Asset Inventory Snapshot (Cloud Function + Cloud Scheduler) - 1

베하 ~~~! 엄…팀입니다.

 

 

이번 주제에서는 Cloud Function과 Cloud Scheduler를 이용해서 Asset Inventory를 주기적으로 Export하고 BigQuery에 적재하는 방법을 알아보겠습니다. Google Cloud에서 제공하는 Docs를 찾아보면 Asset Inventory에 대해서 Export할 수 있는 API를 여러 방식으로 제공하고 있습니다 (gcloud, REST, etc..)

 

https://cloud.google.com/asset-inventory/docs/samples/asset-quickstart-export-assets-bigquery?hl=ko#code-sample

https://cloud.google.com/asset-inventory/docs/exporting-to-bigquery#prepare-bigquery

 

 

Cloud Function 배포

1. 서비스 계정 생성

gcloud --project=bespin-uhmm \
iam service-accounts create bespin-asset-func-test

2. 권한 부여

gcloud --project=bespin-uhmm \
projects add-iam-policy-binding bespin-uhmm --member=serviceAccount:bespin-asset-func-test@bespin-uhmm.iam.gserviceaccount.com \
--role=roles/cloudasset.viewer

gcloud --project=bespin-uhmm \
projects add-iam-policy-binding bespin-uhmm --member=serviceAccount:bespin-asset-func-test@bespin-uhmm.iam.gserviceaccount.com \
--role=roles/bigquery.dataEditor

3. 권한 확인

gcloud --project=bespin-uhmm projects get-iam-policy bespin-uhmm \
--flatten="bindings[].members" \
--format='table(bindings.role,bindings.members)' \
--filter="bindings.members:serviceAccount:bespin-asset-func-test@bespin-uhmm.iam.gserviceaccount.com"

4. Cloud Function 생성

• runtime check : gcloud --project bespin-uhmm  functions runtimes list --region asia-northeast3

gcloud --project bespin-uhmm \
functions deploy bespin-asset-func \
--region asia-northeast3 \
--runtime python311 \
--entry-point my_entrypoint \
--service-account bespin-asset-func-test@bespin-uhmm.iam.gserviceaccount.com

 

 

 

Cloud Scheduler 배포

1. 서비스 계정 생성

gcloud --project=bespin-uhmm \
iam service-accounts create bespin-asset-job-test

2. 권한 부여

gcloud --project bespin-uhmm \
functions add-iam-policy-binding bespin-asset-func \
--member=bespin-asset-job-test@bespin-uhmm.iam.gserviceaccount.com \
--role=roles/run.invoker \
--gen2

3. 권한 확인

gcloud --project=bespin-uhmm projects get-iam-policy bespin-uhmm \
--flatten="bindings[].members" \
--format='table(bindings.role,bindings.members)' \
--filter="bindings.members:serviceAccount:bespin-asset-func-test@bespin-uhmm.iam.gserviceaccount.com"~

4. Cloud Scheduler Job 생성

gcloud --project bespin-uhmm \\
scheduler jobs create http bespin-asset-job-test \\
--time-zone=Asia/Seoul \\
--schedule="0 0 0 0 0" \\
--uri="CLOUD_FUNCTION_URI" \\
--oauth-service-account-email=bespin-asset-job-test@bespin-uhmm.iam.gserviceaccount.com

 

이후 2편에서 실제 사용된 애플리케이션 소스 및 자세한 설명이 있겠습니다.

 

Reference.

https://cloud.google.com/asset-inventory/docs/samples/asset-quickstart-export-assets-bigquery?hl=ko#code-sample

https://cloud.google.com/asset-inventory/docs/exporting-to-bigquery#prepare-bigquery