource
- google_compute_region_autoscaler resource
- google_compute_region_autoscalers resource
- google_compute_region_backend_service resource
- google_compute_region_backend_services resource
- google_compute_region_commitment resource
- google_compute_region_commitments resource
- google_compute_region_disk_type resource
- google_compute_region_disk_types resource
- google_compute_region_health_check resource
- google_compute_region_health_checks resource
- google_compute_region_instance_group resource
- google_compute_region_instance_group_manager resource
- google_compute_region_instance_group_managers resource
- google_compute_region_instance_groups resource
- google_compute_region_network_endpoint_group resource
- google_compute_region_network_endpoint_groups resource
- google_compute_region_operation resource
- google_compute_region_operations resource
- google_compute_region_security_policies resource
- google_compute_region_security_policy resource
- google_compute_region_ssl_policies resource
- google_compute_region_ssl_policy resource
- google_compute_region_target_http_proxies resource
- google_compute_region_target_http_proxy resource
- google_compute_region_target_https_proxies resource
- google_compute_region_target_https_proxy resource
- google_compute_region_url_map resource
- google_compute_region_url_maps resource
- google_compute_regional_disk resource
- google_compute_regional_disks resource
- google_compute_regions resource
- google_compute_reservation resource
- google_compute_reservations resource
- google_compute_resource_policies resource
- google_compute_resource_policy resource
- google_compute_route resource
- google_compute_router resource
- google_compute_router_nat resource
- google_compute_router_nats resource
- google_compute_routers resource
- google_compute_routes resource
- google_compute_security_policies resource
- google_compute_security_policy resource
- google_compute_service_attachment resource
- google_compute_service_attachments resource
- google_compute_snapshot resource
- google_compute_snapshots resource
- google_compute_ssl_certificate resource
- google_compute_ssl_certificates resource
- google_compute_ssl_policies resource
- google_compute_ssl_policy resource
- google_compute_subnetwork resource
- google_compute_subnetwork_iam_binding resource
- google_compute_subnetwork_iam_policy resource
- google_compute_subnetworks resource
- google_compute_target_grpc_proxies resource
- google_compute_target_grpc_proxy resource
- google_compute_target_http_proxies resource
- google_compute_target_http_proxy resource
- google_compute_target_https_proxies resource
- google_compute_target_https_proxy resource
- google_compute_target_instance resource
- google_compute_target_instances resource
- google_compute_target_pool resource
- google_compute_target_pools resource
- google_compute_target_ssl_proxies resource
- google_compute_target_ssl_proxy resource
- google_compute_target_tcp_proxies resource
- google_compute_target_tcp_proxy resource
- google_compute_target_vpn_gateway resource
- google_compute_target_vpn_gateways resource
- google_compute_url_map resource
- google_compute_url_maps resource
- google_compute_vpn_gateway resource
- google_compute_vpn_gateways resource
- google_compute_vpn_tunnel resource
- google_compute_vpn_tunnels resource
- google_compute_xpn_resources resource
- google_compute_zone resource
- google_compute_zone_operation resource
- google_compute_zone_operations resource
- google_compute_zones resource
- google_container_cluster resource
- google_container_clusters resource
- google_container_node_pool resource
- google_container_node_pools resource
- google_container_regional_cluster resource
- google_container_regional_clusters resource
- google_container_regional_node_pool resource
- google_container_regional_node_pools resource
- google_container_server_config resource
- google_data_fusion_instance resource
- google_data_fusion_instances resource
- google_dataflow_project_location_job resource
- google_dataflow_project_location_jobs resource
- google_dataproc_autoscaling_policies resource
- google_dataproc_autoscaling_policy resource
- google_dataproc_batch resource
- google_dataproc_batches resource
- google_dataproc_cluster resource
- google_dataproc_clusters resource
- google_dataproc_job resource
- google_dataproc_jobs resource
- google_dataproc_metastore_federation resource
- google_dataproc_metastore_federations resource
- google_dataproc_metastore_service resource
- google_dataproc_metastore_service_backup resource
- google_dataproc_metastore_service_backups resource
- google_dataproc_metastore_services resource
- google_dataproc_session resource
- google_dataproc_sessions resource
- google_dataproc_workflow_template resource
- google_dataproc_workflow_templates resource
- google_dlp_dt resource
- google_dlp_dts resource
- google_dlp_inspect_template resource
- google_dlp_inspect_templates resource
- google_dlp_job resource
- google_dlp_job_trigger resource
- google_dlp_job_triggers resource
- google_dlp_jobs resource
- google_dlp_stored_info_type resource
- google_dlp_stored_info_types resource
- google_dns_managed_zone resource
- google_dns_managed_zones resource
- google_dns_resource_record_set resource
- google_dns_resource_record_sets resource
- google_filestore_instance resource
- google_filestore_instances resource
- google_iam_custom_role resource
- google_iam_custom_roles resource
- google_iam_organization_custom_role resource
- google_iam_organization_custom_roles resource
- google_iam_service_account resource
- google_iam_service_account_key resource
- google_iam_service_account_keys resource
- google_iam_service_accounts resource
- google_kms_crypto_key resource
- google_kms_crypto_key_iam_binding resource
- google_kms_crypto_key_iam_bindings resource
- google_kms_crypto_key_iam_policy resource
- google_kms_crypto_key_version resource
- google_kms_crypto_key_versions resource
- google_kms_crypto_keys resource
- google_kms_ekm_connection resource
- google_kms_ekm_connections resource
- google_kms_key_ring resource
- google_kms_key_ring_iam_binding resource
- google_kms_key_ring_iam_bindings resource
- google_kms_key_ring_iam_policy resource
- google_kms_key_ring_import_job resource
- google_kms_key_ring_import_jobs resource
- google_kms_key_rings resource
- google_kms_location resource
- google_kms_locations resource
- google_logging_folder_exclusion resource
- google_logging_folder_exclusions resource
- google_logging_folder_log_sink resource
- google_logging_folder_log_sinks resource
- google_logging_organization_log_sink resource
- google_logging_organization_log_sinks resource
- google_logging_project_exclusion resource
- google_logging_project_exclusions resource
- google_logging_project_sink resource
- google_logging_project_sinks resource
- google_memcache_instance resource
- google_memcache_instances resource
- google_ml_engine_model resource
- google_ml_engine_models resource
- google_monitoring_group resource
- google_monitoring_groups resource
- google_organization resource
- google_organization_iam_binding resource
- google_organization_iam_policy resource
- google_organization_policy resource
- google_organizations resource
- google_orgpolicy_folder_constraints resource
- google_orgpolicy_folder_policies resource
- google_orgpolicy_folder_policy resource
- google_orgpolicy_organization_constraints resource
- google_orgpolicy_organization_policies resource
- google_orgpolicy_organization_policy resource
- google_orgpolicy_project_constraints resource
- google_orgpolicy_project_policies resource
- google_orgpolicy_project_policy resource
- google_project resource
- google_project_alert_policies resource
- google_project_alert_policy resource
- google_project_alert_policy_condition resource
- google_project_iam_binding resource
- google_project_iam_bindings resource
- google_project_iam_custom_role resource
- google_project_iam_custom_roles resource
- google_project_iam_policy resource
- google_project_logging_audit_config resource
- google_project_metric resource
- google_project_metrics resource
- google_project_service resource
- google_project_services resource
- google_projects resource
- google_pubsub_subscription resource
- google_pubsub_subscription_iam_binding resource
- google_pubsub_subscription_iam_policy resource
- google_pubsub_subscriptions resource
- google_pubsub_topic resource
- google_pubsub_topic_iam_binding resource
- google_pubsub_topic_iam_policy resource
- google_pubsub_topics resource
- google_redis_instance resource
- google_redis_instances resource
- google_resourcemanager_folder resource
- google_resourcemanager_folder_iam_binding resource
- google_resourcemanager_folder_iam_policy resource
- google_resourcemanager_folders resource
- google_resourcemanager_organization_policy resource
- google_resourcemanager_project_iam_binding resource
- google_resourcemanager_project_iam_policy resource
- google_run_job resource
- google_run_jobs resource
- google_run_service resource
- google_run_services resource
- google_runtime_config_config resource
- google_runtime_config_config_iam_binding resource
- google_runtime_config_config_iam_policy resource
- google_runtime_config_configs resource
- google_runtime_config_variable resource
- google_runtime_config_variables resource
- google_secret_manager_secret resource
- google_secret_manager_secrets resource
- google_service_account resource
- google_service_account_key resource
- google_service_account_keys resource
- google_service_accounts resource
- google_service_networking_service_connections resource
- google_sourcerepo_repositories resource
- google_sourcerepo_repository resource
- google_spanner_database resource
- google_spanner_databases resource
- google_spanner_instance resource
- google_spanner_instance_iam_binding resource
- google_spanner_instance_iam_policy resource
- google_spanner_instances resource
- google_sql_connect resource
- google_sql_database resource
- google_sql_database_instance resource
- google_sql_database_instances resource
- google_sql_databases resource
- google_sql_flags resource
- google_sql_operation resource
- google_sql_operations resource
- google_sql_ssl_cert resource
- google_sql_ssl_certs resource
- google_sql_user resource
- google_sql_users resource
- google_storage_bucket resource
- google_storage_bucket_acl resource
- google_storage_bucket_iam_binding resource
- google_storage_bucket_iam_bindings resource
- google_storage_bucket_iam_policy resource
- google_storage_bucket_object resource
- google_storage_bucket_objects resource
- google_storage_buckets resource
- google_storage_default_object_acl resource
- google_storage_object_acl resource
- google_user resource
- google_users resource
- google_vertex_ai_batch_prediction_job resource
- google_vertex_ai_batch_prediction_jobs resource
- google_vertex_ai_custom_job resource
- google_vertex_ai_custom_jobs resource
- google_vertex_ai_dataset resource
- google_vertex_ai_dataset_data_item_annotations resource
- google_vertex_ai_datasets resource
- google_vertex_ai_datasets_annotation_spec resource
- google_vertex_ai_datasets_data_items resource
- google_vertex_ai_datasets_saved_queries resource
- google_vertex_ai_endpoint resource
- google_vertex_ai_endpoints resource
- google_vertex_ai_featurestore resource
- google_vertex_ai_featurestore_entity_type_feature resource
- google_vertex_ai_featurestore_entity_type_features resource
- google_vertex_ai_featurestores resource
- google_vertex_ai_featurestores_entity_type resource
- google_vertex_ai_featurestores_entity_types resource
- google_vertex_ai_hyperparameter_tuning_job resource
- google_vertex_ai_hyperparameter_tuning_jobs resource
- google_vertex_ai_index resource
- google_vertex_ai_index_endpoint resource
- google_vertex_ai_index_endpoints resource
- google_vertex_ai_indices resource
- google_vertex_ai_metadata_store resource
- google_vertex_ai_metadata_stores resource
- google_vertex_ai_metadata_stores_artifact resource
- google_vertex_ai_metadata_stores_artifacts resource
- google_vertex_ai_metadata_stores_context resource
- google_vertex_ai_metadata_stores_contexts resource
- google_vertex_ai_metadata_stores_execution resource
- google_vertex_ai_metadata_stores_executions resource
- google_vertex_ai_metadata_stores_metadata_schema resource
- google_vertex_ai_metadata_stores_metadata_schemas resource
- google_vertex_ai_model resource
- google_vertex_ai_model_deployment_monitoring_job resource
- google_vertex_ai_model_deployment_monitoring_jobs resource
- google_vertex_ai_model_evaluation_slice resource
- google_vertex_ai_model_evaluation_slices resource
- google_vertex_ai_models resource
- google_vertex_ai_models_evaluation resource
- google_vertex_ai_models_evaluations resource
- google_vertex_ai_nas_job resource
- google_vertex_ai_nas_jobs resource
- google_vertex_ai_nas_jobs_nas_trial_detail resource
- google_vertex_ai_nas_jobs_nas_trial_details resource
- google_vertex_ai_pipeline_job resource
- google_vertex_ai_pipeline_jobs resource
- google_vertex_ai_schedule resource
- google_vertex_ai_schedules resource
- google_vertex_ai_studies resource
- google_vertex_ai_studies_trial resource
- google_vertex_ai_studies_trials resource
- google_vertex_ai_study resource
- google_vertex_ai_tensorboard resource
- google_vertex_ai_tensorboard_experiment_run resource
- google_vertex_ai_tensorboard_experiment_run_time_series_resource resource
- google_vertex_ai_tensorboard_experiment_run_time_series_resources resource
- google_vertex_ai_tensorboard_experiment_runs resource
- google_vertex_ai_tensorboards resource
- google_vertex_ai_tensorboards_experiment resource
- google_vertex_ai_tensorboards_experiments resource
- google_vertex_ai_training_pipeline resource
- google_vertex_ai_training_pipelines resource