Skip to content

Latest commit

 

History

History

cloud_storage_lifecycle

README.md

Google Cloud Storage Without Lifecycle Configuration

What It Does

This policy template reports all Google Cloud Storage Buckets that don't have a lifecycle configuration enabled. Optionally, this report can be emailed.

Input Parameters

  • Email Addresses - Email addresses of the recipients you wish to notify when new incidents are created.
  • Allow/Deny Projects - Whether to treat Allow/Deny Projects List parameter as allow or deny list. Has no effect if Allow/Deny Projects List is left empty.
  • Allow/Deny Projects List - Filter results by project ID/name, either only allowing this list or denying it depending on how the above parameter is set. Leave blank to consider all projects.
  • Exclusion Labels - The policy will filter resources containing the specified labels from the results. The following formats are supported:
    • Key - Filter all resources with the specified label key.
    • Key==Value - Filter all resources with the specified label key:value pair.
    • Key!=Value - Filter all resources missing the specified label key:value pair. This will also filter all resources missing the specified label key.
    • Key=~/Regex/ - Filter all resources where the value for the specified key matches the specified regex string.
    • Key!~/Regex/ - Filter all resources where the value for the specified key does not match the specified regex string. This will also filter all resources missing the specified label key.
  • Exclusion Labels: Any / All - Whether to filter instances containing any of the specified labels or only those that contain all of them. Only applicable if more than one value is entered in the Exclusion Labels field.

Policy Actions

  • Send an email report

Prerequisites

This Policy Template uses Credentials for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s).

  • Google Cloud Credential (provider=gce) which has the following:

    • resourcemanager.projects.get
    • storage.buckets.list

  • Flexera Credential (provider=flexera) which has the following roles:

    • billing_center_viewer

The Provider-Specific Credentials page in the docs has detailed instructions for setting up Credentials for the most common providers.

Additionally, this Policy Template requires that several APIs be enabled in your Google Cloud environment:

Supported Clouds

  • Google

Cost

This policy template does not incur any cloud costs.