| AC-1 |
./lz-folder/audits/logging-project/project-iam.yaml |
mgmt-project-cluster-platform-and-component-log-bucket-writer-permissions |
| AC-1 |
./lz-folder/audits/logging-project/project-iam.yaml |
platform-and-component-services-infra-log-bucket-writer-permissions |
| AC-1 |
./lz-folder/audits/logging-project/project-iam.yaml |
platform-and-component-services-log-bucket-writer-permissions |
| AC-1 |
./lz-folder/audits/logging-project/project-iam.yaml |
security-log-bucket-writer-permissions |
| AC-1 |
./lz-folder/audits/logging-project/project-iam.yaml |
security-log-bucket-writer-permissions |
| AC-1 |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa |
| AC-1 |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa-metric-writer-permissions |
| AC-1 |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa-workload-identity-binding |
| AC-1 |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa |
| AC-1 |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa-metric-writer-permissions |
| AC-1 |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa-workload-identity-binding |
| AC-1 |
./namespaces/hierarchy.yaml |
allow-folders-resource-reference-to-logging |
| AC-1 |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-config-control |
| AC-1 |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-policies |
| AC-1 |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-projects |
| AC-1 |
./namespaces/hierarchy.yaml |
hierarchy-sa |
| AC-1 |
./namespaces/hierarchy.yaml |
hierarchy-sa-folderadmin-permissions |
| AC-1 |
./namespaces/hierarchy.yaml |
hierarchy-sa-workload-identity-binding |
| AC-1 |
./namespaces/logging.yaml |
allow-logging-resource-reference-from-projects |
| AC-1 |
./namespaces/logging.yaml |
logging-sa |
| AC-1 |
./namespaces/logging.yaml |
logging-sa-logadmin-permissions |
| AC-1 |
./namespaces/logging.yaml |
logging-sa-monitoring-admin-logging-project-id-permissions |
| AC-1 |
./namespaces/logging.yaml |
logging-sa-monitoring-admin-management-project-id-permissions |
| AC-1 |
./namespaces/logging.yaml |
logging-sa-storageadmin-logging-project-id-permissions |
| AC-1 |
./namespaces/logging.yaml |
logging-sa-workload-identity-binding |
| AC-1 |
./namespaces/management-namespace.yaml |
config-control-sa-management-project-editor-permissions |
| AC-1 |
./namespaces/management-namespace.yaml |
config-control-sa-management-project-serviceaccountadmin-permissions |
| AC-1 |
./namespaces/management-namespace.yaml |
config-control-sa-orgroleadmin-permissions |
| AC-1 |
./namespaces/management-namespace.yaml |
config-control-sa-orgroleadmin-permissions |
| AC-1 |
./namespaces/networking.yaml |
networking-sa |
| AC-1 |
./namespaces/networking.yaml |
networking-sa-dns-permissions |
| AC-1 |
./namespaces/networking.yaml |
networking-sa-networkadmin-permissions |
| AC-1 |
./namespaces/networking.yaml |
networking-sa-security-permissions |
| AC-1 |
./namespaces/networking.yaml |
networking-sa-service-control-org-permissions |
| AC-1 |
./namespaces/networking.yaml |
networking-sa-servicedirectoryeditor-permissions |
| AC-1 |
./namespaces/networking.yaml |
networking-sa-workload-identity-binding |
| AC-1 |
./namespaces/networking.yaml |
networking-sa-xpnadmin-permissions |
| AC-1 |
./namespaces/policies.yaml |
policies-sa |
| AC-1 |
./namespaces/policies.yaml |
policies-sa-orgpolicyadmin-permissions |
| AC-1 |
./namespaces/policies.yaml |
policies-sa-workload-identity-binding |
| AC-1 |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-logging |
| AC-1 |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-networking |
| AC-1 |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-policies |
| AC-1 |
./namespaces/projects.yaml |
projects-sa |
| AC-1 |
./namespaces/projects.yaml |
projects-sa-billinguser-permissions |
| AC-1 |
./namespaces/projects.yaml |
projects-sa-projectcreator-permissions |
| AC-1 |
./namespaces/projects.yaml |
projects-sa-projectdeleter-permissions |
| AC-1 |
./namespaces/projects.yaml |
projects-sa-projectiamadmin-permissions |
| AC-1 |
./namespaces/projects.yaml |
projects-sa-projectmover-permissions |
| AC-1 |
./namespaces/projects.yaml |
projects-sa-serviceusageadmin-permissions |
| AC-1 |
./namespaces/projects.yaml |
projects-sa-workload-identity-binding |
| AC-16(2) |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa |
| AC-16(2) |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa |
| AC-16(2) |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa-metric-writer-permissions |
| AC-16(2) |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa-workload-identity-binding |
| AC-16(2) |
./namespaces/gatekeeper-system.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-16(2) |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa |
| AC-16(2) |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa |
| AC-16(2) |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa-metric-writer-permissions |
| AC-16(2) |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa-workload-identity-binding |
| AC-16(2) |
./namespaces/hierarchy.yaml |
allow-folders-resource-reference-to-logging |
| AC-16(2) |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-config-control |
| AC-16(2) |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-policies |
| AC-16(2) |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-projects |
| AC-16(2) |
./namespaces/hierarchy.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-16(2) |
./namespaces/hierarchy.yaml |
hierarchy-sa |
| AC-16(2) |
./namespaces/hierarchy.yaml |
hierarchy-sa |
| AC-16(2) |
./namespaces/hierarchy.yaml |
hierarchy-sa-folderadmin-permissions |
| AC-16(2) |
./namespaces/hierarchy.yaml |
hierarchy-sa-workload-identity-binding |
| AC-16(2) |
./namespaces/logging.yaml |
allow-logging-resource-reference-from-projects |
| AC-16(2) |
./namespaces/logging.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-16(2) |
./namespaces/logging.yaml |
logging-sa |
| AC-16(2) |
./namespaces/logging.yaml |
logging-sa |
| AC-16(2) |
./namespaces/logging.yaml |
logging-sa-logadmin-permissions |
| AC-16(2) |
./namespaces/logging.yaml |
logging-sa-monitoring-admin-logging-project-id-permissions |
| AC-16(2) |
./namespaces/logging.yaml |
logging-sa-monitoring-admin-management-project-id-permissions |
| AC-16(2) |
./namespaces/logging.yaml |
logging-sa-storageadmin-logging-project-id-permissions |
| AC-16(2) |
./namespaces/logging.yaml |
logging-sa-workload-identity-binding |
| AC-16(2) |
./namespaces/management-namespace.yaml |
config-control-sa-management-project-editor-permissions |
| AC-16(2) |
./namespaces/management-namespace.yaml |
config-control-sa-management-project-serviceaccountadmin-permissions |
| AC-16(2) |
./namespaces/management-namespace.yaml |
config-control-sa-orgroleadmin-permissions |
| AC-16(2) |
./namespaces/management-namespace.yaml |
config-control-sa-orgroleadmin-permissions |
| AC-16(2) |
./namespaces/networking.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-16(2) |
./namespaces/networking.yaml |
networking-sa |
| AC-16(2) |
./namespaces/networking.yaml |
networking-sa |
| AC-16(2) |
./namespaces/networking.yaml |
networking-sa-dns-permissions |
| AC-16(2) |
./namespaces/networking.yaml |
networking-sa-networkadmin-permissions |
| AC-16(2) |
./namespaces/networking.yaml |
networking-sa-security-permissions |
| AC-16(2) |
./namespaces/networking.yaml |
networking-sa-service-control-org-permissions |
| AC-16(2) |
./namespaces/networking.yaml |
networking-sa-servicedirectoryeditor-permissions |
| AC-16(2) |
./namespaces/networking.yaml |
networking-sa-workload-identity-binding |
| AC-16(2) |
./namespaces/networking.yaml |
networking-sa-xpnadmin-permissions |
| AC-16(2) |
./namespaces/policies.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-16(2) |
./namespaces/policies.yaml |
policies-sa |
| AC-16(2) |
./namespaces/policies.yaml |
policies-sa |
| AC-16(2) |
./namespaces/policies.yaml |
policies-sa-orgpolicyadmin-permissions |
| AC-16(2) |
./namespaces/policies.yaml |
policies-sa-workload-identity-binding |
| AC-16(2) |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-logging |
| AC-16(2) |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-networking |
| AC-16(2) |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-policies |
| AC-16(2) |
./namespaces/projects.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-16(2) |
./namespaces/projects.yaml |
projects-sa |
| AC-16(2) |
./namespaces/projects.yaml |
projects-sa |
| AC-16(2) |
./namespaces/projects.yaml |
projects-sa-billinguser-permissions |
| AC-16(2) |
./namespaces/projects.yaml |
projects-sa-projectcreator-permissions |
| AC-16(2) |
./namespaces/projects.yaml |
projects-sa-projectdeleter-permissions |
| AC-16(2) |
./namespaces/projects.yaml |
projects-sa-projectiamadmin-permissions |
| AC-16(2) |
./namespaces/projects.yaml |
projects-sa-projectmover-permissions |
| AC-16(2) |
./namespaces/projects.yaml |
projects-sa-serviceusageadmin-permissions |
| AC-16(2) |
./namespaces/projects.yaml |
projects-sa-workload-identity-binding |
| AC-16(2) |
./org/custom-roles/gke-firewall-admin.yaml |
gke-firewall-admin |
| AC-16(2) |
./org/custom-roles/gke-firewall-admin.yaml |
gke-firewall-admin |
| AC-16(2) |
./org/custom-roles/tier2-dnsrecord-admin.yaml |
tier2-dnsrecord-admin |
| AC-16(2) |
./org/custom-roles/tier2-dnsrecord-admin.yaml |
tier2-dnsrecord-admin |
| AC-16(2) |
./org/custom-roles/tier2-vpcpeering-admin.yaml |
tier2-vpcpeering-admin |
| AC-16(2) |
./org/custom-roles/tier2-vpcpeering-admin.yaml |
tier2-vpcpeering-admin |
| AC-16(2) |
./org/custom-roles/tier3-dnsrecord-admin.yaml |
tier3-dnsrecord-admin |
| AC-16(2) |
./org/custom-roles/tier3-dnsrecord-admin.yaml |
tier3-dnsrecord-admin |
| AC-16(2) |
./org/custom-roles/tier3-firewallrule-admin.yaml |
tier3-firewallrule-admin |
| AC-16(2) |
./org/custom-roles/tier3-firewallrule-admin.yaml |
tier3-firewallrule-admin |
| AC-16(2) |
./org/custom-roles/tier3-subnetwork-admin.yaml |
tier3-subnetwork-admin |
| AC-16(2) |
./org/custom-roles/tier3-subnetwork-admin.yaml |
tier3-subnetwork-admin |
| AC-16(2) |
./org/custom-roles/tier3-vpcsc-admin.yaml |
tier3-vpcsc-admin |
| AC-16(2) |
./org/custom-roles/tier3-vpcsc-admin.yaml |
tier3-vpcsc-admin |
| AC-16(2) |
./org/custom-roles/tier4-secretmanager-admin.yaml |
tier4-secretmanager-admin |
| AC-16(2) |
./org/custom-roles/tier4-secretmanager-admin.yaml |
tier4-secretmanager-admin |
| AC-2(4) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AC-2(4) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AC-2(4) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AC-2(4) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AC-2(4) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AC-2(4) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AC-3 |
./lz-folder/audits/logging-project/project-iam.yaml |
logging-project-data-access-log-config |
| AC-3 |
./lz-folder/audits/logging-project/project-iam.yaml |
mgmt-project-cluster-platform-and-component-log-bucket-writer-permissions |
| AC-3 |
./lz-folder/audits/logging-project/project-iam.yaml |
platform-and-component-services-infra-log-bucket-writer-permissions |
| AC-3 |
./lz-folder/audits/logging-project/project-iam.yaml |
platform-and-component-services-log-bucket-writer-permissions |
| AC-3 |
./lz-folder/audits/logging-project/project-iam.yaml |
security-log-bucket-writer-permissions |
| AC-3 |
./lz-folder/audits/logging-project/project-iam.yaml |
security-log-bucket-writer-permissions |
| AC-3 |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa |
| AC-3 |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa |
| AC-3 |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa-metric-writer-permissions |
| AC-3 |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa-workload-identity-binding |
| AC-3 |
./namespaces/gatekeeper-system.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3 |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa |
| AC-3 |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa |
| AC-3 |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa-metric-writer-permissions |
| AC-3 |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa-workload-identity-binding |
| AC-3 |
./namespaces/hierarchy.yaml |
allow-folders-resource-reference-to-logging |
| AC-3 |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-config-control |
| AC-3 |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-policies |
| AC-3 |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-projects |
| AC-3 |
./namespaces/hierarchy.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3 |
./namespaces/hierarchy.yaml |
hierarchy-sa |
| AC-3 |
./namespaces/hierarchy.yaml |
hierarchy-sa |
| AC-3 |
./namespaces/hierarchy.yaml |
hierarchy-sa-folderadmin-permissions |
| AC-3 |
./namespaces/hierarchy.yaml |
hierarchy-sa-workload-identity-binding |
| AC-3 |
./namespaces/logging.yaml |
allow-logging-resource-reference-from-projects |
| AC-3 |
./namespaces/logging.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3 |
./namespaces/logging.yaml |
logging-sa |
| AC-3 |
./namespaces/logging.yaml |
logging-sa |
| AC-3 |
./namespaces/logging.yaml |
logging-sa-logadmin-permissions |
| AC-3 |
./namespaces/logging.yaml |
logging-sa-monitoring-admin-logging-project-id-permissions |
| AC-3 |
./namespaces/logging.yaml |
logging-sa-monitoring-admin-management-project-id-permissions |
| AC-3 |
./namespaces/logging.yaml |
logging-sa-storageadmin-logging-project-id-permissions |
| AC-3 |
./namespaces/logging.yaml |
logging-sa-workload-identity-binding |
| AC-3 |
./namespaces/management-namespace.yaml |
config-control-sa-management-project-editor-permissions |
| AC-3 |
./namespaces/management-namespace.yaml |
config-control-sa-management-project-serviceaccountadmin-permissions |
| AC-3 |
./namespaces/management-namespace.yaml |
config-control-sa-orgroleadmin-permissions |
| AC-3 |
./namespaces/management-namespace.yaml |
config-control-sa-orgroleadmin-permissions |
| AC-3 |
./namespaces/networking.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3 |
./namespaces/networking.yaml |
networking-sa |
| AC-3 |
./namespaces/networking.yaml |
networking-sa |
| AC-3 |
./namespaces/networking.yaml |
networking-sa-dns-permissions |
| AC-3 |
./namespaces/networking.yaml |
networking-sa-networkadmin-permissions |
| AC-3 |
./namespaces/networking.yaml |
networking-sa-security-permissions |
| AC-3 |
./namespaces/networking.yaml |
networking-sa-service-control-org-permissions |
| AC-3 |
./namespaces/networking.yaml |
networking-sa-servicedirectoryeditor-permissions |
| AC-3 |
./namespaces/networking.yaml |
networking-sa-workload-identity-binding |
| AC-3 |
./namespaces/networking.yaml |
networking-sa-xpnadmin-permissions |
| AC-3 |
./namespaces/policies.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3 |
./namespaces/policies.yaml |
policies-sa |
| AC-3 |
./namespaces/policies.yaml |
policies-sa |
| AC-3 |
./namespaces/policies.yaml |
policies-sa-orgpolicyadmin-permissions |
| AC-3 |
./namespaces/policies.yaml |
policies-sa-workload-identity-binding |
| AC-3 |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-logging |
| AC-3 |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-networking |
| AC-3 |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-policies |
| AC-3 |
./namespaces/projects.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3 |
./namespaces/projects.yaml |
projects-sa |
| AC-3 |
./namespaces/projects.yaml |
projects-sa |
| AC-3 |
./namespaces/projects.yaml |
projects-sa-billinguser-permissions |
| AC-3 |
./namespaces/projects.yaml |
projects-sa-projectcreator-permissions |
| AC-3 |
./namespaces/projects.yaml |
projects-sa-projectdeleter-permissions |
| AC-3 |
./namespaces/projects.yaml |
projects-sa-projectiamadmin-permissions |
| AC-3 |
./namespaces/projects.yaml |
projects-sa-projectmover-permissions |
| AC-3 |
./namespaces/projects.yaml |
projects-sa-serviceusageadmin-permissions |
| AC-3 |
./namespaces/projects.yaml |
projects-sa-workload-identity-binding |
| AC-3 |
./org/custom-roles/gke-firewall-admin.yaml |
gke-firewall-admin |
| AC-3 |
./org/custom-roles/gke-firewall-admin.yaml |
gke-firewall-admin |
| AC-3 |
./org/custom-roles/tier2-dnsrecord-admin.yaml |
tier2-dnsrecord-admin |
| AC-3 |
./org/custom-roles/tier2-dnsrecord-admin.yaml |
tier2-dnsrecord-admin |
| AC-3 |
./org/custom-roles/tier2-vpcpeering-admin.yaml |
tier2-vpcpeering-admin |
| AC-3 |
./org/custom-roles/tier2-vpcpeering-admin.yaml |
tier2-vpcpeering-admin |
| AC-3 |
./org/custom-roles/tier3-dnsrecord-admin.yaml |
tier3-dnsrecord-admin |
| AC-3 |
./org/custom-roles/tier3-dnsrecord-admin.yaml |
tier3-dnsrecord-admin |
| AC-3 |
./org/custom-roles/tier3-firewallrule-admin.yaml |
tier3-firewallrule-admin |
| AC-3 |
./org/custom-roles/tier3-firewallrule-admin.yaml |
tier3-firewallrule-admin |
| AC-3 |
./org/custom-roles/tier3-subnetwork-admin.yaml |
tier3-subnetwork-admin |
| AC-3 |
./org/custom-roles/tier3-subnetwork-admin.yaml |
tier3-subnetwork-admin |
| AC-3 |
./org/custom-roles/tier3-vpcsc-admin.yaml |
tier3-vpcsc-admin |
| AC-3 |
./org/custom-roles/tier3-vpcsc-admin.yaml |
tier3-vpcsc-admin |
| AC-3 |
./org/custom-roles/tier4-secretmanager-admin.yaml |
tier4-secretmanager-admin |
| AC-3 |
./org/custom-roles/tier4-secretmanager-admin.yaml |
tier4-secretmanager-admin |
| AC-3(7) |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa |
| AC-3(7) |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa |
| AC-3(7) |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa-metric-writer-permissions |
| AC-3(7) |
./namespaces/config-management-monitoring.yaml |
config-mgmt-mon-default-sa-workload-identity-binding |
| AC-3(7) |
./namespaces/gatekeeper-system.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3(7) |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa |
| AC-3(7) |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa |
| AC-3(7) |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa-metric-writer-permissions |
| AC-3(7) |
./namespaces/gatekeeper-system.yaml |
gatekeeper-admin-sa-workload-identity-binding |
| AC-3(7) |
./namespaces/hierarchy.yaml |
allow-folders-resource-reference-to-logging |
| AC-3(7) |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-config-control |
| AC-3(7) |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-policies |
| AC-3(7) |
./namespaces/hierarchy.yaml |
allow-hierarchy-resource-reference-from-projects |
| AC-3(7) |
./namespaces/hierarchy.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3(7) |
./namespaces/hierarchy.yaml |
hierarchy-sa |
| AC-3(7) |
./namespaces/hierarchy.yaml |
hierarchy-sa |
| AC-3(7) |
./namespaces/hierarchy.yaml |
hierarchy-sa-folderadmin-permissions |
| AC-3(7) |
./namespaces/hierarchy.yaml |
hierarchy-sa-workload-identity-binding |
| AC-3(7) |
./namespaces/logging.yaml |
allow-logging-resource-reference-from-projects |
| AC-3(7) |
./namespaces/logging.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3(7) |
./namespaces/logging.yaml |
logging-sa |
| AC-3(7) |
./namespaces/logging.yaml |
logging-sa |
| AC-3(7) |
./namespaces/logging.yaml |
logging-sa-logadmin-permissions |
| AC-3(7) |
./namespaces/logging.yaml |
logging-sa-monitoring-admin-logging-project-id-permissions |
| AC-3(7) |
./namespaces/logging.yaml |
logging-sa-monitoring-admin-management-project-id-permissions |
| AC-3(7) |
./namespaces/logging.yaml |
logging-sa-storageadmin-logging-project-id-permissions |
| AC-3(7) |
./namespaces/logging.yaml |
logging-sa-workload-identity-binding |
| AC-3(7) |
./namespaces/management-namespace.yaml |
config-control-sa-management-project-editor-permissions |
| AC-3(7) |
./namespaces/management-namespace.yaml |
config-control-sa-management-project-serviceaccountadmin-permissions |
| AC-3(7) |
./namespaces/management-namespace.yaml |
config-control-sa-orgroleadmin-permissions |
| AC-3(7) |
./namespaces/management-namespace.yaml |
config-control-sa-orgroleadmin-permissions |
| AC-3(7) |
./namespaces/networking.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3(7) |
./namespaces/networking.yaml |
networking-sa |
| AC-3(7) |
./namespaces/networking.yaml |
networking-sa |
| AC-3(7) |
./namespaces/networking.yaml |
networking-sa-dns-permissions |
| AC-3(7) |
./namespaces/networking.yaml |
networking-sa-networkadmin-permissions |
| AC-3(7) |
./namespaces/networking.yaml |
networking-sa-security-permissions |
| AC-3(7) |
./namespaces/networking.yaml |
networking-sa-service-control-org-permissions |
| AC-3(7) |
./namespaces/networking.yaml |
networking-sa-servicedirectoryeditor-permissions |
| AC-3(7) |
./namespaces/networking.yaml |
networking-sa-workload-identity-binding |
| AC-3(7) |
./namespaces/networking.yaml |
networking-sa-xpnadmin-permissions |
| AC-3(7) |
./namespaces/policies.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3(7) |
./namespaces/policies.yaml |
policies-sa |
| AC-3(7) |
./namespaces/policies.yaml |
policies-sa |
| AC-3(7) |
./namespaces/policies.yaml |
policies-sa-orgpolicyadmin-permissions |
| AC-3(7) |
./namespaces/policies.yaml |
policies-sa-workload-identity-binding |
| AC-3(7) |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-logging |
| AC-3(7) |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-networking |
| AC-3(7) |
./namespaces/projects.yaml |
allow-projects-resource-reference-from-policies |
| AC-3(7) |
./namespaces/projects.yaml |
configconnectorcontext.core.cnrm.cloud.google.com |
| AC-3(7) |
./namespaces/projects.yaml |
projects-sa |
| AC-3(7) |
./namespaces/projects.yaml |
projects-sa |
| AC-3(7) |
./namespaces/projects.yaml |
projects-sa-billinguser-permissions |
| AC-3(7) |
./namespaces/projects.yaml |
projects-sa-projectcreator-permissions |
| AC-3(7) |
./namespaces/projects.yaml |
projects-sa-projectdeleter-permissions |
| AC-3(7) |
./namespaces/projects.yaml |
projects-sa-projectiamadmin-permissions |
| AC-3(7) |
./namespaces/projects.yaml |
projects-sa-projectmover-permissions |
| AC-3(7) |
./namespaces/projects.yaml |
projects-sa-serviceusageadmin-permissions |
| AC-3(7) |
./namespaces/projects.yaml |
projects-sa-workload-identity-binding |
| AC-3(7) |
./org/custom-roles/gke-firewall-admin.yaml |
gke-firewall-admin |
| AC-3(7) |
./org/custom-roles/gke-firewall-admin.yaml |
gke-firewall-admin |
| AC-3(7) |
./org/custom-roles/tier2-dnsrecord-admin.yaml |
tier2-dnsrecord-admin |
| AC-3(7) |
./org/custom-roles/tier2-dnsrecord-admin.yaml |
tier2-dnsrecord-admin |
| AC-3(7) |
./org/custom-roles/tier2-vpcpeering-admin.yaml |
tier2-vpcpeering-admin |
| AC-3(7) |
./org/custom-roles/tier2-vpcpeering-admin.yaml |
tier2-vpcpeering-admin |
| AC-3(7) |
./org/custom-roles/tier3-dnsrecord-admin.yaml |
tier3-dnsrecord-admin |
| AC-3(7) |
./org/custom-roles/tier3-dnsrecord-admin.yaml |
tier3-dnsrecord-admin |
| AC-3(7) |
./org/custom-roles/tier3-firewallrule-admin.yaml |
tier3-firewallrule-admin |
| AC-3(7) |
./org/custom-roles/tier3-firewallrule-admin.yaml |
tier3-firewallrule-admin |
| AC-3(7) |
./org/custom-roles/tier3-subnetwork-admin.yaml |
tier3-subnetwork-admin |
| AC-3(7) |
./org/custom-roles/tier3-subnetwork-admin.yaml |
tier3-subnetwork-admin |
| AC-3(7) |
./org/custom-roles/tier3-vpcsc-admin.yaml |
tier3-vpcsc-admin |
| AC-3(7) |
./org/custom-roles/tier3-vpcsc-admin.yaml |
tier3-vpcsc-admin |
| AC-3(7) |
./org/custom-roles/tier4-secretmanager-admin.yaml |
tier4-secretmanager-admin |
| AC-3(7) |
./org/custom-roles/tier4-secretmanager-admin.yaml |
tier4-secretmanager-admin |
| AC-3(9) |
./org/org-policies/essentialcontacts-allowed-contact-domains.yaml |
essentialcontacts-allowed-contact-domains |
| AC-3(9) |
./org/org-policies/essentialcontacts-allowed-contact-domains.yaml |
essentialcontacts-allowed-contact-domains |
| AC-3(9) |
./org/org-policies/iam-allowed-policy-member-domains.yaml |
iam-allowed-policy-member-domains |
| AC-3(9) |
./org/org-policies/iam-allowed-policy-member-domains.yaml |
iam-allowed-policy-member-domains |
| AU-11 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
platform-and-component-log-bucket |
| AU-11 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-11 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-11 |
./lz-folder/audits/logging-project/cloud-storage-buckets.yaml |
security-incident-log-bucket |
| AU-11 |
./lz-folder/audits/logging-project/cloud-storage-buckets.yaml |
security-incident-log-bucket |
| AU-11 |
./setters.yaml |
setters |
| AU-11 |
./setters.yaml |
setters |
| AU-12 |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-12 |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-12 |
./lz-folder/services-infrastructure/dns-project/dns.yaml |
core-dns-project-id-standard-core-public-dns |
| AU-12 |
./lz-folder/services-infrastructure/dns-project/dns.yaml |
core-dns-project-id-standard-core-public-dns |
| AU-12 |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-12 |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-12 |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-12 |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-12 |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-12 |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-12 |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-12 |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-12 |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-12 |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-12(1) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-12(1) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-12(1) |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-12(1) |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-12(1) |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-12(1) |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-12(1) |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-12(1) |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-12(1) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-12(1) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-12(1) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-12(1) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-2 |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-2 |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-2 |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-2 |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-2 |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-2 |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-2 |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-2 |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-2 |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-2 |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-2 |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-2 |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-3 |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-3 |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-3 |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-3 |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-3 |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-3 |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-3 |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-3 |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-3 |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-3 |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-3 |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-3 |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-3(1) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-3(1) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-3(1) |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-3(1) |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-3(1) |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-3(1) |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-3(1) |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-3(1) |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-3(1) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-3(1) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-3(1) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-3(1) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-4(1) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
platform-and-component-log-bucket |
| AU-4(1) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-4(1) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-4(1) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-4(1) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-4(1) |
./lz-folder/audits/logging-project/project.yaml |
logging-project-id |
| AU-4(1) |
./lz-folder/audits/logging-project/project.yaml |
logging-project-id |
| AU-4(1) |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-4(1) |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-4(1) |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-4(1) |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-4(1) |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-4(1) |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-4(1) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-4(1) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-4(1) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-4(1) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-6(4) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
platform-and-component-log-bucket |
| AU-6(4) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-6(4) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-6(4) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-6(4) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-6(4) |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-6(4) |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-6(4) |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-6(4) |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-6(4) |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-6(4) |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-6(4) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-6(4) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-6(4) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-6(4) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-7 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
platform-and-component-log-bucket |
| AU-7 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-7 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-9 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
platform-and-component-log-bucket |
| AU-9 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-9 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-9 |
./lz-folder/audits/logging-project/cloud-storage-buckets.yaml |
security-incident-log-bucket |
| AU-9 |
./lz-folder/audits/logging-project/cloud-storage-buckets.yaml |
security-incident-log-bucket |
| AU-9 |
./lz-folder/audits/logging-project/project-iam.yaml |
logging-project-data-access-log-config |
| AU-9 |
./lz-folder/audits/logging-project/project-iam.yaml |
mgmt-project-cluster-platform-and-component-log-bucket-writer-permissions |
| AU-9 |
./lz-folder/audits/logging-project/project-iam.yaml |
platform-and-component-services-infra-log-bucket-writer-permissions |
| AU-9 |
./lz-folder/audits/logging-project/project-iam.yaml |
platform-and-component-services-log-bucket-writer-permissions |
| AU-9 |
./lz-folder/audits/logging-project/project-iam.yaml |
security-log-bucket-writer-permissions |
| AU-9 |
./lz-folder/audits/logging-project/project-iam.yaml |
security-log-bucket-writer-permissions |
| AU-9 |
./setters.yaml |
setters |
| AU-9 |
./setters.yaml |
setters |
| AU-9(2) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
platform-and-component-log-bucket |
| AU-9(2) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-9(2) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-9(2) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-9(2) |
./lz-folder/audits/logging-project/project-sink.yaml |
logging-project-id-data-access-sink |
| AU-9(2) |
./lz-folder/audits/logging-project/project.yaml |
logging-project-id |
| AU-9(2) |
./lz-folder/audits/logging-project/project.yaml |
logging-project-id |
| AU-9(2) |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-9(2) |
./lz-folder/services-infrastructure/folder-sink.yaml |
platform-and-component-services-infra-log-sink |
| AU-9(2) |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-9(2) |
./lz-folder/services/folder-sink.yaml |
platform-and-component-services-log-sink |
| AU-9(2) |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-9(2) |
./mgmt-project/project-sink.yaml |
mgmt-project-cluster-platform-and-component-log-sink |
| AU-9(2) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-9(2) |
./org/org-sink.yaml |
org-log-sink-data-access-logging-project-id |
| AU-9(2) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-9(2) |
./org/org-sink.yaml |
org-log-sink-security-logging-project-id |
| AU-9(4) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
platform-and-component-log-bucket |
| AU-9(4) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-9(4) |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| AU-9(4) |
./lz-folder/audits/logging-project/cloud-storage-buckets.yaml |
security-incident-log-bucket |
| AU-9(4) |
./lz-folder/audits/logging-project/cloud-storage-buckets.yaml |
security-incident-log-bucket |
| IA-1 |
./org/org-policies/iam-disable-service-account-key-creation.yaml |
iam-disable-service-account-key-creation |
| IA-1 |
./org/org-policies/iam-disable-service-account-key-upload.yaml |
iam-disable-service-account-key-upload |
| SC-20 |
./lz-folder/services-infrastructure/dns-project/dns.yaml |
core-dns-project-id-standard-core-public-dns |
| SC-20 |
./lz-folder/services-infrastructure/dns-project/dns.yaml |
core-dns-project-id-standard-core-public-dns |
| SI-4 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
platform-and-component-log-bucket |
| SI-4 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| SI-4 |
./lz-folder/audits/logging-project/cloud-logging-buckets.yaml |
security-log-bucket |
| SI-4 |
./lz-folder/audits/logging-project/cloud-storage-buckets.yaml |
security-incident-log-bucket |
| SI-4 |
./lz-folder/audits/logging-project/cloud-storage-buckets.yaml |
security-incident-log-bucket |