website logo
HomeGithubSlack
⌘K
Overview
Quick Start
Supported Services
Running CloudGraph in EKS
Compliance
Rules Engine
AWS
Querying AWS Data
AWS Policy Packs
Billing Data
Services
Azure
Querying Azure Data
Azure Policy Packs
Services
GCP
Querying GCP Data
GCP Policy Packs
Services
K8s
Querying Kubernetes Data
Services
Docs powered by
Archbee
GCP
Services

VM Instance

18min

Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.

Overview

You can currently query the following attributes and connections on an GCP VM Instances

GraphQL
|
query {
  querygcpVmInstance {
    id
    projectId
    region
    name
    kind
    advancedMachineFeatures {
      enableNestedVirtualization
      threadsPerCore
    }
    canIpForward
    confidentialInstanceConfig {
      enableConfidentialCompute
    }
    cpuPlatform
    creationTimestamp
    deletionProtection
    description
    disks {
      id
      autoDelete
      boot
      deviceName
      diskEncryptionKey {
        kmsKeyName
        kmsKeyServiceAccount
        rawKey
        sha256
      }
      diskSizeGb
      guestOsFeatures {
        id
        type
      }
      index
      initializeParams {
        description
        diskName
        diskSizeGb
        diskType
        labels {
          id
          key
          value
        }
        onUpdateAction
        provisionedIops
        resourcePolicies
        sourceImage
        sourceImageEncryptionKey {
          kmsKeyName
          kmsKeyServiceAccount
          rawKey
          sha256
        }
        sourceSnapshot
        sourceSnapshotEncryptionKey {
          kmsKeyName
          kmsKeyServiceAccount
          rawKey
          sha256
        }
      }
      interface
      kind
      licenses
      mode
      shieldedInstanceInitialState {
        dbs {
          id
          content
          fileType
        }
        dbxs {
          id
          content
          fileType
        }
        keks {
          id
          content
          fileType
        }
        pk {
          id
          content
          fileType
        }
      }
      source
      type
    }
    displayDevice {
      enableDisplay
    }
    fingerprint
    guestAccelerators {
      id
      acceleratorCount
      acceleratorType
    }
    hostname
    kind
    labelFingerprint
    labels {
      id
      key
      value
    }
    lastStartTimestamp
    lastStopTimestamp
    lastSuspendedTimestamp
    machineType
    metadata {
      fingerprint
      items {
        id
        key
        value
      }
      kind
    }
    minCpuPlatform
    networkInterfaces {
      id
      accessConfigs {
        id
        kind
        name
        natIP
        networkTier
        publicPtrDomainName
        setPublicPtr
        type
      }
      aliasIpRanges {
        id
        ipCidrRange
        subnetworkRangeName
      }
      fingerprint
      ipv6Address
      kind
      name
      network
      networkIP
      nicType
      subnetwork
    }
    privateIpv6GoogleAccess
    reservationAffinity {
      consumeReservationType
      key
      values
    }
    resourcePolicies
    satisfiesPzs
    scheduling {
      automaticRestart
      locationHint
      minNodeCpus
      nodeAffinities {
        id
        key
        operator
        values
      }
      onHostMaintenance
      preemptible
    }
    selfLink
    serviceAccounts {
      id
      email
      scopes
    }
    shieldedInstanceConfig {
      enableIntegrityMonitoring
      enableSecureBoot
      enableVtpm
    }
    shieldedInstanceIntegrityPolicy {
      updateAutoLearnPolicy
    }
    startRestricted
    status
    statusMessage
    tags {
      fingerprint
      items
    }
    zone
    project {
      name
      # Other fields and connections here...
    }
    network {
      name
      # Other fields and connections here...
    }
    subnet {
      name
      # Other fields and connections here...
    }
  }
}


Filtering

Get data for a single GCP VM Instance that you know the ID for:

GraphQL
|
query {
  getgcpVmInstance(id: "12345") {
    id
    # Other fields and connections here...
  }
}


Get data for all of the VM instances in a GCP project:

GraphQL
|
query {
  querygcpVmInstance(filter: { projectId: { eq: "12345" } }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "projectId" you can
# Filter based on any of the following attributes:

# id
# projectId
# region
# name
# kind
# canIpForward
# cpuPlatform
# creationTimestamp
# deletionProtection
# description
# fingerprint
# hostname
# kind
# labelFingerprint
# lastStartTimestamp
# lastStopTimestamp
# lastSuspendedTimestamp
# machineType
# minCpuPlatform
# privateIpv6GoogleAccess
# resourcePolicies
# satisfiesPzs
# selfLink
# startRestricted
# status
# statusMessage
# zone

# And the following Dgraph filters can also be applied:

# has
# and
# or
# not
# regexp (regular expressions)

# fulltext filters

# alloftext
# anyoftext


Get data for all of the VM instances that are NOT in a GCP project:

GraphQL
|
query {
  querygcpVmInstance(filter: { not: { projectId: { eq: "12345" } } }) {
    id
    # Other fields and connections here...
  }
}


Advanced Filtering

Get data for all of the VM instances that have cloud functions in them:

GraphQL
|
query {
  querygcpVmInstance(filter: { has: network }) {
    id
    # Other fields and connections here...
  }
}

# Note that in addition to "network" you can filter
# Using "has" based on any of the following attributes:

# id
# projectId
# region
# name
# kind
# advancedMachineFeatures
# canIpForward
# confidentialInstanceConfig
# cpuPlatform
# creationTimestamp
# deletionProtection
# description
# disks
# displayDevice
# fingerprint
# guestAccelerators
# hostname
# kind
# labelFingerprint
# labels
# lastStartTimestamp
# lastStopTimestamp
# lastSuspendedTimestamp
# machineType
# metadata
# minCpuPlatform
# networkInterfaces
# privateIpv6GoogleAccess
# reservationAffinity
# resourcePolicies
# satisfiesPzs
# scheduling
# selfLink
# serviceAccounts
# shieldedInstanceConfig
# shieldedInstanceIntegrityPolicy
# startRestricted
# status
# statusMessage
# tags
# zone
# project
# network
# subnet


Use multiple filter selectors, (i.e. has, and, not, or) to get data for all of the VM instances that have cloud functions AND subnets in them OR that do not have networks in them. Note that you can use has, and, not, or completely independently of each other:

GraphQL
|
query {
  querygcpVmInstance(
    filter: {
      has: network
      and: { has: subnet }
      or: { not: { has: network } }
    }
  ) {
    id
    # Other fields and connections here...
  }
}


You may also filter using a regex when filtering on a string field like, lastStartTimestamp if you want to look for a value that matches say, some-time:

GraphQL
|
query {
  querygcpVmInstance(filter: { lastStartTimestamp: { regexp: "/.*some-time*/" } }) {
    id
    # Other fields and connections here...
  }
}


Ordering

You can order the results you get back either asc or desc depending on your preference:

GraphQL
|
query {
  querygcpVmInstance(order: { desc: description }) {
    description
    # Other fields and connections here...
  }
}

# Note that in addition to "description" you can filter
# Using "asc" or "desc" based on any of the following attributes:

# id
# projectId
# region
# name
# kind
# canIpForward
# cpuPlatform
# creationTimestamp
# deletionProtection
# description
# fingerprint
# hostname
# kind
# labelFingerprint
# lastStartTimestamp
# lastStopTimestamp
# lastSuspendedTimestamp
# machineType
# minCpuPlatform
# privateIpv6GoogleAccess
# resourcePolicies
# satisfiesPzs
# selfLink
# startRestricted
# status
# statusMessage
# zone


Only select and return the first two VM instances that are found:

GraphQL
|
query {
  querygcpVmInstance(first: 2, order: { desc: description }) {
    description
    # Other fields and connections here...
  }
}


Only select and return the first two VM instances that are found, but offset by one so VM instances two & three are returned:

GraphQL
|
query {
  querygcpVmInstance(first: 2, order: { desc: description }, offset: 1) {
    id
    # Other fields and connections here...
  }
}


Aggregation

Count the number of VM instances across all scanned GCP projects:

GraphQL
|
query {
  aggregategcpVmInstance {
    count
    # Other fields and connections here...
  }
}


Count the number of VM instances in a single project. Note that you can apply all of the same filters that are listed above to aggregate queries:

GraphQL
|
query {
  aggregategcpVmInstance(filter: { projectId: { eq: "12345" } }) {
    count
    # Other fields and connections here...
  }
}


Examples

Find all of the VM instances that have a tag of Environment:Production for a single GCP project:

GraphQL
|
query {
  querygcpTag(
    filter: { key: { eq: "Environment" }, value: { eq: "Production" } }
  ) {
    vmInstance(filter: { projectId: { eq: "12345" } }) {
      id
      # Other fields and connections here...
    }
  }
}


With CloudGraph you can run multiple queries at the same time so you can combine the above two queries if you like:

GraphQL
|
query {
  querygcpVmInstance {
    id
    # Other fields and connections here...
  }
  querygcpTag(
    filter: { key: { eq: "Environment" }, value: { eq: "Production" } }
  ) {
    vmInstance(filter: { projectId: { eq: "12345" } }) {
      id
      # Other fields and connections here...
    }
  }
}


When you think, "in terms of a graph", you can do almost anything with CloudGraph. Say for example that you want to know what VM instances don't leverage networking. Simply check to see what networks the VM instance is "connected" to, and compare that against the list of all networks like so:

GraphQL
|
query {
  querygcpVmInstance(filter: { id: { eq: "id:12345" } }) {
    id
    network {
      id
    }
  }
  querygcpNetwork {
    id
  }
}


Kitchen Sink

Putting it all together; get all data for all VM instances across all regions for all scanned GCP projects in a single query. For the purposes of this example we will only get direct children of the VM instances:

GraphQL
|
query {
  querygcpVmInstance {
    id
    projectId
    region
    name
    kind
    advancedMachineFeatures {
      enableNestedVirtualization
      threadsPerCore
    }
    canIpForward
    confidentialInstanceConfig {
      enableConfidentialCompute
    }
    cpuPlatform
    creationTimestamp
    deletionProtection
    description
    disks {
      id
      autoDelete
      boot
      deviceName
      diskEncryptionKey {
        kmsKeyName
        kmsKeyServiceAccount
        rawKey
        sha256
      }
      diskSizeGb
      guestOsFeatures {
        id
        type
      }
      index
      initializeParams {
        description
        diskName
        diskSizeGb
        diskType
        labels {
          id
          key
          value
        }
        onUpdateAction
        provisionedIops
        resourcePolicies
        sourceImage
        sourceImageEncryptionKey {
          kmsKeyName
          kmsKeyServiceAccount
          rawKey
          sha256
        }
        sourceSnapshot
        sourceSnapshotEncryptionKey {
          kmsKeyName
          kmsKeyServiceAccount
          rawKey
          sha256
        }
      }
      interface
      kind
      licenses
      mode
      shieldedInstanceInitialState {
        dbs {
          id
          content
          fileType
        }
        dbxs {
          id
          content
          fileType
        }
        keks {
          id
          content
          fileType
        }
        pk {
          id
          content
          fileType
        }
      }
      source
      type
    }
    displayDevice {
      enableDisplay
    }
    fingerprint
    guestAccelerators {
      id
      acceleratorCount
      acceleratorType
    }
    hostname
    kind
    labelFingerprint
    labels {
      id
      key
      value
    }
    lastStartTimestamp
    lastStopTimestamp
    lastSuspendedTimestamp
    machineType
    metadata {
      fingerprint
      items {
        id
        key
        value
      }
      kind
    }
    minCpuPlatform
    networkInterfaces {
      id
      accessConfigs {
        id
        kind
        name
        natIP
        networkTier
        publicPtrDomainName
        setPublicPtr
        type
      }
      aliasIpRanges {
        id
        ipCidrRange
        subnetworkRangeName
      }
      fingerprint
      ipv6Address
      kind
      name
      network
      networkIP
      nicType
      subnetwork
    }
    privateIpv6GoogleAccess
    reservationAffinity {
      consumeReservationType
      key
      values
    }
    resourcePolicies
    satisfiesPzs
    scheduling {
      automaticRestart
      locationHint
      minNodeCpus
      nodeAffinities {
        id
        key
        operator
        values
      }
      onHostMaintenance
      preemptible
    }
    selfLink
    serviceAccounts {
      id
      email
      scopes
    }
    shieldedInstanceConfig {
      enableIntegrityMonitoring
      enableSecureBoot
      enableVtpm
    }
    shieldedInstanceIntegrityPolicy {
      updateAutoLearnPolicy
    }
    startRestricted
    status
    statusMessage
    tags {
      fingerprint
      items
    }
    zone
    project {
      id
      name
      parent
      projectId
      state
      displayName
      createTime
      updateTime
      deleteTime
      etag
      labels {
        id
        key
        value
      }
      alertPolicies {
        name
        # Other fields and connections here...
      }
      apiKeys {
        name
        # Other fields and connections here...
      }
      cloudFunctions {
        name
        # Other fields and connections here...
      }
      computeProject {
        name
        # Other fields and connections here...
      }
      dnsManagedZones {
        name
        # Other fields and connections here...
      }
      dnsPolicies {
        name
        # Other fields and connections here...
      }
      bigQueryDataset {
        name
        # Other fields and connections here...
      }
      bigQueryConnection {
        name
        # Other fields and connections here...
      }
      bigQueryReservation {
        name
        # Other fields and connections here...
      }
      bigQueryReservationCapacityCommitment {
        name
        # Other fields and connections here...
      }
      bigQueryDataTransfer {
        name
        # Other fields and connections here...
      }
      bigQueryDataTransferRun {
        name
        # Other fields and connections here...
      }
      vpcConnectors {
        name
        # Other fields and connections here...
      }
      kmsKeyRing {
        name
        # Other fields and connections here...
      }
      cloudRouters {
        name
        # Other fields and connections here...
      }
      iamPolicies {
        id
        # Other fields and connections here...
      }
      logBuckets {
        name
        # Other fields and connections here...
      }
      logMetrics {
        name
        # Other fields and connections here...
      }
      logViews {
        name
        # Other fields and connections here...
      }
      logSinks {
        name
        # Other fields and connections here...
      }
      storageBuckets {
        name
        # Other fields and connections here...
      }
      firewalls {
        name
        # Other fields and connections here...
      }
      folder {
        name
        # Other fields and connections here...
      }
      organization {
        name
        # Other fields and connections here...
      }
      secrets {
        name
        # Other fields and connections here...
      }
      sslPolicies {
        name
        # Other fields and connections here...
      }
      networks {
        name
        # Other fields and connections here...
      }
      subnets {
        name
        # Other fields and connections here...
      }
      targetSslProxies {
        name
        # Other fields and connections here...
      }
      targetHttpsProxies {
        name
        # Other fields and connections here...
      }
      vmInstances {
        name
        # Other fields and connections here...
      }
      assets {
        name
        # Other fields and connections here...
      }
      sqlInstances {
        name
        # Other fields and connections here...
      }
      serviceAccounts {
        name
        # Other fields and connections here...
      }
      kmsCryptoKeys {
        name
        # Other fields and connections here...
      }
      dataprocClusters {
        name
        # Other fields and connections here...
      }
      dataprocAutoscalingPolicies {
        name
        # Other fields and connections here...
      }
      dataprocJobs {
        name
        # Other fields and connections here...
      }
      dataprocWorkflowTemplates {
        name
        # Other fields and connections here...
      }
    }
    network {
      id
      projectId
      region
      name
      kind
      labels {
        id
        key
        value
      }
      ipV4Range
      autoCreateSubnetworks
      creationTimestamp
      description
      gatewayIPv4
      kind
      mtu
      peerings {
        id
        autoCreateRoutes
        exchangeSubnetRoutes
        exportCustomRoutes
        exportSubnetRoutesWithPublicIp
        importCustomRoutes
        importSubnetRoutesWithPublicIp
        name
        network
        peerMtu
        state
        stateDetails
      }
      routingConfig {
        routingMode
      }
      selfLink
      dnsPolicies {
        name
        # Other fields and connections here...
      }
      firewalls {
        name
        # Other fields and connections here...
      }
      project {
        name
        # Other fields and connections here...
      }
      sqlInstances {
        name
        # Other fields and connections here...
      }
      subnets {
        name
        # Other fields and connections here...
      }
      vpcConnectors {
        name
        # Other fields and connections here...
      }
      vmInstances {
        name
        # Other fields and connections here...
      }
      cloudRouters {
        name
        # Other fields and connections here...
      }
    }
    subnet {
      id
      projectId
      region
      name
      kind
      labels {
        id
        key
        value
      }
      creationTimestamp
      description
      enableFlowLogs
      fingerprint
      gatewayAddress
      ipCidrRange
      ipv6CidrRange
      kind
      logConfig {
        aggregationInterval
        enable
        filterExpr
        flowSampling
        metadata
        metadataFields
      }
      privateIpGoogleAccess
      privateIpv6GoogleAccess
      purpose
      role
      secondaryIpRanges {
        id
        ipCidrRange
        rangeName
      }
      selfLink
      state
      project {
        displayName
        # Other fields and connections here...
      }
      network {
        name
        # Other fields and connections here...
      }
      vpcConnectors {
        name
        # Other fields and connections here...
      }
      vmInstances {
        name
        # Other fields and connections here...
      }
    }
  }
}


References

GCP VM Instances documentation

Dgraph documentation on querying

Updated 03 Mar 2023
Did this page help you?
PREVIOUS
Storage Bucket
NEXT
VPC Connector
Docs powered by
Archbee
TABLE OF CONTENTS
Overview
Filtering
Advanced Filtering
Ordering
Aggregation
Examples
Kitchen Sink
References
Docs powered by
Archbee