Skip to main content
All CollectionsConnectionsGeneral Information
Exclusion labels within GCP
Exclusion labels within GCP

Implementing exclusion labels for specific resources

Updated over 2 months ago

You may have resources within GCP that should always be ignored by Drata's compliance automation tests. Sometimes these are new resource that spin up each day. The exclusion label functionality will allow you to exclude these resources with a label within GCP.

Exclusion labels currently apply to the following resource types. Drata will continue to expand the use of exclusion labels.

  • Buckets

  • Virtual machines

  • Kubernets clusters

  • CloudSQL DBs

  • GCP Projects

Exclude GCP Buckets with labels

To exclude GCP Buckets with labels:

  1. Select the bucket you wish to exclude in Cloud Storage.

    User-uploaded Image

  2. Select the Configuration tab.

    User-uploaded Image

  3. Scroll down to the Labels field under the Configuration tab and select the edit icon.

    User-uploaded Image

  4. Enter the following values:

    • Key: drataexclude

    • Value: <Enter the rationale behind excluding this bucket. Ensure that there are no spaces.>

      User-uploaded Image

  5. Save your changes.

Exclude VM instances with labels

To exclude VM instances with labels:

  1. Select the Instance you wish to exclude in the Compute Engine workflow.

    User-uploaded Image

  2. Select the Edit tab.

    User-uploaded Image

  3. Scroll down and select Add label.

    User-uploaded Image

  4. Enter the following values:

    • Key: drataexclude

    • Value: <Enter the rationale behind excluding this bucket. Ensure that there are no spaces.>

      User-uploaded Image

  5. Save your changes.

Exclude Kubernetes Clusters with labels

⚠️ Limitation: When labeling Kubernetes clusters, the exclude label takes about an hour to propagate to the node level. If Test 118 - Infrastructure Instance CPU Monitored is run before the label propagates to the node level, the test will fail.

User-uploaded Image

To exclude Kubernetes Clusters with labels:

  1. Select the cluster you wish to exclude in the Kubernetes Engine workflow.

    User-uploaded Image

  2. Under the Metadata section, scroll down and select the edit icon for Labels.

    User-uploaded Image

  3. Select Add Label and enter the follow values:

    • Key: drataexclude

    • Value: <Enter the rationale behind excluding this bucket. Ensure that there are no spaces.>

      User-uploaded Image

  4. Save your changes.

Exclude CloudSQL DBs

To exclude CloudSQL DBs:

  1. Select the SQL button and the DB name you want to exclude.

  2. Select the edit button.

  3. Expand the Labels section and then select Add Label.

  4. Enter the follow values and select done.

    • Key: drataexclude

    • Value: <Enter the rationale behind excluding this bucket. Ensure that there are no spaces.>

  5. Then, ensure to save your changes.

Exclude GCP Projects

⚠️ Limitation: If a change is made to the GCP web page, you may have to wait 3 to 4 minutes between each test run for the changes to be reflected correctly.

To exclude entire projects, follow these steps:

  1. Navigate to the GCP website and select the project you want to exclude.

  2. In the Labels section, select Add Label button.

  3. Enter the follow values and select done.

    • Key: drataexclude

    • Value: <Enter the rationale behind excluding this bucket. Ensure that there are no spaces.>

  4. Save your changes.

Did this answer your question?