REST Resource: projects.locations.cloudControls

Resource: CloudControl

A cloud control is a set of rules and associated metadata that you can use to define your organization's security or compliance intent.

JSON representation 
{
  "name": string,
  "majorRevisionId": string,
  "description": string,
  "displayName": string,
  "supportedEnforcementModes": [
    enum (EnforcementMode)
  ],
  "parameterSpec": [
    {
      object (ParameterSpec)
    }
  ],
  "rules": [
    {
      object (Rule)
    }
  ],
  "severity": enum (Severity),
  "findingCategory": string,
  "supportedCloudProviders": [
    enum (CloudProvider)
  ],
  "relatedFrameworks": [
    string
  ],
  "remediationSteps": string,
  "categories": [
    enum (CloudControlCategory)
  ],
  "createTime": string,
  "supportedTargetResourceTypes": [
    enum (TargetResourceType)
  ]
}
Fields
name

string

Required. Identifier. The name of the cloud control, in either of the formats:

  • organizations/{organization}/locations/{location}/cloudControls/{cloudControl}
  • projects/{project}/locations/{location}/cloudControls/{cloudControl}.

The only supported location is global.
majorRevisionId

string (int64 format)

Output only. The major version of the cloud control, which is incremented in ascending order.
description

string

Optional. A description of the cloud control. The maximum length is 2000 characters.
displayName

string

Optional. The friendly name of the cloud control. The maximum length is 200 characters.
supportedEnforcementModes[]

enum (EnforcementMode)

Output only. The supported enforcement modes for the cloud control.
parameterSpec[]

object (ParameterSpec)

Optional. The parameter specifications for the cloud control.
rules[]

object (Rule)

Optional. The rules that you can enforce to meet your security or compliance intent.
severity

enum (Severity)

Optional. The severity of the findings that are generated by the cloud control.
findingCategory

string

Optional. The finding category for the cloud control findings. The maximum length is 255 characters.
supportedCloudProviders[]

enum (CloudProvider)

Optional. The supported cloud providers.
relatedFrameworks[]

string

Output only. The frameworks that include this cloud control.
remediationSteps

string

Optional. The remediation steps for the cloud control findings. The maximum length is 400 characters.
categories[]

enum (CloudControlCategory)

Optional. The categories for the cloud control.
createTime

string (Timestamp format)

Output only. The time that the cloud control was last updated. createTime is used because a new cloud control is created whenever an existing cloud control is updated.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
supportedTargetResourceTypes[]

enum (TargetResourceType)

Optional. The target resource types that are supported by the cloud control.

Methods

create

 Creates a custom cloud control in a given parent resource.

delete

 Deletes a custom cloud control, including all its major and minor revisions.

get

 Gets details about a cloud control.

list

 Lists the cloud controls (both built-in and custom) that are available in a given parent resource.

patch

 Updates a custom cloud control.