Control: GCP > Project > Organization Policy > Compute Storage resource use restrictions (Compute Engine disks, images, and snapshots)

Manage the GCP Organization Policy "Compute Storage resource use restrictions (Compute Engine disks, images, and snapshots)" for the project.

This list constraint defines a set of projects that are allowed to use Compute Engine's storage resources. By default, anyone with appropriate Cloud IAM permissions can access Compute Engine resources. When using this constraint, users must have Cloud IAM permissions, and they must not be restricted by the constraint to access the resource.

Projects, folders, and organizations specified in allowed or denied lists must be in the form: under:projects/PROJECT_ID, under:folders/FOLDER_ID, under:organizations/ORGANIZATION_ID.

Resource Types

This control targets the following resource types:

GCP > Project

Primary Policies

The following policies can be used to configure this control:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-orgpolicy#/control/types/computeStorageResourceUseRestrictions

Category URI

tmod:@turbot/turbot#/control/categories/policy

GraphQL

query controlType(id: "tmod:@turbot/gcp-orgpolicy#/control/types/computeStorageResourceUseRestrictions") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-orgpolicy#/control/types/computeStorageResourceUseRestrictions'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-orgpolicy#/control/types/computeStorageResourceUseRestrictions"