Control: GCP > Project > Organization Policy

Primary Policies

The following policies can be used to configure this control:

• Organization Policy > Disable Source Code Download
• Organization Policy > Allowed ingress settings (Cloud Functions)
• Organization Policy > Allowed ingress settings (Cloud Functions) > Action
• Organization Policy > Allowed ingress settings (Cloud Functions) > Custom Values
• Organization Policy > Allowed VPC Connector egress settings (Cloud Functions)
• Organization Policy > Allowed VPC Connector egress settings (Cloud Functions) > Action
• Organization Policy > Allowed VPC Connector egress settings (Cloud Functions) > Custom Values
• Organization Policy > Require VPC Connector (Cloud Functions)
• Organization Policy > Disable Guest Attributes of Compute Engine metadata
• Organization Policy > Disable Internet Network Endpoint Groups
• Organization Policy > Disable VM nested virtualization
• Organization Policy > Disable VM serial port access
• Organization Policy > Disable VM serial port logging to Stackdriver
• Organization Policy > Require OS Login
• Organization Policy > Shielded VMs
• Organization Policy > Restrict Cloud NAT usage
• Organization Policy > Restrict Cloud NAT usage > Action
• Organization Policy > Restrict Cloud NAT usage > Custom Values
• Organization Policy > Restrict Load Balancer Creation Based on Load Balancer Types
• Organization Policy > Restrict Load Balancer Creation Based on Load Balancer Types > Action
• Organization Policy > Restrict Load Balancer Creation Based on Load Balancer Types > Custom Values
• Organization Policy > Restrict Protocol Forwarding Based on type of IP Address
• Organization Policy > Restrict Protocol Forwarding Based on type of IP Address > Action
• Organization Policy > Restrict Protocol Forwarding Based on type of IP Address > Custom Values
• Organization Policy > Restrict Shared VPC Host Projects
• Organization Policy > Restrict Shared VPC Host Projects > Action
• Organization Policy > Restrict Shared VPC Host Projects > Custom Values
• Organization Policy > Restrict Shared VPC Subnetworks
• Organization Policy > Restrict Shared VPC Subnetworks > Action
• Organization Policy > Restrict Shared VPC Subnetworks > Custom Values
• Organization Policy > Restrict VPC peering usage
• Organization Policy > Restrict VPC peering usage > Action
• Organization Policy > Restrict VPC peering usage > Custom Values
• Organization Policy > Restrict shared VPC project lien removal
• Organization Policy > Skip default network creation
• Organization Policy > Compute Storage resource use restrictions (Compute Engine disks, images, and snapshots)
• Organization Policy > Compute Storage resource use restrictions (Compute Engine disks, images, and snapshots) > Action
• Organization Policy > Compute Storage resource use restrictions (Compute Engine disks, images, and snapshots) > Custom Values
• Organization Policy > Define trusted image projects
• Organization Policy > Define trusted image projects > Action
• Organization Policy > Define trusted image projects > Custom Values
• Organization Policy > Restrict VM IP Forwarding
• Organization Policy > Restrict VM IP Forwarding > Action
• Organization Policy > Restrict VM IP Forwarding > Custom Values
• Organization Policy > Define allowed external IPs for VM instances
• Organization Policy > Define allowed external IPs for VM instances > Action
• Organization Policy > Define allowed external IPs for VM instances > Custom Values
• Organization Policy > Disable Cloud Logging
• Organization Policy > Google Cloud Platform - Resource Location Restriction
• Organization Policy > Google Cloud Platform - Resource Location Restriction > Action
• Organization Policy > Google Cloud Platform - Resource Location Restriction > Custom Values
• Organization Policy > Domain restricted sharing
• Organization Policy > Domain restricted sharing > Action
• Organization Policy > Domain restricted sharing > Custom Values
• Organization Policy > Define allowed root certificate authority [Deprecated]
• Organization Policy > Define allowed root certificate authority [Deprecated] > Action [Deprecated]
• Organization Policy > Define allowed root certificate authority [Deprecated] > Custom Values [Deprecated]
• Organization Policy > Disable Automatic IAM Grants for Default Service Accounts
• Organization Policy > Disable service account creation
• Organization Policy > Disable service account key creation
• Organization Policy > Disable Service Account Key Upload
• Organization Policy > Disable Workload Identity Cluster Creation
• Organization Policy
• Organization Policy > Restrict allowed Google Cloud APIs and services
• Organization Policy > Restrict allowed Google Cloud APIs and services > Action
• Organization Policy > Restrict allowed Google Cloud APIs and services > Custom Values
• Organization Policy > Restrict default Google-managed encryption on Cloud SQL instances [Deprecated]
• Organization Policy > Restrict Authorized Networks on Cloud SQL instances
• Organization Policy > Restrict Public IP access on Cloud SQL instances
• Organization Policy > Enforce Public Access Prevention
• Organization Policy > Retention policy duration in seconds
• Organization Policy > Retention policy duration in seconds > Action
• Organization Policy > Retention policy duration in seconds > Custom Values
• Organization Policy > Enforce uniform bucket-level access

Category

• Organization > Policy

In Your Workspace

• Controls by Resource report
• Controls by Control Type report

Developers

Control Type URI

tmod:@turbot/gcp-orgpolicy#/control/types/organizationPolicy

Category URI

tmod:@turbot/turbot#/control/categories/policy

GraphQL

query controlType(id: "tmod:@turbot/gcp-orgpolicy#/control/types/organizationPolicy") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-orgpolicy#/control/types/organizationPolicy'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-orgpolicy#/control/types/organizationPolicy"