Information
GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.
Rationale:
The GCP resources and IAM policies captured by GCP Cloud Asset Inventory enables security analysis, resource change tracking, and compliance auditing.
Impact:
It is recommended GCP Cloud Asset Inventory be enabled for all GCP projects.
Solution
From Console:
Enable the Cloud Asset API:
Go to API & Services/Library by visiting https://console.cloud.google.com/apis/library
Search for Cloud Asset API and select the result for Cloud Asset API
Click the ENABLE button.
From Command Line:
Enable the Cloud Asset API:
Enable the Cloud Asset API through the services interface:
gcloud services enable cloudasset.googleapis.com
Default Value:
The Cloud Asset Inventory API is disabled by default in each project.