Has anyone used the Google Cloud Platform (GCP) Asset Inventory Discovery? What is the use case? Is this scalable?

tompowe
Tera Expert

Has anyone implemented Google Cloud Platform Asset Inventory Discovery as depicted here:

https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/service-mapping/reference/gcp-resource-inventory-discovery.html

What is the use case for this?  From what I can tell, you would need a storage bucket per account and you would need to have a different Discovery schedule per account. How is this scalable to more than just a few accounts? If let's say I had 500 accounts, that would be 500 different discovery schedules and I would need a 500 storage buckets (which does cost money).   It would be great if I could use a master account and it would work for all the sub-accounts below it, utilizing just one storage bucket, but I was told that it didn't work like that...  So, what is the use case for this? Why would I ever need to do this for just one account??

6 REPLIES 6

Community Alums
Not applicable

Hi @tompowe ,

The ServiceNow Discovery application uses the Google Cloud Platform (GCP) asset inventory pattern to find GCP resources and policies. Discovering some of these resources requires installing the Discovery and Service Mapping Patterns application from the ServiceNow Store.

The pattern provides visibility for services supported by the Asset Inventory API, as well as collecting inventory data on the deployed GCP services and updating the CMDB.

The pattern collects inventory data either for all GCP-supported resources or for a preconfigured inclusion list of resources. The Cloud Inventory Resource Inclusion List contains all resource types supported by GCP Cloud Asset Inventory, except for Compute Engine resources and IAM policies. You can expand the inclusion list with additional resource types per your requirements. For more information about Google Cloud assets, see https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview.

You can also refer to this Doc: https://docs.servicenow.com/bundle/sandiego-it-operations-management/page/product/service-mapping/re...

Mark my answer correct & Helpful, if Applicable.

Thanks,

Sandeep

Sandeep,  This is not helpful.  You just copied and pasted from the doc page I already posted in my question.  Obviously, I already read all that. 🙂 

 

 

Jose2677
Giga Contributor

Yes, people have used the Google Cloud Platform (GCP) Asset Inventory Discovery. Here are some details on the use case and scalability based on the search results:

Use case: MyCVSHR
- The ServiceNow Discovery application uses the GCP asset inventory pattern to find GCP resources and policies[1].
- Cloud Asset Inventory provides inventory services based on a time series database. This database keeps a 35-day history of Google Cloud asset metadata. For an existing asset with no changes in the past 35 days, Cloud Asset Inventory keeps the asset's most recent status. Cloud Asset Inventory allows you to search asset metadata by using a custom query language and export all asset metadata at a certain timestamp or export event change history during a specific timeframe[5].

Scalability:
- Cloud Asset Inventory is a fully managed and scalable inventory service, so you don’t have to worry about the scalability and storage of your inventory data. It supports resources from the most popular Google Cloud services across compute, storage, big data, and more, such as Compute Engine, Google Kubernetes Engine, Cloud SQL, and Cloud Storage. Plus various types of policies, like IAM policy, Org policy, etc. It also covers assets from Anthos deployment, including Kubernetes resources and RBAC policies[3].
- Cloud Asset Inventory provides inventory services based on a time series database. This database keeps a 35-day history of Google Cloud asset metadata[5].

Overall, the GCP Asset Inventory Discovery has a use case for finding GCP resources and policies, and it is scalable as it is a fully managed and scalable inventory service.

 

Fausto Lozano
Tera Contributor

i have ran Asset inventory for the GCP cloud, you do need one schedule per project and one bucket per project, i have been able to modify the GCP pattern to use only one bucket for all the projects but you need your account to be configured as an organizational account in this way you will be able to see all the projects in the folder taxonomy.

 

The only reason i see to get more information collected from asset inventory is that you collect more information of resources that are not part of Platform inventory Discovery like the ones in the inclusion list for example the the below. Any way i would like to know some body from Service Now that can share how Platform Inventory/Asset Inventory/Organizational discovery and folder discovery are related for GCP.

There is no documentation on this  and if you ask you barely get answers

 

  • GCP       k8s.io/Pod
  • GCP       cloudbilling.googleapis.com/BillingAccount
  • GCP       cloudkms.googleapis.com/KeyRing
  • GCP       rbac.authorization.k8s.io/ClusterRoleBinding
  • GCP       appengine.googleapis.com/Application
  • GCP       dataproc.googleapis.com/Job
  • GCP       container.googleapis.com/NodePool
  • GCP       container.googleapis.com/Cluster
  • GCP       dataproc.googleapis.com/Cluster