Reverse engineering a GCP asset inventory to build...

dheerajpanyam · 03-15-2025 09:41 AM

I am doing a cloud architecture assessment for a customer with a medium to large scale deployment on GCP . The company has gone through a mergers, acquisitions , change of personnel etc and hence they do not have an architecture diagram that I can use a reference to do my assessment.

My question is looking at the GCP asset inventory deployed in a project , is it possible to reverse engineer using any automated tool (i am not expecting a 100% accurate diagram for obvious reasons) or is it more of a manual effort going through the services and trying to link them? For example consider a GCE MIG deployment. I can look at the properties of the MIG and trace back to arrive at a target HTTP L7 load balancer fronting the MIG. Along the way i can also look at what SSL certs are used.

-Rhett

Hi @dheerajpanyam,

My question is looking at the GCP asset inventory deployed in a project , is it possible to reverse engineer using any automated tool (i am not expecting a 100% accurate diagram for obvious reasons) or is it more of a manual effort going through the services and trying to link them?

Can you share your ideal goal here? From my understanding, are you planning to:

Create an exhaustive and comprehensive list of cloud assets of your customer’s entire organization
Map those assets in an architecture diagram similar to this:

For this use case, I can recommend exploring these tools:

Cloud Asset Inventory: Cloud Asset Inventory is a global metadata service that allows users to view, search, export, and analyze Google Cloud assets, with up to 35 days of history. It supports querying resources, IAM policies, and relationships, exporting metadata to BigQuery or Cloud Storage for analysis, and monitoring asset changes, with different content types providing varying levels of metadata detail. This could be helpful if you need a bird’s eye view of all the resources in the organization.
Application Design Center: Application Design Center is a Google Cloud tool enabling platform teams to create governed application templates composed of reusable components for developers to quickly customize and deploy infrastructure via the console or Terraform. This facilitates streamlined, repeatable deployments of serving, cloud-native, and GenAI applications with built-in collaboration and version control. Use this tool if you need visual diagrams of specific assets of your organization.

If this is your customer’s first time deploying to Google Cloud, might I suggest taking a look at the Google Cloud Architecture Center? The Cloud Architecture Center provides fundamental guidance across various technology categories, including AI/ML, application development, and big data. Key resources include the Well-Architected Framework for best practices, Deployment Archetypes for cloud architecture models, Landing Zone Design for identity and security setup, and the Enterprise Foundations Blueprint for scalable and governed enterprise workloads.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

dheerajpanyam

Hi @-Rhett Appreciate your reply. What I am trying to do is to a cloud arch assessment for a customer who does not have a Arch diagram and it is a large scale deployment with GCE VMs, GCE VMs w/ MIG setup, GKE , Cloud SQL, CI/CD. What my goal here is to get a visual representation of the GCP services including the connections (which might not work) that will ease my effort in doing an arch assessment. I understand it is not possible to get all teh connections between the services since it is app specific but atleast something on the Infra side , for example from a MIG it is possible to find out what LB is connected to etc so it is a best effort.

Reverse engineering a GCP asset inventory to build an arch diagram, is it even possible?