Scope inspiration:

gcp_info_networking.sh.

This series follows the repo’s GCP inventory flow so every step builds a repeatable, audit-friendly picture of your environment. Part 8 maps connectivity and exposure so you can reason about traffic flow and perimeter risk.

---

What this script does (walkthrough)

The networking inventory is a wide sweep across VPC constructs and edge components.

1. List VPC networks and IP addresses to establish the baseline topology.
2. Enumerate proxies, URL maps, and target pools to surface load balancer infrastructure.
3. List subnets and GKE-usable subnets to capture cluster network readiness.
4. List routers, routes, VPN gateways, and VPN tunnels to understand routing and connectivity.
5. List firewall and forwarding rules to expose network policy and ingress pathways.
6. List DNS managed zones and verified domains when the DNS API is enabled.

---

Operational caveats and gotchas

• DNS inventory is conditional on the Cloud DNS API; if it isn’t enabled, the script skips DNS entirely.
• The networking list is intentionally broad — use filters if you need focused snapshots for large environments.

• gcp_info_networking.sh

  expects the compute APIs to be enabled; otherwise it will still run but return empty lists.

---

Example command usage

# Full networking inventory
gcp/gcp_info_networking.sh

# Target a specific project
CLOUDSDK_CORE_PROJECT=my-project-id gcp/gcp_info_networking.sh