# gcp-discover > Discover GCP infrastructure and save to JSON. Use when user asks to "discover GCP", "explore GCP project", "scan GCP infrastructure", or "create infrastructure JSON". - Author: Casper Lindberg - Repository: Casper321/claude-cloud-diagrams - Version: 20251222190513 - Stars: 0 - Forks: 0 - Last Updated: 2026-02-07 - Source: https://github.com/Casper321/claude-cloud-diagrams - Web: https://mule.run/skillshub/@@Casper321/claude-cloud-diagrams~gcp-discover:20251222190513 --- --- name: gcp-discover description: Discover GCP infrastructure and save to JSON. Use when user asks to "discover GCP", "explore GCP project", "scan GCP infrastructure", or "create infrastructure JSON". --- # GCP Infrastructure Discovery Explore a GCP project using **Cloud Asset Inventory** for comprehensive discovery. ## Before Starting Ask the user for: 1. **Project ID** - Which GCP project to scan 2. **Region** - (Optional) primary region to focus on ## GCP CLI Configuration Use the project flag with all `gcloud` commands: ```bash gcloud --project ``` ## Discovery Strategy: Inventory-First Approach ### Phase 1: Resource Type Discovery Get a summary of what exists: ```bash gcloud asset search-all-resources \ --format="value(assetType)" | sort | uniq -c ``` **Important:** If you encounter permission errors when trying to list a resource type (e.g., "PERMISSION_DENIED" or "Forbidden"), simply skip that resource type and continue with the discovery. Not all resources may be accessible due to IAM restrictions. ### Phase 2: Targeted Enumeration (Only for Found Types) Query ONLY the services that exist: - Networks & Firewall: `gcloud compute networks list`, `gcloud compute firewall-rules list` - Routes: `gcloud compute routes list` - Cloud Run: `gcloud run services list` - GKE: `gcloud container clusters list` - Cloud SQL: `gcloud sql instances list` - Firestore: `gcloud firestore databases list` - Storage: `gcloud storage buckets list` - IAM: `gcloud iam service-accounts list` **For hybrid connectivity (if applicable):** - Routers: `gcloud compute routers list` - VPN: `gcloud compute vpn-tunnels list`, `gcloud compute vpn-gateways list` - Interconnects: `gcloud compute interconnects list` ## Output Format: `gcp_infrastructure.json` **IMPORTANT:** Follow this schema EXACTLY. ```json { "metadata": { "project_id": "...", "region": "...", "environment": "dev|staging|prod", "discovered_at": "2025-01-01T00:00:00Z" }, "networking": { "vpc": [{"name": "...", "id": "...", "subnets": ["..."]}], "subnets": [{"name": "...", "region": "...", "cidr": "...", "network": "..."}], "firewall_rules": [{"name": "...", "direction": "INGRESS|EGRESS", "allowed": "...", "source_ranges": [...]}], "routers": [ { "name": "...", "region": "...", "network": "...", "bgp": {"asn": 64512, "advertise_mode": "DEFAULT"} } ], "interconnects": [{"name": "...", "type": "DEDICATED|PARTNER", "state": "ACTIVE"}], "vpn_gateways": [{"name": "...", "region": "...", "network": "..."}], "vpn_tunnels": [{"name": "...", "region": "...", "status": "ESTABLISHED|DOWN"}], "cloud_dns_zones": [{"name": "...", "dns_name": "example.com.", "visibility": "public|private"}], "routes": [ { "name": "...", "network": "...", "dest_range": "0.0.0.0/0", "next_hop_gateway": "default-internet-gateway", "priority": 1000 } ] }, "load_balancers": [ {"name": "...", "backend_services": [...]} ], "compute": { "gke_clusters": [{"name": "...", "location": "...", "vpc": "..."}], "cloud_run_services": [ { "name": "...", "region": "...", "url": "...", "image": "...", "service_account": "...", "labels": {"application": "..."}, "ingress": "all|internal", "resources": {"cpu": "...", "memory": "..."}, "environment": ["ENV_VAR"], "secrets": ["secret-name"] } ], "cloud_functions": [{"name": "...", "runtime": "..."}], "gce_instances": [{"name": "...", "zone": "..."}] }, "databases": { "cloud_sql_instances": [{"name": "...", "version": "..."}], "firestore_databases": [ { "name": "...", "location": "...", "type": "FIRESTORE_NATIVE", "point_in_time_recovery": "ENABLED|DISABLED" } ], "redis_instances": [{"name": "...", "tier": "..."}], "spanner_instances": [...], "bigquery_datasets": [{"dataset_id": "..."}] }, "storage": { "gcs_buckets": [ { "name": "...", "location": "...", "storage_class": "STANDARD", "versioning_enabled": true, "labels": {}, "lifecycle_rules": [{"action": "...", "condition": "..."}] } ], "artifact_registry": [{"name": "...", "format": "DOCKER"}] }, "security": { "service_accounts": [{"email": "...", "display_name": "..."}], "kms_keys": [{"name": "..."}], "secrets": [{"name": "...", "labels": {}}], "ssl_certificates": [{"name": "...", "type": "MANAGED"}] }, "messaging": { "pubsub_topics": [{"name": "..."}], "pubsub_subscriptions": [{"name": "...", "topic": "..."}], "workflows": [{"name": "..."}], "cloud_tasks_queues": [{"name": "..."}], "cloud_scheduler_jobs": [{"name": "...", "schedule": "..."}] }, "analytics": { "bigquery_datasets": [{"dataset_id": "..."}], "dataflow_jobs": [{"name": "...", "type": "JOB_TYPE_STREAMING"}] }, "monitoring": { "log_sinks": [{"name": "...", "destination": "..."}] }, "connections": [ { "from": "service-name", "to": "resource-name", "role": "roles/...", "description": "..." } ] } ``` ## Guidelines 1. Start with Cloud Asset Inventory to see what exists 2. Query only services that were found 3. Capture rich details (labels, environment variables, secrets, IAM roles) 4. Map connectivity in the `connections` array 5. Extract intent from labels and naming patterns ## After Discovery Tell the user: 1. What was discovered (summary of resources) 2. That they can now generate diagrams with: "generate GCP diagram"