Control: GCP > Project > Organization Policy > Restrict allowed Google Cloud APIs and services

Manage the GCP Organization Policy "Restrict allowed Google Cloud APIs and services" for the project.

This list constraint restricts the set of services and their APIs that can be enabled on this resource. By default, all services are allowed. The denied list of services must come from the list below. Explicitly enabling APIs via this constraint is not currently supported.

Specifying an API not in this list will result in an error.

  compute.googleapis.com
  deploymentmanager.googleapis.com
  dns.googleapis.com
  doubleclicksearch.googleapis.com
  replicapool.googleapis.com
  replicapoolupdater.googleapis.com
  resourceviews.googleapis.com

Enforcement of this constraint is not retroactive. If a service is already enabled on a resource when this constraint is enforced, it will remain enabled.

Resource Types

This control targets the following resource types:

GCP > Project

Primary Policies

The following policies can be used to configure this control:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-orgpolicy#/control/types/serviceuserServices

Category URI

tmod:@turbot/turbot#/control/categories/policy

GraphQL

query controlType(id: "tmod:@turbot/gcp-orgpolicy#/control/types/serviceuserServices") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-orgpolicy#/control/types/serviceuserServices'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-orgpolicy#/control/types/serviceuserServices"