Skip to content
/ gcp-resource-counter Public

Bash scripts for counting the resources in use in a GCP environment.

License

BSD-2-Clause license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

expel-io/gcp-resource-counter

BranchesTags

Repository files navigation

gcp-resource-counter

Bash scripts for counting resources within a GCP environment. The result is a JSON object that describes the resource counts within the specified GCP organization.

Requirements

In order to run the bash scripts there are a few requirements:

  1. Install Google Cloud CLI (gcloud) - minimum version 349.0.0

  2. Enable one of the following APIs and grant the required role/permission to the user running the resource counting script:

    • Cloud Asset Inventory API (slower, but free to use). The user running the script must have one of these roles at the organization-level:
      • roles/owner
      • roles/cloudasset.owner
      • roles/cloudasset.viewer
    • This method has been deprecated. As outlined in Listing assets using the Security Command Center API, this functionality has been deprecated on June 20, 2023 and will reach its EOL on June 20, 2024.
      Security Command Center (faster, but not free). The user running the script must have one of these roles at the organization-level:
      • roles/resourcemanager.organizationAdmin
      • roles/securitycenter.admin
      • roles/securitycenter.adminViewer

  3. Install jq

  4. Retrieve the GCP organization ID by running the following command and looking for the ID of the organization to count:

    gcloud organizations list

Authenticate via gcloud CLI

  1. In a terminal run: gcloud auth list to display credentialed accounts

  2. Enable the account with the organization-level permissions by running the command below replacing ACCOUNT_ID with the target user/service account ID from the previous step:

    gcloud config set account ACCOUNT_ID

How to run using cloud asset inventory (gcloud_asset_inventory.sh)

λ organizationID=123456789012 ./gcloud_asset_inventory.sh
{
  "appengine.googleapis.com/Application": 20,
  "cloudfunctions.googleapis.com/CloudFunction": 63,
  "compute.googleapis.com/Instance": 466,
  "compute.googleapis.com/K8RelatedInstance": 8,
  "sqladmin.googleapis.com/Instance": 65,
  "storage.googleapis.com/Bucket": 367,
  "k8s.io/Node": 8,
}

Note about output

compute.googleapis.com/K8RelatedInstance is not an actual asset that listed in Supported asset types. The number generated for this custom asset is from filtering all compute instances that have a goog-gke-node label. This label is used because it's a protected and automatically applied label to compute instances that were created by a GKE cluster.

Troubleshooting

Running cloud asset inventory returns null

λ organizationID=123456789012 ./gcloud_asset_inventory.sh
null

Verify IAM for user running asset inventory script has one of the roles required and has access to the organization.

About

Bash scripts for counting the resources in use in a GCP environment.

Topics

offline-tool

Resources

Readme

License

BSD-2-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases 3

0.3.0 Latest
Apr 12, 2024
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages