This policy template reports on any existing recommendations generated by the Google Recommender service. Optionally, the user can filter results by recommendation type, project ID/name, or region.
NOTE: This policy is only recommended if you specifically need a consolidated view of several recommenders in a single report and for recommenders that do not have a dedicated policy template. Otherwise, it is recommended that you use one or more of the following policy templates instead.
- Google Idle Cloud SQL Instance Recommender - Idle Cloud SQL Instance
- Google Idle IP Address Recommender - Idle IP Address
- Google Idle Persistent Disk Recommender - Idle Persistent Disk
- Google Rightsize VM Recommender - Idle VM, VM Machine Type
- Google Committed Use Discount Recommender - Committed Use Discount
This policy gathers cloud native Google recommendations using the Google Recommender API. More information is available in Google's documentation:
- Email Addresses - Email addresses of the recipients you wish to notify.
- Recommenders - Google Recommenders to report on. Only selected options will be reported on. At least one recommender needs to be selected; otherwise, no incident will be raised.
- Minimum Savings Threshold - Minimum potential savings required to generate a recommendation.
- Allow/Deny Projects - Whether to treat Allow/Deny Projects List parameter as allow or deny list. Has no effect if Allow/Deny Projects List is left empty.
- Allow/Deny Projects List - Filter results by project ID/name, either only allowing this list or denying it depending on how the above parameter is set. Leave blank to consider all projects
- Allow/Deny Regions - Whether to treat Allow/Deny Regions List parameter as allow or deny list. Has no effect if Allow/Deny Regions List is left empty.
- Allow/Deny Regions List - Filter results by region, either only allowing this list or denying it depending on how the above parameter is set. Leave blank to consider all the regions.
- Sends an email notification
This Policy Template uses Credentials for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s).
-
Google Cloud Credential (provider=gce) which has the following:
resourcemanager.projects.getrecommender.cloudSecurityGeneralRecommendations.list*recommender.cloudsqlIdleInstanceRecommendations.list*recommender.cloudsqlInstanceOutOfDiskRecommendations.list*recommender.cloudsqlOverprovisionedInstanceRecommendations.list*recommender.computeAddressIdleResourceRecommendations.list*recommender.computeDiskIdleResourceRecommendations.list*recommender.computeImageIdleResourceRecommendations.list*recommender.computeInstanceGroupManagerMachineTypeRecommendations.list*recommender.computeInstanceIdleResourceRecommendations.list*recommender.computeInstanceMachineTypeRecommendations.list*recommender.containerDiagnosisRecommendations.list*recommender.iamPolicyRecommendations.list*recommender.loggingProductSuggestionContainerRecommendations.list*recommender.monitoringProductSuggestionComputeRecommendations.list*recommender.resourcemanagerProjectUtilizationRecommendations.list*recommender.runServiceSecurityRecommendations.list*recommender.usageCommitmentRecommendations.list*
* Only required if the specific recommendation is desired.
-
Flexera Credential (provider=flexera) which has the following roles:
billing_center_viewer
The Provider-Specific Credentials page in the docs has detailed instructions for setting up Credentials for the most common providers.
Additionally, this Policy Template requires that several APIs be enabled in your Google Cloud environment:
This policy template does not incur any cloud costs.
Google sets quotas on the Recommender API; this will cause a 429 RESOURCE_EXHAUSTED response when the quota is exceeded. See Quotas & Limits for more information.