Mod: gcp-orgpolicy
The gcp-orgpolicy mod consists of 74 policies and 40 controls.
Recommended Version
Controls
- GCP > Project > Organization Policy
- GCP > Project > Organization Policy > Allowed ingress settings (Cloud Functions)
- GCP > Project > Organization Policy > Allowed VPC Connector egress settings (Cloud Functions)
- GCP > Project > Organization Policy > Compute Storage resource use restrictions (Compute Engine disks, images, and snapshots)
- GCP > Project > Organization Policy > Define allowed external IPs for VM instances
- GCP > Project > Organization Policy > Define allowed root certificate authority [Deprecated]
- GCP > Project > Organization Policy > Define trusted image projects
- GCP > Project > Organization Policy > Disable Automatic IAM Grants for Default Service Accounts
- GCP > Project > Organization Policy > Disable Cloud Logging
- GCP > Project > Organization Policy > Disable Guest Attributes of Compute Engine metadata
- GCP > Project > Organization Policy > Disable Internet Network Endpoint Groups
- GCP > Project > Organization Policy > Disable service account creation
- GCP > Project > Organization Policy > Disable service account key creation
- GCP > Project > Organization Policy > Disable Service Account Key Upload
- GCP > Project > Organization Policy > Disable Source Code Download
- GCP > Project > Organization Policy > Disable VM nested virtualization
- GCP > Project > Organization Policy > Disable VM serial port access
- GCP > Project > Organization Policy > Disable VM serial port logging to Stackdriver
- GCP > Project > Organization Policy > Disable Workload Identity Cluster Creation
- GCP > Project > Organization Policy > Domain restricted sharing
- GCP > Project > Organization Policy > Enforce Public Access Prevention
- GCP > Project > Organization Policy > Enforce uniform bucket-level access
- GCP > Project > Organization Policy > Google Cloud Platform - Resource Location Restriction
- GCP > Project > Organization Policy > Require OS Login
- GCP > Project > Organization Policy > Require VPC Connector (Cloud Functions)
- GCP > Project > Organization Policy > Restrict allowed Google Cloud APIs and services
- GCP > Project > Organization Policy > Restrict Authorized Networks on Cloud SQL instances
- GCP > Project > Organization Policy > Restrict Cloud NAT usage
- GCP > Project > Organization Policy > Restrict default Google-managed encryption on Cloud SQL instances [Deprecated]
- GCP > Project > Organization Policy > Restrict Load Balancer Creation Based on Load Balancer Types
- GCP > Project > Organization Policy > Restrict Protocol Forwarding Based on type of IP Address
- GCP > Project > Organization Policy > Restrict Public IP access on Cloud SQL instances
- GCP > Project > Organization Policy > Restrict Shared VPC Host Projects
- GCP > Project > Organization Policy > Restrict shared VPC project lien removal
- GCP > Project > Organization Policy > Restrict Shared VPC Subnetworks
- GCP > Project > Organization Policy > Restrict VM IP Forwarding
- GCP > Project > Organization Policy > Restrict VPC peering usage
- GCP > Project > Organization Policy > Retention policy duration in seconds
- GCP > Project > Organization Policy > Shielded VMs
- GCP > Project > Organization Policy > Skip default network creation
Policies
- GCP > Project > Organization Policy
- GCP > Project > Organization Policy > Allowed ingress settings (Cloud Functions)
- GCP > Project > Organization Policy > Allowed ingress settings (Cloud Functions) > Action
- GCP > Project > Organization Policy > Allowed ingress settings (Cloud Functions) > Custom Values
- GCP > Project > Organization Policy > Allowed VPC Connector egress settings (Cloud Functions)
- GCP > Project > Organization Policy > Allowed VPC Connector egress settings (Cloud Functions) > Action
- GCP > Project > Organization Policy > Allowed VPC Connector egress settings (Cloud Functions) > Custom Values
- GCP > Project > Organization Policy > Compute Storage resource use restrictions (Compute Engine disks, images, and snapshots)
- GCP > Project > Organization Policy > Compute Storage resource use restrictions (Compute Engine disks, images, and snapshots) > Action
- GCP > Project > Organization Policy > Compute Storage resource use restrictions (Compute Engine disks, images, and snapshots) > Custom Values
- GCP > Project > Organization Policy > Define allowed external IPs for VM instances
- GCP > Project > Organization Policy > Define allowed external IPs for VM instances > Action
- GCP > Project > Organization Policy > Define allowed external IPs for VM instances > Custom Values
- GCP > Project > Organization Policy > Define allowed root certificate authority [Deprecated]
- GCP > Project > Organization Policy > Define allowed root certificate authority [Deprecated] > Action [Deprecated]
- GCP > Project > Organization Policy > Define allowed root certificate authority [Deprecated] > Custom Values [Deprecated]
- GCP > Project > Organization Policy > Define trusted image projects
- GCP > Project > Organization Policy > Define trusted image projects > Action
- GCP > Project > Organization Policy > Define trusted image projects > Custom Values
- GCP > Project > Organization Policy > Disable Automatic IAM Grants for Default Service Accounts
- GCP > Project > Organization Policy > Disable Cloud Logging
- GCP > Project > Organization Policy > Disable Guest Attributes of Compute Engine metadata
- GCP > Project > Organization Policy > Disable Internet Network Endpoint Groups
- GCP > Project > Organization Policy > Disable service account creation
- GCP > Project > Organization Policy > Disable service account key creation
- GCP > Project > Organization Policy > Disable Service Account Key Upload
- GCP > Project > Organization Policy > Disable Source Code Download
- GCP > Project > Organization Policy > Disable VM nested virtualization
- GCP > Project > Organization Policy > Disable VM serial port access
- GCP > Project > Organization Policy > Disable VM serial port logging to Stackdriver
- GCP > Project > Organization Policy > Disable Workload Identity Cluster Creation
- GCP > Project > Organization Policy > Domain restricted sharing
- GCP > Project > Organization Policy > Domain restricted sharing > Action
- GCP > Project > Organization Policy > Domain restricted sharing > Custom Values
- GCP > Project > Organization Policy > Enforce Public Access Prevention
- GCP > Project > Organization Policy > Enforce uniform bucket-level access
- GCP > Project > Organization Policy > Google Cloud Platform - Resource Location Restriction
- GCP > Project > Organization Policy > Google Cloud Platform - Resource Location Restriction > Action
- GCP > Project > Organization Policy > Google Cloud Platform - Resource Location Restriction > Custom Values
- GCP > Project > Organization Policy > Require OS Login
- GCP > Project > Organization Policy > Require VPC Connector (Cloud Functions)
- GCP > Project > Organization Policy > Restrict allowed Google Cloud APIs and services
- GCP > Project > Organization Policy > Restrict allowed Google Cloud APIs and services > Action
- GCP > Project > Organization Policy > Restrict allowed Google Cloud APIs and services > Custom Values
- GCP > Project > Organization Policy > Restrict Authorized Networks on Cloud SQL instances
- GCP > Project > Organization Policy > Restrict Cloud NAT usage
- GCP > Project > Organization Policy > Restrict Cloud NAT usage > Action
- GCP > Project > Organization Policy > Restrict Cloud NAT usage > Custom Values
- GCP > Project > Organization Policy > Restrict default Google-managed encryption on Cloud SQL instances [Deprecated]
- GCP > Project > Organization Policy > Restrict Load Balancer Creation Based on Load Balancer Types
- GCP > Project > Organization Policy > Restrict Load Balancer Creation Based on Load Balancer Types > Action
- GCP > Project > Organization Policy > Restrict Load Balancer Creation Based on Load Balancer Types > Custom Values
- GCP > Project > Organization Policy > Restrict Protocol Forwarding Based on type of IP Address
- GCP > Project > Organization Policy > Restrict Protocol Forwarding Based on type of IP Address > Action
- GCP > Project > Organization Policy > Restrict Protocol Forwarding Based on type of IP Address > Custom Values
- GCP > Project > Organization Policy > Restrict Public IP access on Cloud SQL instances
- GCP > Project > Organization Policy > Restrict Shared VPC Host Projects
- GCP > Project > Organization Policy > Restrict Shared VPC Host Projects > Action
- GCP > Project > Organization Policy > Restrict Shared VPC Host Projects > Custom Values
- GCP > Project > Organization Policy > Restrict shared VPC project lien removal
- GCP > Project > Organization Policy > Restrict Shared VPC Subnetworks
- GCP > Project > Organization Policy > Restrict Shared VPC Subnetworks > Action
- GCP > Project > Organization Policy > Restrict Shared VPC Subnetworks > Custom Values
- GCP > Project > Organization Policy > Restrict VM IP Forwarding
- GCP > Project > Organization Policy > Restrict VM IP Forwarding > Action
- GCP > Project > Organization Policy > Restrict VM IP Forwarding > Custom Values
- GCP > Project > Organization Policy > Restrict VPC peering usage
- GCP > Project > Organization Policy > Restrict VPC peering usage > Action
- GCP > Project > Organization Policy > Restrict VPC peering usage > Custom Values
- GCP > Project > Organization Policy > Retention policy duration in seconds
- GCP > Project > Organization Policy > Retention policy duration in seconds > Action
- GCP > Project > Organization Policy > Retention policy duration in seconds > Custom Values
- GCP > Project > Organization Policy > Shielded VMs
- GCP > Project > Organization Policy > Skip default network creation