» google_cloud_asset_folder_feed

Describes a Cloud Asset Inventory feed used to to listen to asset updates.

To get more information about FolderFeed, see:

» Example Usage - Cloud Asset Folder Feed

# Create a feed that sends notifications about network resource updates under a
# particular folder.
resource "google_cloud_asset_folder_feed" "folder_feed" {
  billing_project  = "my-project-name"
  folder           = google_folder.my_folder.folder_id
  feed_id          = "network-updates"
  content_type     = "RESOURCE"

  asset_types = [
    "compute.googleapis.com/Subnetwork",
    "compute.googleapis.com/Network",
  ]

  feed_output_config {
    pubsub_destination {
      topic = google_pubsub_topic.feed_output.id
    }
  }

  # Wait for the permission to be ready on the destination topic.
  depends_on = [
    google_pubsub_topic_iam_member.cloud_asset_writer,
  ]
}

# The topic where the resource change notifications will be sent.
resource "google_pubsub_topic" "feed_output" {
  project  = "my-project-name"
  name     = "network-updates"
}

# The folder that will be monitored for resource updates.
resource "google_folder" "my_folder" {
  display_name = "Networking"
  parent       = "organizations/123456789"
}

# Find the project number of the project whose identity will be used for sending
# the asset change notifications.
data "google_project" "project" {
  project_id = "my-project-name"
}

# Allow the publishing role to the Cloud Asset service account of the project that
# was used for sending the notifications.
resource "google_pubsub_topic_iam_member" "cloud_asset_writer" {
  project = "my-project-name"
  topic   = google_pubsub_topic.feed_output.id
  role    = "roles/pubsub.publisher"
  member  = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-cloudasset.iam.gserviceaccount.com"
}

» Argument Reference

The following arguments are supported:

  • billing_project - (Required) The project whose identity will be used when sending messages to the destination pubsub topic. It also specifies the project for API enablement check, quota, and billing.

  • feed_id - (Required) This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.

  • feed_output_config - (Required) Output configuration for asset feed destination. Structure is documented below.

  • folder - (Required) The folder this feed should be created in.

The feed_output_config block supports:

  • pubsub_destination - (Required) Destination on Cloud Pubsub. Structure is documented below.

The pubsub_destination block supports:

  • topic - (Required) Destination on Cloud Pubsub topic.

  • asset_names - (Optional) A list of the full names of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.

  • asset_types - (Optional) A list of types of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: "compute.googleapis.com/Disk" See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all supported asset types.

  • content_type - (Optional) Asset content type. If not specified, no content but the asset name and type will be returned. Possible values are CONTENT_TYPE_UNSPECIFIED, RESOURCE, IAM_POLICY, ORG_POLICY, and ACCESS_POLICY.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format {{name}}

  • folder_id - The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] and folders/[FOLDER_NUMBER] are accepted.

  • name - The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}.

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • update - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

FolderFeed can be imported using any of these accepted formats:

$ terraform import google_cloud_asset_folder_feed.default folders/{{folder_id}}/feeds/{{name}}
$ terraform import google_cloud_asset_folder_feed.default {{folder_id}}/{{name}}

» User Project Overrides

This resource supports User Project Overrides.