Policy: GCP > Compute Engine > Image > Approved > Encryption at Rest > Customer Managed Key
The ID of a GCP KMS symmetric key that must be used as the encryption key for a GCP > Compute Engine > Image.
This policy will be evaluated by the Approved control. If a GCP Compute Engine image is not encrypted with the specified key, it will be subject to the action specified in the GCP > Compute Engine > Image > Approved
policy.
See Approved for more information.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Policy Specification
Schema Type |
|
---|---|
Examples [YAML] | projects/my-kms-project/locations/us-east1/keyRings/my-keyring/cryptoKeys/my-key |
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceApproved
- tmod:@turbot/gcp-computeengine#/policy/types/imageApprovedEncryptionAtRestCustomerManagedKey
- turbot graphql policy-type --id "tmod:@turbot/gcp-computeengine#/policy/types/imageApprovedEncryptionAtRestCustomerManagedKey"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-computeengine#/policy/types/imageApprovedEncryptionAtRestCustomerManagedKey"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI