README ¶
RAM Real-time Asset Monitor
What
Audit Google Cloud resources (the assets) compliance against a set of rules when the resource is updated. The stream of detected non compliances could then be consumed to alert, report or even fix on the fly.
Use cases
- Security compliance, usually 80% of the rules
- Operational compliance
- E.g. each Cloud SQL MySQL instance should have a defined maintenance window to avoid downtime
- Financial Operations (finOps) compliance
- E.g. Do not provision anymore N1 virtual machines instances, instead provision N2: the price performance ratio is better
Why
- It is all easier to fix when it is detected early
- Value is delivered only when a detected non compliance is fixed
Documentation
ram
GO packages are documented on line: https://godoc.org/github.com/BrunoReboul/ram
Directories ¶
Path | Synopsis |
---|---|
services
|
|
dumpinventory
Package dumpinventory request CAI to perform an export Triggered by Cloud Scheduler Job, through PubSub messages.
|
Package dumpinventory request CAI to perform an export Triggered by Cloud Scheduler Job, through PubSub messages. |
getgroupsettings
Package getgroupsettings retreives the settings of one group from `Groups Settings API` Triggered by PubSub messages from the GCI groups topic.
|
Package getgroupsettings retreives the settings of one group from `Groups Settings API` Triggered by PubSub messages from the GCI groups topic. |
listgroupmembers
Package listgroupmembers extract all members from a group in GCI directory using the Admin SDK API Triggered by PubSub messages from the GCI groups topic.
|
Package listgroupmembers extract all members from a group in GCI directory using the Admin SDK API Triggered by PubSub messages from the GCI groups topic. |
listgroups
Package listgroups extract all groups from a GCI directory using the Admin SDK API Triggered by Cloud Scheduler Job, through PubSub messages.
|
Package listgroups extract all groups from a GCI directory using the Admin SDK API Triggered by Cloud Scheduler Job, through PubSub messages. |
monitorcompliance
Package monitorcompliance check asset compliance Triggered by Resource or IAM policies assets feed messages in PubSub topics.
|
Package monitorcompliance check asset compliance Triggered by Resource or IAM policies assets feed messages in PubSub topics. |
publish2fs
Package publish2fs publish assets resource feeds as FireStore documents It manages creation, updates and delete.
|
Package publish2fs publish assets resource feeds as FireStore documents It manages creation, updates and delete. |
setfeeds
Package setfeeds set Cloud Asset Inventory feeds at organization level Instances per targeted GCP organization, per environment - one feed for all iam policies - one feed per asset type for resource metadata.
|
Package setfeeds set Cloud Asset Inventory feeds at organization level Instances per targeted GCP organization, per environment - one feed for all iam policies - one feed per asset type for resource metadata. |
splitdump
Package splitdump nibble large CAI dumps into PubSub asset feed messages One dump line = one PubSub message.
|
Package splitdump nibble large CAI dumps into PubSub asset feed messages One dump line = one PubSub message. |
stream2bq
Package stream2bq streams PubSub message into BigQuery tables It can stream into 3 RAM tables: 1) assets 2) compliance states 3) violations.
|
Package stream2bq streams PubSub message into BigQuery tables It can stream into 3 RAM tables: 1) assets 2) compliance states 3) violations. |
upload2gcs
Package upload2gcs stores feeds as JSON files in a GCS bucket Manage file creation (with override) and deletion.
|
Package upload2gcs stores feeds as JSON files in a GCS bucket Manage file creation (with override) and deletion. |
utilities
|
|
bil
Package bil helps with billing management
|
Package bil helps with billing management |
cai
Package cai helps with Cloud Asset Inventory
|
Package cai helps with Cloud Asset Inventory |
gae
Package gae helps with Google Application Engine
|
Package gae helps with Google Application Engine |
gcb
Package gcb helps with Google cloud build
|
Package gcb helps with Google cloud build |
gcs
Package gcs helps with Google Cloud Scheduler
|
Package gcs helps with Google Cloud Scheduler |
gps
Package gps helps with Google Pubsub
|
Package gps helps with Google Pubsub |
grm
Package grm helps with Google Resource Manager, aka Organizations, Folders, Projects and their role bindings
|
Package grm helps with Google Resource Manager, aka Organizations, Folders, Projects and their role bindings |
gsr
Package gsr helps with Google Source Repositories
|
Package gsr helps with Google Source Repositories |
gsu
Package gsu helps with Google Service Usage, aka APIs activation
|
Package gsu helps with Google Service Usage, aka APIs activation |
iamgt
Package iamgt helps with Google Identity Access Management, aka Service Accounts and their roles bindings
|
Package iamgt helps with Google Identity Access Management, aka Service Accounts and their roles bindings |
ram
Package ram avoid code redundancy by grouping types and functions used by other ram packages
|
Package ram avoid code redundancy by grouping types and functions used by other ram packages |
ramcli
Package ramcli Real-time Asset Monitor command line cli
|
Package ramcli Real-time Asset Monitor command line cli |
sch
Package sch helps with Google Cloud Storage
|
Package sch helps with Google Cloud Storage |
validater
Package validater helps to validate struct fields
|
Package validater helps to validate struct fields |
Click to show internal directories.
Click to hide internal directories.