Google Cloud

Manage and use Google Cloud resources in your workflows

Triggers

Artifact Registry • On Artifact Analysis Trigger a workflow when a Container Analysis occurrence is published for an artifact

Artifact Registry • On Artifact Push Trigger a workflow when an artifact is pushed to GCP Artifact Registry

Cloud Build • On Build Complete Trigger a workflow when a GCP Cloud Build build reaches a terminal status

Compute • On VM Instance Listen to GCP Compute Engine VM instance lifecycle events

Monitoring • On Alert Trigger a workflow when a Cloud Monitoring alerting policy opens or closes an incident

Pub/Sub • On Message Trigger a workflow when a message is published to a GCP Pub/Sub topic

Actions

Artifact Registry • Get Artifact Retrieve artifact version details from GCP Artifact Registry

Artifact Registry • Get Artifact Analysis Retrieve Container Analysis occurrences (vulnerabilities, build provenance, attestations) for an artifact

Cloud Build • Create Build Create a Cloud Build build and wait for it to finish

Cloud Build • Get Build Retrieve a Cloud Build build by ID

Cloud Build • Run Trigger Run a Cloud Build trigger and wait for the build to finish

Cloud DNS • Create Record Create a DNS record in a Google Cloud DNS managed zone

Cloud DNS • Delete Record Delete a DNS record from a Google Cloud DNS managed zone

Cloud DNS • Update Record Update an existing DNS record in a Google Cloud DNS managed zone

Cloud Functions • Invoke Function Invoke a Google Cloud Function and return the response

Cloud SQL • Create Database Create a logical database inside a Cloud SQL instance

Cloud SQL • Create Instance Provision a Cloud SQL instance

Cloud SQL • Delete Database Delete a logical database from a Cloud SQL instance

Cloud SQL • Delete Instance Delete a Cloud SQL instance

Cloud SQL • Get Database Fetch a logical database from a Cloud SQL instance

Cloud SQL • Get Instance Fetch a Cloud SQL instance's configuration and status

Compute • Create Load Balancer Create a regional external passthrough Network Load Balancer that forwards TCP/UDP traffic to a group of VM instances

Compute • Create Static IP Reserve a regional external static IP address in a Google Cloud project

Compute • Delete Load Balancer Delete a regional external passthrough Network Load Balancer and its backend service and health check

Compute • Delete Static IP Release a regional external static IP address from a Google Cloud project

Compute • Manage Static IP Attach or detach a static IP address to/from a Google Compute Engine VM instance

Compute • Create Image Create a Google Compute Engine custom image from a disk, snapshot, or another image

Compute • Create Virtual Machine Create a Google Compute Engine VM. Configure machine type, zone, provisioning model, and more.

Compute • Delete Image Permanently delete a Google Compute Engine custom image

Compute • Delete VM Instance Permanently delete a Google Compute Engine VM instance

Compute • Get VM Instance Fetch the current state of a Google Compute Engine VM instance

Compute • Get VM Metrics Fetch CPU and network metrics for a Google Compute Engine VM instance

Compute • Manage VM Power Perform power operations on a Google Compute Engine VM instance

Monitoring • Create Alerting Policy Create a Cloud Monitoring alerting policy from an instance-metric threshold or a PromQL query (Managed Prometheus)

Monitoring • Create Snooze Create a Cloud Monitoring snooze that suppresses alert notifications for selected policies over a time window

Monitoring • Delete Alerting Policy Permanently delete a Cloud Monitoring alerting policy

Monitoring • Expire Snooze End an active Cloud Monitoring snooze now so the snoozed policies can notify again

Monitoring • Get Alerting Policy Read the configuration and state of a Cloud Monitoring alerting policy

Monitoring • Get Snooze Read a Cloud Monitoring snooze, including the policies it covers and its time window

Monitoring • Update Alerting Policy Update an existing Cloud Monitoring alerting policy's conditions, combiner, severity, strategy, or notifications

Managed Prometheus • Query Run an instant PromQL query against Google Cloud Managed Service for Prometheus

Managed Prometheus • Query Range Run a PromQL range query against Google Cloud Managed Service for Prometheus

Pub/Sub • Create Subscription Create a GCP Pub/Sub subscription

Pub/Sub • Create Topic Create a GCP Pub/Sub topic

Pub/Sub • Delete Subscription Delete a GCP Pub/Sub subscription

Pub/Sub • Delete Topic Delete a GCP Pub/Sub topic

Pub/Sub • Publish Message Publish a message to a GCP Pub/Sub topic

Compute • Update Image Update a Google Compute Engine image: deprecate or obsolete it, and update its labels

Compute • Update VM Machine Type Change the machine type of a Google Compute Engine VM instance

Instructions

Connection method

Service Account Key

Go to IAM & Admin → Service Accounts in the Google Cloud Console.
Select a service account → Keys → Add Key → JSON.
Paste the downloaded JSON below.

Workload Identity Federation (keyless)

Create a Workload Identity Pool with an OIDC provider.
Set the Issuer URL to this SuperPlane instance’s URL.
Set the Audience to the pool provider resource name.
Grant the federated identity permission to impersonate a service account with the roles your workflows need.
Enter the pool provider resource name and Project ID below.

Required IAM roles

roles/logging.configWriter — create logging sinks for event triggers
roles/pubsub.admin — manage Pub/Sub topics, subscriptions, and IAM policies for event delivery
Additional roles depending on which components you use (e.g. roles/compute.admin for VM management, roles/monitoring.viewer to read VM metrics, roles/cloudsql.admin to manage Cloud SQL databases and instances)

Artifact Registry • On Artifact Analysis

Trigger key: gcp.artifactregistry.onArtifactAnalysis

The On Artifact Analysis trigger starts a workflow execution when Google Container Analysis publishes a new occurrence (e.g. vulnerability finding, build provenance, or attestation) for an artifact.

Trigger behavior: SuperPlane subscribes to the container-analysis-occurrences-v1 Pub/Sub topic that Container Analysis automatically publishes to.

Use Cases

Security automation: React to new vulnerability findings for your container images
Compliance workflows: Trigger policy enforcement when attestations are created
Build provenance: React to new build provenance records

Setup

Required GCP setup: Ensure the Container Analysis API (containeranalysis.googleapis.com) and Pub/Sub API are enabled in your project. The service account must have roles/pubsub.admin and roles/containeranalysis.occurrences.viewer.

Configuration

Occurrence Kinds: Filter by occurrence type. Leave empty to receive only DISCOVERY occurrences (one event per completed scan — recommended). Set explicitly to receive other types such as VULNERABILITY (one event per CVE found).
Location / Repository / Package: Optional filters to scope events to a specific artifact.

Event Data

Each event contains the full Container Analysis Occurrence resource, including kind, resourceUri, noteName, and the occurrence-specific data (e.g. vulnerability for vulnerability findings).

Example Data

{
  "data": {
    "kind": "VULNERABILITY",
    "name": "projects/my-project/occurrences/vuln-001",
    "noteName": "projects/goog-vulnz/notes/CVE-2023-1234",
    "resourceUri": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image@sha256:abc123",
    "vulnerability": {
      "cvssScore": 7.5,
      "packageIssue": [
        {
          "affectedPackage": "libssl1.1",
          "affectedVersion": {
            "kind": "NORMAL",
            "name": "1.1.1n-0+deb11u3"
          },
          "fixedVersion": {
            "kind": "NORMAL",
            "name": "1.1.1n-0+deb11u5"
          }
        }
      ],
      "severity": "HIGH"
    }
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.artifactregistry.artifact.analysis"
}

Artifact Registry • On Artifact Push

Trigger key: gcp.artifactregistry.onArtifactPush

The On Artifact Push trigger starts a workflow execution when a Docker image or other container artifact is pushed to Artifact Registry.

Trigger behavior: SuperPlane subscribes to the gcr Pub/Sub topic that Artifact Registry automatically publishes to for container image push events.

Use Cases

Post-push automation: Trigger vulnerability scans, deployments, or notifications when a new image is pushed
Release workflows: Promote artifacts through environments when a new tag is published
Security automation: Kick off container analysis on every new push

Setup

Required GCP setup: Ensure the Artifact Registry API and Pub/Sub API are enabled in your project. The service account must have roles/pubsub.admin so SuperPlane can create the push subscription.

Configuration

Location: Optional filter by Artifact Registry location. Leave empty to receive events for all locations.
Repository: Optional filter by repository name. Leave empty to receive events for all repositories.

Event Data

Each event contains:

action: Always INSERT for pushes
digest: Full image digest URI (e.g. us-central1-docker.pkg.dev/project/repo/image@sha256:abc)
tag: Full image tag URI (e.g. us-central1-docker.pkg.dev/project/repo/image:latest)

Example Data

{
  "data": {
    "action": "INSERT",
    "digest": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image@sha256:abc123def456",
    "tag": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image:latest"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.artifactregistry.artifact.push"
}

Cloud Build • On Build Complete

Trigger key: gcp.cloudbuild.onBuildComplete

The On Build Complete trigger starts a workflow execution when a GCP Cloud Build build finishes.

Trigger behavior: SuperPlane subscribes to the cloud-builds Pub/Sub topic that Cloud Build automatically publishes to. Build notifications are pushed to SuperPlane and matched to this trigger.

Use Cases

Post-build automation: Deploy artifacts, send notifications, or update tickets after a build succeeds
Failure handling: Alert teams or create incidents when builds fail
Build pipelines: Chain multiple build steps across different projects

Setup

Required GCP setup: Ensure the Cloud Build API and Pub/Sub API are enabled in your project. The service account used by the integration must have roles/pubsub.admin so SuperPlane can automatically create the cloud-builds topic and its push subscription.

Configuration

Statuses: Filter by terminal Cloud Build status.
Build Source: Optionally limit events to trigger-based builds or direct/API builds. Leave empty to listen to both.
Cloud Build Trigger: Filter to a specific Cloud Build trigger. This only applies to trigger-based builds and cannot be combined with Build Source = Direct/API Builds.

Event Data

Each event contains the full Cloud Build resource, including id, status (SUCCESS, FAILURE, INTERNAL_ERROR, TIMEOUT, CANCELLED, EXPIRED), buildTriggerId, logUrl, createTime, finishTime, and more.

Example Data

{
  "data": {
    "buildTriggerId": "abcdefgh-1234-5678-abcd-123456789012",
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Compute • On VM Instance

Trigger key: gcp.compute.onVMInstance

The On VM Instance trigger starts a workflow execution when a Compute Engine VM instance lifecycle event occurs.

Trigger behavior: SuperPlane creates a Cloud Logging sink that captures Compute Engine audit log events and routes them to a shared Pub/Sub topic. Events are pushed to SuperPlane and matched to this trigger automatically.

Use Cases

Post-provisioning automation: Run configuration, monitoring, or security setup after a VM is created
Inventory and compliance: Record new VMs or trigger audits
Notifications: Notify teams or systems when new VMs appear in a project or zone

Setup

Required GCP setup: Ensure the Pub/Sub API is enabled in your project and the integration’s service account has roles/logging.configWriter and roles/pubsub.admin permissions.

SuperPlane automatically creates a Cloud Logging sink to capture VM instance events.

Event Data

Each event includes the audit log entry with resourceName (e.g. projects/my-project/zones/us-central1-a/instances/my-vm), serviceName (compute.googleapis.com), methodName (v1.compute.instances.insert), and the full log entry data.

Example Data

{
  "data": {
    "data": {
      "protoPayload": {
        "methodName": "v1.compute.instances.insert",
        "resourceName": "projects/my-project/zones/us-central1-a/instances/my-vm",
        "serviceName": "compute.googleapis.com"
      }
    },
    "logName": "projects/my-project/logs/cloudaudit.googleapis.com%2Factivity",
    "methodName": "v1.compute.instances.insert",
    "resourceName": "projects/my-project/zones/us-central1-a/instances/my-vm",
    "serviceName": "compute.googleapis.com",
    "timestamp": "2025-02-14T12:00:00Z"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance"
}

Monitoring • On Alert

Trigger key: gcp.monitoring.onAlert

The On Alert trigger starts a workflow execution when a Cloud Monitoring alerting policy fires (opens) or resolves (closes) an incident.

Trigger behavior

When this trigger is set up, SuperPlane automatically creates a webhook notification channel in Cloud Monitoring that points back at SuperPlane. Cloud Monitoring POSTs the incident to SuperPlane whenever a policy attached to that channel changes state.

To route a policy’s incidents here, attach this trigger’s notification channel to the policy via the Create Alerting Policy or Update Alerting Policy component’s Notification Channels field. The channel’s resource name is shown on the node after setup.

Configuration

States: Which incident states to emit on — open (fired) and/or closed (resolved). Defaults to open.

Event Data

Emits one gcp.monitoring.alert event per matching incident, including the incident id, state, policy and condition names, the affected resource and metric, the observed/threshold values, and the incident URL.

Important Notes

Requires the roles/monitoring.notificationChannelEditor (or roles/monitoring.editor) IAM role so SuperPlane can create the webhook channel.
Removing the trigger deletes the webhook notification channel it created.

Example Data

{
  "data": {
    "conditionName": "CPU utilization above threshold",
    "incidentId": "0.abcdef1234567890",
    "metricDisplayName": "CPU utilization",
    "metricType": "compute.googleapis.com/instance/cpu/utilization",
    "observedValue": "0.93",
    "policyName": "projects/my-project/alertPolicies/1234567890123456789",
    "resourceDisplayName": "my-vm",
    "resourceName": "my-vm",
    "scopingProjectId": "my-project",
    "startedAt": 1767225600,
    "state": "open",
    "summary": "CPU utilization for gce_instance my-vm is above the threshold of 0.8 with a value of 0.93.",
    "thresholdValue": "0.8",
    "url": "https://console.cloud.google.com/monitoring/alerting/incidents/0.abcdef1234567890?project=my-project"
  },
  "timestamp": "2026-01-01T00:00:00Z",
  "type": "gcp.monitoring.alert"
}

Pub/Sub • On Message

Trigger key: gcp.pubsub.onMessage

The On Message trigger starts a workflow execution when a message is published to a GCP Pub/Sub topic.

Trigger behavior: SuperPlane creates a push subscription on the selected topic. Published messages are pushed to SuperPlane and delivered to this trigger.

Use Cases

Event-driven workflows: React to messages published by your applications
Queue processing: Process tasks published to Pub/Sub topics
System integration: Connect Pub/Sub events to downstream workflow steps

Setup

Required GCP setup: Ensure the Pub/Sub API is enabled in your project. The service account used by the integration must have roles/pubsub.admin to create push subscriptions on your topics.

Configuration

Topic: Select the Pub/Sub topic to listen to.
Subscription (optional): Reuse an existing subscription name. Leave empty to let SuperPlane create one.

Event Data

Each event contains the decoded message payload plus Pub/Sub metadata:

data: The decoded message body
messageId: The Pub/Sub message ID
publishTime: When the message was published
attributes: Any message attributes

Example Data

{
  "data": {
    "attributes": {
      "eventType": "order.created"
    },
    "data": "{\"event\":\"order.created\",\"orderId\":\"ord_abc123\"}",
    "messageId": "1234567890",
    "publishTime": "2025-01-01T00:00:00Z"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.message"
}

Artifact Registry • Get Artifact

Component key: gcp.artifactregistry.getArtifact

Retrieves the details of a specific artifact version from Google Artifact Registry.

Configuration

Provide either a Resource URL or the four fields below:

Resource URL: Full resource URL of the image (e.g. https://us-central1-docker.pkg.dev/project/repo/image@sha256:abc). Use this to pass a digest directly from an upstream event such as On Artifact Push.
Location: The GCP region where the repository is located.
Repository: The Artifact Registry repository containing the artifact.
Package: The package (image, library, etc.) within the repository.
Version: The version or tag to retrieve.

Output

The full Version resource, including name, createTime, updateTime, description, relatedTags, and metadata.

Supported Formats

Artifact Registry supports all package formats when using Select from Registry mode. Resource URL mode is intended for container image URLs (for example from On Artifact Push events).

Example Output

{
  "data": {
    "createTime": "2025-01-01T00:00:00Z",
    "description": "my-image:latest",
    "fingerprints": [
      {
        "type": "DIRSUM_SHA256",
        "value": "Ac2PwnIxFXnnS6DfUou2JchB7F+krMAKv4f6sJr8VzM="
      }
    ],
    "metadata": {
      "buildTime": "1980-01-01T00:00:01Z",
      "imageSizeBytes": "20971520",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "name": "projects/my-project/locations/us-central1/repositories/my-repo/dockerImages/my-image@sha256:abc123def456"
    },
    "name": "projects/my-project/locations/us-central1/repositories/my-repo/packages/my-image/versions/sha256:abc123def456",
    "updateTime": "2025-01-01T00:05:00Z"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.artifactregistry.version"
}

Artifact Registry • Get Artifact Analysis

Component key: gcp.artifactregistry.getArtifactAnalysis

Retrieves existing Container Analysis occurrences for an artifact from Google Container Analysis.

Configuration

Provide either a Resource URL or the four fields below:

Resource URL: Full resource URL of the image (e.g. https://us-central1-docker.pkg.dev/project/repo/image@sha256:abc). Use this to pass a digest directly from an upstream event such as On Artifact Push.
Location: The GCP region where the repository is located.
Repository: The Artifact Registry repository containing the artifact.
Package: The package (image) within the repository.
Version: The version (digest) to query.

Output

An analysis summary for the artifact, including:

resourceUri: The analyzed artifact URI
scanStatus: Discovery scan status (if available)
Severity counts: critical, high, medium, low
vulnerabilities: Total vulnerability occurrences
fixAvailable: Count of vulnerabilities with fixes

Notes

The Container Analysis API (containeranalysis.googleapis.com) must be enabled.
The service account needs roles/containeranalysis.occurrences.viewer.
This summarizes existing occurrences for the selected artifact.

Example Output

{
  "data": {
    "critical": 0,
    "fixAvailable": 1,
    "high": 1,
    "low": 0,
    "medium": 2,
    "resourceUri": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image@sha256:abc123",
    "scanStatus": "FINISHED_SUCCESS",
    "vulnerabilities": 3
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.containeranalysis.occurrences"
}

Cloud Build • Create Build

Component key: gcp.cloudbuild.createBuild

Creates and starts a Google Cloud Build build, then waits for the build to reach a terminal status.

Configuration

Steps (required): JSON array of build steps. Each step needs at minimum a name (builder image) and optional args. Example: [{"name":"gcr.io/cloud-builders/docker","args":["build","-t","gcr.io/$PROJECT_ID/myapp","."]}]
Source: Optional JSON object for the build source. This is the most flexible option and supports gitSource, repoSource, or storageSource. Example: {"gitSource":{"url":"https://github.com/org/repo.git","revision":"main"}}
Connected Repository: Optional Cloud Build 2nd-gen repository path. Select a location, connection, repository, and branch/tag/commit directly from GCP. SuperPlane sends source.connectedRepository and creates the build in the repository’s region.
Repository / Branch / Tag / Commit SHA: Convenience shortcut for repository-backed builds. If the repository value looks like a Git URL (https://..., ssh://..., or git@...), SuperPlane creates source.gitSource. Otherwise it treats the value as a Cloud Source Repository name and creates source.repoSource. Choose exactly one revision field.
Images: Optional list of Docker image names to push after the build.
Substitutions: JSON object of substitution key-value pairs (e.g. {"_ENV":"production"}).
Timeout: Build timeout (e.g. 600s). Defaults to Cloud Build default (10 minutes).
Project ID Override: Optionally run the build in a different project than the connected integration.

Output

The terminal Build resource, including id, status, logUrl, createTime, finishTime, and more.

Output Channels

Passed: Emitted when Cloud Build finishes with SUCCESS.
Failed: Emitted when Cloud Build finishes with any other terminal status, including FAILURE, INTERNAL_ERROR, TIMEOUT, CANCELLED, or EXPIRED.

Notes

SuperPlane listens for Cloud Build notifications through the connected GCP integration and falls back to polling if an event does not arrive.
SuperPlane automatically creates the shared cloud-builds Pub/Sub topic and push subscription when the GCP integration has roles/pubsub.admin and both the Cloud Build and Pub/Sub APIs are enabled.
Cancelling the running execution from the UI sends a Cloud Build cancel request for the active build.

Example Output

{
  "data": {
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Cloud Build • Get Build

Component key: gcp.cloudbuild.getBuild

Retrieves the details of a specific Google Cloud Build build.

Configuration

Build ID (required): The ID or full resource name of the Cloud Build build to retrieve.
Project ID Override: Override the GCP project ID from the integration.

Output

The full Build resource, including id, status (SUCCESS, FAILURE, WORKING, QUEUED, etc.), logUrl, steps, images, createTime, finishTime, and more.

Example Output

{
  "data": {
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Cloud Build • Run Trigger

Component key: gcp.cloudbuild.runTrigger

Runs an existing Cloud Build trigger and waits for the resulting build to reach a terminal status.

Configuration

Trigger (required): The Cloud Build trigger to run. Select from triggers in the connected project.
Branch or tag: Override the branch or tag to build from. Leave empty to use the trigger’s configured default. A 40-character hex string is treated as a commit SHA.
Project ID Override: Optionally run the trigger in a different project than the connected integration.

Output

The terminal Build resource, including id, status, logUrl, createTime, finishTime, and more.

Output Channels

Passed: Emitted when Cloud Build finishes with SUCCESS.
Failed: Emitted when Cloud Build finishes with any other terminal status, including FAILURE, INTERNAL_ERROR, TIMEOUT, CANCELLED, or EXPIRED.

Notes

SuperPlane listens for Cloud Build notifications through the connected GCP integration and falls back to polling if an event does not arrive.
SuperPlane automatically creates the shared cloud-builds Pub/Sub topic and push subscription when the GCP integration has roles/pubsub.admin and both the Cloud Build and Pub/Sub APIs are enabled.
Cancelling the running execution from the UI sends a Cloud Build cancel request for the active build.

Example Output

{
  "data": {
    "buildTriggerId": "abcdefgh-1234-5678-abcd-123456789012",
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Cloud DNS • Create Record

Component key: gcp.clouddns.createRecord

The Create Record component creates a new DNS record set in a Google Cloud DNS managed zone.

Configuration

Managed Zone (required): The Cloud DNS managed zone where the record will be created.
Record Name (required): The DNS name for the record (e.g. api.example.com). A trailing dot is added automatically.
Record Type (required): The DNS record type (A, AAAA, CNAME, TXT, MX, etc.).
TTL (required): Time to live in seconds. Defaults to 300.
Record Values (required): The values for the record (e.g. IP addresses for A records).

Required IAM roles

The service account must have roles/dns.admin or roles/dns.editor on the project.

Output

change.id: The Cloud DNS change ID.
change.status: The change status (done).
change.startTime: When the change was submitted.
record.name: The DNS record name.
record.type: The DNS record type.

Example Output

{
  "data": {
    "change": {
      "id": "1",
      "startTime": "2026-01-28T10:30:00.000Z",
      "status": "done"
    },
    "record": {
      "name": "api.example.com.",
      "type": "A"
    }
  },
  "timestamp": "2026-01-28T10:30:00.000Z",
  "type": "gcp.clouddns.change"
}

Cloud DNS • Delete Record

Component key: gcp.clouddns.deleteRecord

The Delete Record component deletes a DNS record set from a Google Cloud DNS managed zone.

Configuration

Managed Zone (required): The Cloud DNS managed zone containing the record.
Record Name (required): The DNS name of the record to delete (e.g. api.example.com).
Record Type (optional): The DNS record type to delete (A, AAAA, CNAME, TXT, MX, etc.). If not specified, all record sets with the given name are deleted.

Required IAM roles

The service account must have roles/dns.admin or roles/dns.editor on the project.

Output

change.id: The Cloud DNS change ID.
change.status: The change status (done).
change.startTime: When the change was submitted.
record.name: The DNS record name.
record.type: The DNS record type (comma-separated when multiple types were deleted).

Example Output

{
  "data": {
    "change": {
      "id": "2",
      "startTime": "2026-01-28T10:31:00.000Z",
      "status": "done"
    },
    "record": {
      "name": "old.example.com.",
      "type": "A"
    }
  },
  "timestamp": "2026-01-28T10:31:00.000Z",
  "type": "gcp.clouddns.change"
}

Cloud DNS • Update Record

Component key: gcp.clouddns.updateRecord

The Update Record component updates an existing DNS record set in a Google Cloud DNS managed zone.

Configuration

Managed Zone (required): The Cloud DNS managed zone containing the record.
Record Name (required): The DNS name of the record to update (e.g. api.example.com).
Record Type (required): The DNS record type (A, AAAA, CNAME, TXT, MX, etc.).
TTL (required): New time to live in seconds.
Record Values (required): The new values for the record.

Required IAM roles

The service account must have roles/dns.admin or roles/dns.editor on the project.

Output

change.id: The Cloud DNS change ID.
change.status: The change status (done).
change.startTime: When the change was submitted.
record.name: The DNS record name.
record.type: The DNS record type.

Example Output

{
  "data": {
    "change": {
      "id": "3",
      "startTime": "2026-01-28T10:32:00.000Z",
      "status": "done"
    },
    "record": {
      "name": "api.example.com.",
      "type": "A"
    }
  },
  "timestamp": "2026-01-28T10:32:00.000Z",
  "type": "gcp.clouddns.change"
}

Cloud Functions • Invoke Function

Component key: gcp.cloudfunctions.invokeFunction

Invokes a Google Cloud Function and waits for the response.

Configuration

Location (required): The GCP region where the function is deployed (e.g. us-central1).
Function (required): The Cloud Function to invoke. Select from the list of deployed functions.
Payload: Optional JSON object sent as the function’s input data.
Project ID Override: Override the GCP project ID from the integration. Leave empty to use the integration’s project.

Required IAM roles

The service account used by the integration must have roles/cloudfunctions.developer (or roles/cloudfunctions.viewer + roles/cloudfunctions.invoker) on the project.

roles/cloudfunctions.viewer — list locations and functions (required for dropdowns)
roles/cloudfunctions.invoker — invoke the function
roles/cloudfunctions.developer — covers both of the above

Output

The invocation result, including:

functionName: Full resource name of the invoked function.
executionId: Unique ID assigned to this invocation.
result: The function’s response, parsed as JSON when possible.
resultRaw: The raw string response (only present when the response is not valid JSON).

Example Output

{
  "data": {
    "executionId": "h7g2k9qw3x",
    "functionName": "projects/my-project/locations/us-central1/functions/my-function",
    "result": {
      "message": "Hello, World!",
      "status": "ok"
    }
  },
  "timestamp": "2025-01-01T00:00:05Z",
  "type": "gcp.cloudfunctions.invoke"
}

Cloud SQL • Create Database

Component key: gcp.cloudsql.createDatabase

The Create Database component adds a new logical database to an existing Cloud SQL instance.

Use Cases

Application bootstrap: Create an application-specific database as part of environment setup
Tenant provisioning: Add a dedicated database for a new customer or workspace
Migration workflows: Prepare a destination database before importing data

Configuration

Instance: The Cloud SQL instance that will contain the new database (required)
Database Name: The name of the database to create (required, supports expressions)

Output

Emits a gcp.cloudsql.database payload with the created database’s name, instance, project, charset, collation, and selfLink.

Important Notes

Requires the roles/cloudsql.admin (or roles/cloudsql.editor) IAM role on the integration’s service account, and the Cloud SQL Admin API enabled
Cloud SQL database creation is asynchronous; this component waits for the operation to finish before emitting

Example Output

{
  "data": {
    "charset": "UTF8",
    "collation": "en_US.UTF8",
    "instance": "my-instance",
    "name": "app_db",
    "project": "my-project",
    "selfLink": "https://sqladmin.googleapis.com/v1/projects/my-project/instances/my-instance/databases/app_db"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.cloudsql.database"
}

Cloud SQL • Create Instance

Component key: gcp.cloudsql.createInstance

The Create Instance component provisions a new Cloud SQL instance.

Use Cases

Environment setup: Stand up a database server as part of provisioning an environment
Ephemeral environments: Create a dedicated instance for a preview or test run
Infrastructure automation: Provision databases as part of a broader workflow

Configuration

Name: The instance ID (required)
Database Version: The database engine and version (required)
Region: The region to create the instance in, chosen from the regions where Cloud SQL is available
Tier: The machine tier (size), chosen from the predefined tiers available in the selected region. Custom machine types (db-custom-*) are not listed.
Disk Size (GB): The data disk size (minimum 10)
Disk Type: SSD (default) or HDD
Edition: Enterprise or Enterprise Plus
Availability: Zonal (single zone, default) or Regional (adds a standby in another zone for high availability)
Root Password: Initial password for the default admin user (optional, stored as a secret)
Assign Public IP: Whether to give the instance a public IPv4 address (default yes)
SSL Mode: How the instance enforces SSL/TLS on incoming connections (optional)
Authorized Networks: CIDR ranges allowed to connect over the public IP (optional)
Automated Backups: Enable daily automated backups (optional)
Deletion Protection: Prevent the instance from being deleted until protection is removed (optional)
Labels: Key-value labels applied to the instance (optional)

Output

Emits a gcp.cloudsql.instance payload with the ready instance’s name, state, databaseVersion, region, tier, connectionName, ipAddress, and selfLink.

Important Notes

Instance creation is asynchronous and takes several minutes. This component polls the instance until it reaches RUNNABLE (or times out) before emitting, so downstream steps run only once the instance is ready.
A public IP with no Authorized Networks is reachable only through the Cloud SQL Auth Proxy or private access; add CIDR ranges to allow direct external clients.
With Deletion Protection enabled, the Delete Instance component will fail until protection is removed.
Requires the roles/cloudsql.admin (or roles/cloudsql.editor) IAM role, and the Cloud SQL Admin API enabled.

Example Output

{
  "data": {
    "connectionName": "my-project:us-central1:my-instance",
    "databaseVersion": "POSTGRES_16",
    "diskSizeGb": "10",
    "edition": "ENTERPRISE",
    "ipAddress": "34.41.10.20",
    "name": "my-instance",
    "region": "us-central1",
    "selfLink": "https://sqladmin.googleapis.com/v1/projects/my-project/instances/my-instance",
    "state": "RUNNABLE",
    "tier": "db-f1-micro"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.cloudsql.instance"
}

Cloud SQL • Delete Database

Component key: gcp.cloudsql.deleteDatabase

The Delete Database component permanently deletes a logical database from a Cloud SQL instance.

Use Cases

Teardown: Remove a database as part of decommissioning an environment
Tenant offboarding: Delete a customer’s dedicated database
Cleanup: Drop temporary databases created during a workflow

Configuration

Instance: The Cloud SQL instance that contains the database (required)
Database: The database to delete (required)

Output

Emits a gcp.cloudsql.database payload with the deleted database’s name and instance, and deleted: true.

Important Notes

This permanently deletes the database and all its data — it is irreversible.
Requires the roles/cloudsql.admin (or roles/cloudsql.editor) IAM role on the integration’s service account, and the Cloud SQL Admin API enabled
Cloud SQL database deletion is asynchronous; this component waits for the operation to finish before emitting

Example Output

{
  "data": {
    "deleted": true,
    "instance": "my-instance",
    "name": "app_db"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.cloudsql.database"
}

Cloud SQL • Delete Instance

Component key: gcp.cloudsql.deleteInstance

The Delete Instance component permanently deletes a Cloud SQL instance.

Use Cases

Teardown: Remove an instance when decommissioning an environment
Ephemeral cleanup: Delete a preview/test instance when it is no longer needed

Configuration

Instance: The Cloud SQL instance to delete (required)

Output

Emits a gcp.cloudsql.instance payload with the instance name and deleted: true.

Important Notes

This permanently deletes the instance and all its databases and data — it is irreversible.
Instance deletion is asynchronous and takes several minutes; this component polls until the instance is fully deleted (or times out) before emitting.
Requires the roles/cloudsql.admin (or roles/cloudsql.editor) IAM role, and the Cloud SQL Admin API enabled.

Example Output

{
  "data": {
    "deleted": true,
    "name": "my-instance"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.cloudsql.instance"
}

Cloud SQL • Get Database

Component key: gcp.cloudsql.getDatabase

The Get Database component retrieves a logical database from a Cloud SQL instance.

Use Cases

Existence checks: Confirm a database is present before acting on it
Enrichment: Read a database’s charset/collation to feed a downstream step
Auditing: Capture database details as part of a workflow

Configuration

Instance: The Cloud SQL instance that contains the database (required)
Database: The database to fetch (required)

Output

Emits a gcp.cloudsql.database payload with the database’s name, instance, project, charset, collation, and selfLink.

Important Notes

Requires the roles/cloudsql.viewer (or roles/cloudsql.admin) IAM role on the integration’s service account, and the Cloud SQL Admin API enabled

Example Output

{
  "data": {
    "charset": "UTF8",
    "collation": "en_US.UTF8",
    "instance": "my-instance",
    "name": "app_db",
    "project": "my-project",
    "selfLink": "https://sqladmin.googleapis.com/v1/projects/my-project/instances/my-instance/databases/app_db"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.cloudsql.database"
}

Cloud SQL • Get Instance

Component key: gcp.cloudsql.getInstance

The Get Instance component retrieves a Cloud SQL instance’s configuration and current status.

Use Cases

Readiness polling: After Create Instance, poll until the instance reaches RUNNABLE
Enrichment: Read the connection name or IP address to feed a downstream step
Auditing: Capture instance details as part of a workflow

Configuration

Instance: The Cloud SQL instance to fetch (required)

Output

Emits a gcp.cloudsql.instance payload with the instance name, state, databaseVersion, region, tier, connectionName, ipAddress, and selfLink.

Important Notes

Requires the roles/cloudsql.viewer (or roles/cloudsql.admin) IAM role, and the Cloud SQL Admin API enabled.

Example Output

{
  "data": {
    "connectionName": "my-project:us-central1:my-instance",
    "databaseVersion": "POSTGRES_16",
    "diskSizeGb": "10",
    "edition": "ENTERPRISE",
    "ipAddress": "34.41.10.20",
    "name": "my-instance",
    "region": "us-central1",
    "selfLink": "https://sqladmin.googleapis.com/v1/projects/my-project/instances/my-instance",
    "state": "RUNNABLE",
    "tier": "db-f1-micro"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.cloudsql.instance"
}

Compute • Create Load Balancer

Component key: gcp.compute.createLoadBalancer

The Create Load Balancer component builds a regional external passthrough Network Load Balancer (Layer 4). It gives you one public IP that spreads incoming TCP/UDP traffic across the VMs in an instance group, and routes around unhealthy VMs using a health check.

Google Cloud has no single “load balancer” resource — a load balancer is a collection of resources. This component creates them for you, in order:

Health check — how the LB decides a VM is healthy
Backend service — references your instance group and the health check
Forwarding rule — the public IP + ports that send traffic to the backend service

If any step fails, the resources already created are rolled back.

Use Cases

Distribute traffic: Spread requests across several VMs running the same service
Resilience: Stop sending traffic to VMs that fail their health check
Non-HTTP services: Balance any TCP/UDP protocol (this is an L4 balancer; it does not terminate HTTPS or route by URL — use an Application Load Balancer for that)

Configuration

Name: Base name for the load balancer; the pieces are named <name>-hc, <name>-backend, <name>-fr (required)
Region: The region to create it in (required)
Protocol: TCP or UDP (default TCP)
Ports: One or more ports to forward, e.g. 80, 443 (required)
Instance group: The existing instance group whose VMs receive traffic (required)
Health check protocol / port: TCP (default), HTTP, or HTTPS; port defaults to the first forwarded port
Reserved IP: Optionally use a reserved static IP; leave blank for an ephemeral IP

Output

Returns the assembled load balancer: name, region, ipAddress, protocol, ports, and the underlying forwardingRule, backendService, healthCheck, plus resources (selfLinks of everything created).

Important Notes

Targets an existing instance group; the group’s VMs must be in the chosen region
Requires the roles/compute.loadBalancerAdmin IAM role
This is an L4 passthrough LB: it forwards ports and preserves the client IP; it does not terminate TLS

Example Output

{
  "data": {
    "backendService": "web-lb-backend",
    "forwardingRule": "https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/forwardingRules/web-lb-fr",
    "healthCheck": "web-lb-hc",
    "instanceGroup": "web-servers",
    "ipAddress": "34.1.2.3",
    "name": "web-lb",
    "ports": [
      "80",
      "443"
    ],
    "protocol": "TCP",
    "region": "us-central1",
    "resources": [
      "https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/healthChecks/web-lb-hc",
      "https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/backendServices/web-lb-backend",
      "https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/forwardingRules/web-lb-fr"
    ]
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.loadBalancer.created"
}

Compute • Create Static IP

Component key: gcp.compute.createStaticIP

The Create Static IP component reserves a regional external static (reserved) IP address in Compute Engine.

A static IP keeps the same address across VM restarts and re-creations, unlike an ephemeral IP. Once reserved it can be attached to a VM instance with the Manage Static IP component.

Use Cases

Stable endpoints: Give a service a fixed public address that survives VM replacement
Blue/green deployments: Reserve the address ahead of time, then attach it to whichever VM is live
DNS: Point an A record at a reserved address you control

Configuration

Name: The name for the new address resource (required, lowercase RFC1035 — e.g. web-prod-ip)
Region: The region to reserve the address in (required). Regional external IPs can only be attached to VMs in the same region.
Network Tier: PREMIUM (default) or STANDARD
Description: Optional human-readable description

Output

Returns the reserved address:

name, address (the reserved IP), region, status, addressType, networkTier, selfLink

Important Notes

Reserving and holding a static IP that is not attached to a running resource incurs charges
The component waits for the underlying regional operation to complete before reading the address back

Example Output

{
  "data": {
    "address": "34.1.2.3",
    "addressType": "EXTERNAL",
    "name": "web-prod-ip",
    "networkTier": "PREMIUM",
    "region": "us-central1",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/addresses/web-prod-ip",
    "status": "RESERVED"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.staticIP.created"
}

Compute • Delete Load Balancer

Component key: gcp.compute.deleteLoadBalancer

The Delete Load Balancer component tears down a regional external passthrough Network Load Balancer. You select its forwarding rule (the load balancer’s entry point), and the component follows the references and deletes the pieces in reverse order:

Forwarding rule (the public IP + ports)
Backend service it pointed at
Health check the backend service used

Use Cases

Cleanup: Remove a load balancer created by Create Load Balancer
Teardown: Decommission a service’s front end as part of a workflow

Configuration

Load Balancer: The regional external forwarding rule that anchors the load balancer (required)

Output

Returns what was removed: forwardingRule, backendService, healthCheck, region.

Important Notes

The instance group the backend service referenced is not deleted — only the load balancer’s own resources
The health check is removed on a best-effort basis; if it is shared by another load balancer the API keeps it and a note is returned
Requires the roles/compute.loadBalancerAdmin IAM role

Example Output

{
  "data": {
    "backendService": "web-lb-backend",
    "forwardingRule": "web-lb-fr",
    "healthCheck": "web-lb-hc",
    "region": "us-central1"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.loadBalancer.deleted"
}

Compute • Delete Static IP

Component key: gcp.compute.deleteStaticIP

The Delete Static IP component releases (deletes) a regional external static IP reservation.

Use Cases

Cost optimization: Release reserved IPs that are no longer needed (idle reserved IPs are billed)
Cleanup: Tear down addresses as part of environment teardown

Configuration

Static IP: Pick from the reserved external IPs across all regions, or pass an expression chained from an upstream node (e.g. the selfLink emitted by gcp.compute.createStaticIP). The selection encodes both the region and the address name.

Output

Returns the released address:

name: The name of the address that was released
region: The region it was in

Important Notes

A static IP that is still attached to a VM cannot be deleted — detach it first with Manage Static IP
If the address is not found at the resolved region/name, the action fails so that misconfigured or stale expressions do not silently mask incomplete cleanup

Example Output

{
  "data": {
    "name": "web-prod-ip",
    "region": "us-central1"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.staticIP.deleted"
}

Compute • Manage Static IP

Component key: gcp.compute.manageStaticIP

The Manage Static IP component attaches a reserved external static IP to a VM instance, or detaches the instance’s current external IP.

Attaching works by managing the network interface’s external access config: any existing external IP on the interface is removed first, then the static IP is assigned. Detaching removes the external access config entirely (the instance keeps its internal IP but loses external connectivity unless another address is attached).

Use Cases

Blue/green deployments: Move a stable public IP from the old VM to the new one with zero DNS changes
Failover: Reassign a reserved IP from a failed VM to a healthy replacement
Maintenance: Temporarily detach a public IP while a VM is serviced

Configuration

Action: attach or detach (required)
VM Instance: The target VM. The selection encodes both the zone and the instance name.
Static IP (attach only): The reserved external IP to attach. Only IPs in the selected VM’s region are listed, since a regional IP can attach only to a VM in the same region.
Network Interface: The interface to modify (default nic0)

Output

Returns the instance state after the operation:

instanceId, name, zone, status, selfLink, machineType, internalIP, externalIP
action: The action performed (attach or detach)

Important Notes

A regional static IP can only be attached to a VM in the same region
Attaching is idempotent: if the static IP is already the instance’s external IP, the component succeeds without changes
Detaching is idempotent: if the interface already has no external IP, the component succeeds without changes
The component waits for each underlying zone operation to complete before emitting

Example Output

{
  "data": {
    "action": "attach",
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "e2-medium",
    "name": "my-vm",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "RUNNING",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.staticIP.attached"
}

Compute • Create Image

Component key: gcp.createImage

The Create Image component creates a custom Compute Engine image.

Use Cases

Golden image pipelines: Build immutable, reusable images from validated disks
Backup workflows: Capture disk state as a restorable image before changes
Release automation: Produce versioned images as part of CI/CD

Configuration

Image Name: Name for the new image (lowercase, numbers, hyphens; 1–63 chars).
Source: Where the image is created from:
- Disk: A persistent disk (pick the region, zone, then the disk).
- Snapshot: A disk snapshot.
- Image: Another custom image in the project.
Image family: Optional family to group related images (e.g. my-app).
Description: Optional human-readable description.
Labels: Optional key-value labels (billing, environment, team).
Storage location: Optional single region or multi-region to store the image (e.g. us or europe-west1). Defaults to the source’s region.
Force create: When the source is a disk attached to a running instance, create the image anyway (may produce an inconsistent image).

Output

Emits the created image: name, selfLink, family, status, diskSizeGb, sourceDisk, labels, deprecationState, creationTimestamp.

Important Notes

Creating an image from a disk attached to a running VM is not recommended unless Force create is enabled.
The component waits for the underlying global operation to complete before emitting.

Example Output

{
  "data": {
    "creationTimestamp": "2026-06-02T12:00:00.000-07:00",
    "deprecationState": "ACTIVE",
    "diskSizeGb": 10,
    "family": "my-app",
    "imageId": "1234567890123456789",
    "labels": {
      "env": "production"
    },
    "name": "my-app-2026-06-02",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/global/images/my-app-2026-06-02",
    "sourceDisk": "my-disk",
    "status": "READY",
    "storageLocations": [
      "us"
    ]
  },
  "timestamp": "2026-06-02T12:00:00Z",
  "type": "gcp.compute.image.created"
}

Compute • Create Virtual Machine

Component key: gcp.createVM

Creates a new Google Compute Engine VM.

Steps

Machine Configuration – Region, zone, machine type, provisioning model (Spot/Standard), instance name.
OS & Storage – Boot disk source (public/custom image, snapshot, existing disk), disk type, size, snapshot schedule.
Security – Shielded VM (secure boot, vTPM, integrity monitoring), Confidential VM (AMD SEV/SEV-SNP, Intel TDX).
Identity & API access – VM service account, OAuth scopes, OS Login, block project-wide SSH keys.
Networking – VPC, subnet, NIC type, internal/external IP (including static), network tags, firewall rules.
Management – Metadata, startup script, automatic restart, on host maintenance, maintenance policy.
Advanced – GPU accelerators, placement policy (min node CPUs), sole-tenant/host affinity, resource policies.

Output

Emits a payload with instance details: instanceId, selfLink, internalIP, externalIP, status, zone, name, machineType.

Example Output

{
  "data": {
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "e2-medium",
    "name": "my-vm",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "RUNNING",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.createVM.completed"
}

Compute • Delete Image

Component key: gcp.deleteImage

The Delete Image component permanently deletes a Compute Engine custom image.

Use Cases

Cleanup: Remove temporary or test images after use
Cost optimization: Delete unused images to reduce storage costs
Lifecycle automation: Remove obsolete images as part of release pipelines

Configuration

Image: The custom image to delete. Pick from the list of images in your project, or pass an expression chained from an upstream node (e.g. the selfLink emitted by gcp.createImage).

Output

Returns the name of the deleted image.

Important Notes

This operation is permanent and cannot be undone.
If the image is not found, the action fails so that misconfigured or stale expressions do not silently mask incomplete cleanup.
Deleting an image does not affect VM instances or disks already created from it.

Example Output

{
  "data": {
    "imageName": "my-app-2026-06-02"
  },
  "timestamp": "2026-06-02T12:00:00Z",
  "type": "gcp.compute.image.deleted"
}

Compute • Delete VM Instance

Component key: gcp.deleteVMInstance

The Delete VM Instance component permanently deletes a Compute Engine VM instance.

Use Cases

Cleanup: Remove temporary or test VMs after use
Cost optimization: Automatically tear down unused infrastructure
Automated workflows: Delete VMs as part of deployment rollback or cleanup processes
Environment management: Remove ephemeral environments after testing

Configuration

VM Instance: Pick from the list of VMs in your project, or pass an expression chained from an upstream node (e.g. the selfLink emitted by gcp.createVM). The selection encodes both the zone and the instance name.

Output

Returns information about the deleted instance:

instanceName: The name of the instance that was deleted
zone: The zone the instance was in

Important Notes

This operation is permanent and cannot be undone
All data on the instance will be lost unless boot/data disks have auto-delete disabled
The instance will be stopped if running before deletion
If the instance is not found at the resolved zone/name, the action fails so that misconfigured or stale expressions do not silently mask incomplete cleanup

Example Output

{
  "data": {
    "instanceName": "my-vm",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance.deleted"
}

Compute • Get VM Instance

Component key: gcp.getVMInstance

The Get VM Instance component reads the current state of a Compute Engine VM instance and emits its details on the default output channel.

Use Cases

Status checks: Verify a VM is in the expected state (e.g. RUNNING) before proceeding with downstream work.
Detail lookup: Fetch IPs, machine type, or selfLink for use in later workflow steps.
Health gates: Pair with a condition to branch a workflow based on instance status.

Configuration

VM Instance: Pick from the list of VMs in your project, or pass an expression chained from an upstream node (e.g. selfLink from gcp.createVM). The selection encodes both the zone and the instance name.

Output

The emitted payload contains the full instance summary:

instanceId, selfLink, status, zone, name, machineType
internalIP, externalIP (when present)

Important Notes

If the instance is not found at the resolved zone/name, the action fails so that misconfigured or stale expressions do not silently mask a missing resource.
The integration’s bound project is authoritative; a chained selfLink pointing at a different project is rejected rather than silently rewritten.

Example Output

{
  "data": {
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "e2-medium",
    "name": "my-vm",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "RUNNING",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance.fetched"
}

Compute • Get VM Metrics

Component key: gcp.getVMInstanceMetrics

The Get VM Metrics component retrieves CPU utilization and network throughput metrics for a Compute Engine VM instance from Cloud Monitoring over a specified lookback window.

Use Cases

Performance monitoring: Sample current resource utilization before scaling decisions
Incident investigation: Pull recent metrics when responding to an alert
Capacity planning: Gather trend data to inform right-sizing of infrastructure
Automated scaling: Use metric outputs to conditionally trigger resize or power operations

Configuration

VM Instance: Pick from the list of VMs in your project, or pass an expression chained from an upstream node. The selection encodes both the zone and the instance name.
Lookback Period: How far back to retrieve metrics — 1h, 6h, 24h, 7d, or 14d (required).

Output

Returns an averaged metrics payload over the lookback window:

instanceId: The numeric ID of the queried instance
name, zone: Instance identity
start, end: ISO 8601 timestamps of the metrics window
lookbackPeriod: The selected lookback period
avgCpuUsagePercent: Average CPU utilization percentage over the window
avgNetworkInboundBytesPerSec: Average received network throughput in bytes/sec
avgNetworkOutboundBytesPerSec: Average sent network throughput in bytes/sec

All metric values are rounded to two decimal places.

Important Notes

Requires the roles/monitoring.viewer IAM role on the integration’s service account.
Metrics are read from Cloud Monitoring (compute.googleapis.com metrics), which are available for all Compute Engine instances by default.
Data point resolution varies by window: shorter windows return finer-grained data.

Example Output

{
  "data": {
    "avgCpuUsagePercent": 23.47,
    "avgNetworkInboundBytesPerSec": 10485.76,
    "avgNetworkOutboundBytesPerSec": 8192.33,
    "end": "2025-02-14T12:00:00Z",
    "instanceId": "1234567890123456789",
    "lookbackPeriod": "1h",
    "name": "my-vm",
    "start": "2025-02-14T11:00:00Z",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance.metrics"
}

Compute • Manage VM Power

Component key: gcp.manageVMInstancePower

The Manage VM Power component performs power management operations on a Compute Engine VM instance.

Use Cases

Automated restarts: Reset instances on a schedule or in response to alerts
Cost optimization: Stop instances during non-business hours
Maintenance workflows: Stop instances before updates, start them after completion
Recovery procedures: Reset instances experiencing issues

Configuration

VM Instance: Pick from the list of VMs in your project, or pass an expression chained from an upstream node (e.g. the selfLink emitted by gcp.createVM). The selection encodes both the zone and the instance name.
Operation: The power operation to perform (required):
- start: Start a stopped (TERMINATED) instance
- stop: Stop a running instance
- reset: Hard reset a running instance (does not perform a clean shutdown)
- suspend: Suspend a running instance, preserving memory state
- resume: Resume a suspended instance

Output

Returns the instance state after the operation completes:

instanceId, name, zone, status, selfLink, machineType, internalIP, externalIP
operation: The power operation that was performed

Important Notes

reset is a forced operation and does not perform a clean OS shutdown
The component waits for the underlying zone operation to complete before emitting
Operations may take several minutes depending on the instance state

Example Output

{
  "data": {
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "e2-medium",
    "name": "my-vm",
    "operation": "power_off",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "TERMINATED",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance.power.power_off"
}

Monitoring • Create Alerting Policy

Component key: gcp.monitoring.createAlertingPolicy

The Create Alerting Policy component creates a Cloud Monitoring alerting policy with one or more threshold conditions on Compute Engine instance metrics.

Use Cases

Capacity management: Alert when CPU stays above a safe level
Composite alerts: Combine multiple conditions (e.g. high CPU AND high network) with a combiner
Severity routing: Tag policies Critical/Error/Warning and rate-limit or auto-close incidents

Configuration

Display Name: Human-readable name for the policy (required)
Condition type: Metric threshold (default) or PromQL query (Google Managed Prometheus)
Conditions (threshold type): One or more threshold conditions. Each has:
- Metric, Comparison (above > or below <), Threshold, Duration
- Optional Aligner, Rolling window, Group reducer + Group by fields (aggregation)
- Optional Trigger by count or percent of time series
PromQL query (PromQL type): a PromQL expression that fires while it returns results, plus an optional For duration and Evaluation interval — the Prometheus-style alerting rule
Combiner: How multiple conditions combine — OR / AND / AND-with-matching-resource (default OR)
Severity: Critical / Error / Warning (optional)
Notification Channels: Existing channels to alert (optional)
User Labels: Key/value labels on the policy (optional)
Enabled: Whether the policy is active (default: true)
Auto-close / Notification rate limit: Alert strategy (optional)
Documentation / Documentation subject: Markdown shown in notifications (optional)

Output

Returns the created policy: name, id, displayName, enabled, combiner, severity, conditionsCount, and the first condition’s comparison, thresholdValue, duration, filter.

Important Notes

Requires the roles/monitoring.editor IAM role on the integration’s service account
Conditions monitor the metric across all Compute Engine instances in the project
Up to 6 conditions per policy

Example Output

{
  "data": {
    "combiner": "OR",
    "comparison": "COMPARISON_GT",
    "conditionsCount": 1,
    "displayName": "High CPU on production instances",
    "duration": "300s",
    "enabled": true,
    "filter": "metric.type=\"compute.googleapis.com/instance/cpu/utilization\" AND resource.type=\"gce_instance\"",
    "id": "1234567890123456789",
    "name": "projects/my-project/alertPolicies/1234567890123456789",
    "notificationChannels": [
      "projects/my-project/notificationChannels/9876543210"
    ],
    "thresholdValue": 0.8
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.monitoring.alertingPolicy.created"
}

Monitoring • Create Snooze

Component key: gcp.monitoring.createSnooze

The Create Snooze component creates a Cloud Monitoring snooze that prevents the selected alerting policies from sending notifications for a window of time, starting now. It is the GCP equivalent of an Alertmanager silence.

Use Cases

Maintenance windows: Mute alerts on policies while you deploy or patch
Noise control: Temporarily quiet a flapping policy while you fix the root cause
Planned work: Suppress notifications for a known, expected disruption

Configuration

Display Name: Human-readable name for the snooze (required)
Alerting Policies: One or more policies to snooze (required, up to 16)
Duration: How long to snooze, starting now (required)

Output

Returns the created snooze: name, id, displayName, policies, policiesCount, startTime, endTime.

Important Notes

The snooze starts immediately and ends after the chosen duration
A snooze suppresses notifications but does not stop incidents from opening
Requires the roles/monitoring.editor (or roles/monitoring.snoozeEditor) IAM role

Example Output

{
  "data": {
    "displayName": "Deploy maintenance window",
    "endTime": "2025-02-14T13:00:00Z",
    "id": "1234567890123456789",
    "name": "projects/my-project/snoozes/1234567890123456789",
    "policies": [
      "projects/my-project/alertPolicies/1111111111111111111"
    ],
    "policiesCount": 1,
    "startTime": "2025-02-14T12:00:00Z"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.monitoring.snooze.created"
}

Monitoring • Delete Alerting Policy

Component key: gcp.monitoring.deleteAlertingPolicy

The Delete Alerting Policy component permanently deletes a Cloud Monitoring alerting policy.

Use Cases

Cleanup: Remove policies for decommissioned services
Environment teardown: Delete alerting as part of tearing down ephemeral environments

Configuration

Alerting Policy: Pick from the policies in your project, or pass an expression chained from an upstream node (e.g. the name emitted by gcp.monitoring.createAlertingPolicy).

Output

Returns the deleted policy reference:

name: The resource name that was deleted
id: The policy ID

Important Notes

This operation is permanent and cannot be undone
Requires the roles/monitoring.editor IAM role on the integration’s service account
If the policy is not found, the action fails so stale expressions don’t silently mask incomplete cleanup

Example Output

{
  "data": {
    "id": "1234567890123456789",
    "name": "projects/my-project/alertPolicies/1234567890123456789"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.monitoring.alertingPolicy.deleted"
}

Monitoring • Expire Snooze

Component key: gcp.monitoring.expireSnooze

The Expire Snooze component ends an active snooze immediately, so the policies it covers resume sending notifications. It is the GCP equivalent of expiring an Alertmanager silence.

It moves the snooze’s end time to now. Cloud Monitoring requires a snooze window to be at least a minute long, so a snooze that started less than a minute ago is instead cancelled outright (collapsed to a zero-length window) — either way alerting resumes right away.

Use Cases

Early exit: Maintenance finished ahead of schedule — re-enable alerting now
Cleanup: End a snooze created upstream once a workflow completes

Configuration

Snooze: Pick from the snoozes in your project, or pass an expression chained from an upstream node (e.g. the name emitted by gcp.monitoring.createSnooze).

Output

Returns the updated snooze: name, id, displayName, policies, startTime, endTime (now).

Important Notes

Cloud Monitoring has no delete-snooze operation; ending a snooze means setting its end time to the current time
Requires the roles/monitoring.editor (or roles/monitoring.snoozeEditor) IAM role

Example Output

{
  "data": {
    "displayName": "Deploy maintenance window",
    "endTime": "2025-02-14T12:30:00Z",
    "id": "1234567890123456789",
    "name": "projects/my-project/snoozes/1234567890123456789",
    "policies": [
      "projects/my-project/alertPolicies/1111111111111111111"
    ],
    "policiesCount": 1,
    "startTime": "2025-02-14T12:00:00Z"
  },
  "timestamp": "2025-02-14T12:30:00Z",
  "type": "gcp.monitoring.snooze.expired"
}

Monitoring • Get Alerting Policy

Component key: gcp.monitoring.getAlertingPolicy

The Get Alerting Policy component reads the configuration and state of a Cloud Monitoring alerting policy.

Use Cases

Auditing: Inspect a policy’s threshold, comparison, and enabled state
Conditional workflows: Branch on whether a policy is enabled or how it’s configured
Chaining: Read a policy created upstream before updating or deleting it

Configuration

Alerting Policy: Pick from the policies in your project, or pass an expression chained from an upstream node (e.g. the name emitted by gcp.monitoring.createAlertingPolicy).

Output

Returns the policy:

name, id, displayName, enabled, combiner, conditionsCount
comparison, thresholdValue, duration, filter: the first condition’s threshold
notificationChannels: attached channels (when any)

Important Notes

Requires the roles/monitoring.viewer IAM role on the integration’s service account
If the policy is not found, the action fails so stale expressions don’t silently mask a problem

Example Output

{
  "data": {
    "combiner": "OR",
    "comparison": "COMPARISON_GT",
    "conditionsCount": 1,
    "displayName": "High CPU on production instances",
    "duration": "300s",
    "enabled": true,
    "filter": "metric.type=\"compute.googleapis.com/instance/cpu/utilization\" AND resource.type=\"gce_instance\"",
    "id": "1234567890123456789",
    "name": "projects/my-project/alertPolicies/1234567890123456789",
    "notificationChannels": [
      "projects/my-project/notificationChannels/9876543210"
    ],
    "thresholdValue": 0.8
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.monitoring.alertingPolicy.fetched"
}

Monitoring • Get Snooze

Component key: gcp.monitoring.getSnooze

The Get Snooze component reads a Cloud Monitoring snooze.

Use Cases

Auditing: Inspect which policies are snoozed and until when
Chaining: Read a snooze created upstream before expiring it

Configuration

Snooze: Pick from the snoozes in your project, or pass an expression chained from an upstream node (e.g. the name emitted by gcp.monitoring.createSnooze).

Output

Returns the snooze: name, id, displayName, policies, policiesCount, startTime, endTime.

Important Notes

Requires the roles/monitoring.viewer IAM role on the integration’s service account

Example Output

{
  "data": {
    "displayName": "Deploy maintenance window",
    "endTime": "2025-02-14T13:00:00Z",
    "id": "1234567890123456789",
    "name": "projects/my-project/snoozes/1234567890123456789",
    "policies": [
      "projects/my-project/alertPolicies/1111111111111111111"
    ],
    "policiesCount": 1,
    "startTime": "2025-02-14T12:00:00Z"
  },
  "timestamp": "2025-02-14T12:30:00Z",
  "type": "gcp.monitoring.snooze.fetched"
}

Monitoring • Update Alerting Policy

Component key: gcp.monitoring.updateAlertingPolicy

The Update Alerting Policy component modifies an existing Cloud Monitoring alerting policy in place. Only the fields you set are changed (sent as an update mask).

Use Cases

Threshold tuning: Adjust a condition’s threshold as baselines change
Enable/disable: Toggle a policy during maintenance windows
Re-route: Change notification channels, severity, or alert strategy

Configuration

Alerting Policy: The policy to update (required, supports expressions)
Condition type: Toggle to replace the policy’s conditions with a metric threshold or a PromQL query (leave off to keep current conditions)
Conditions (threshold type): Provide to replace with threshold conditions (each: metric, comparison, threshold, duration, optional aggregation/trigger)
PromQL query (PromQL type): Provide to replace with a single PromQL condition (with optional For duration and evaluation interval)
Combiner: OR / AND / AND-with-matching-resource
Severity: Critical / Error / Warning
Enabled: Enable, disable, or leave unchanged
Notification Channels: Replace channels (provide empty to clear)
User Labels: Replace user labels
Auto-close / Notification rate limit: Replace the alert strategy
Documentation / subject: Replace the documentation

Output

Returns the updated policy: name, id, displayName, enabled, combiner, severity, conditionsCount, and the first condition summary.

Important Notes

At least one field must be provided
Providing Conditions replaces all existing conditions
Auto-close, rate limit, documentation content, and documentation subject are each updated independently — changing one leaves the others untouched
Requires the roles/monitoring.editor IAM role

Example Output

{
  "data": {
    "combiner": "OR",
    "comparison": "COMPARISON_GT",
    "conditionsCount": 1,
    "displayName": "High CPU on production instances",
    "duration": "300s",
    "enabled": false,
    "filter": "metric.type=\"compute.googleapis.com/instance/cpu/utilization\" AND resource.type=\"gce_instance\"",
    "id": "1234567890123456789",
    "name": "projects/my-project/alertPolicies/1234567890123456789",
    "thresholdValue": 0.9
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.monitoring.alertingPolicy.updated"
}

Managed Prometheus • Query

Component key: gcp.prometheus.query

The Query component runs an instant PromQL query against Google Cloud Managed Service for Prometheus (GMP).

GMP stores Prometheus metrics in Cloud Monitoring (Monarch) and exposes a Prometheus-compatible HTTP frontend. This component calls GET /v1/projects/<project>/location/global/prometheus/api/v1/query and returns the result at a single point in time.

Use Cases

Threshold checks: Evaluate an expression (e.g. up or rate(...)) and branch on the value
Spot readings: Read the current value of a metric to enrich a workflow
Chaining: Feed a metric value into a downstream notification or decision node

Configuration

Query: Required PromQL expression to evaluate (supports expressions). Example: up

The expression is evaluated at execution time (“now”).

Output

Emits one gcp.prometheus.query payload:

resultType: vector, scalar, etc.
result: the Prometheus result (series with their labels and value)
seriesCount: number of series returned

Important Notes

Requires the roles/monitoring.viewer IAM role on the integration’s service account
An invalid PromQL expression fails the action with the Prometheus error message

Example Output

{
  "data": {
    "result": [
      {
        "metric": {
          "__name__": "up",
          "instance": "10.0.0.5:9090",
          "job": "prometheus"
        },
        "value": [
          1767225600,
          "1"
        ]
      }
    ],
    "resultType": "vector",
    "seriesCount": 1
  },
  "timestamp": "2026-01-01T00:00:00Z",
  "type": "gcp.prometheus.query"
}

Managed Prometheus • Query Range

Component key: gcp.prometheus.queryRange

The Query Range component runs a PromQL range query against Google Cloud Managed Service for Prometheus (GMP) over an explicit time range.

GMP stores Prometheus metrics in Cloud Monitoring (Monarch) and exposes a Prometheus-compatible HTTP frontend. This component calls GET /v1/projects/<project>/location/global/prometheus/api/v1/query_range and returns a matrix of samples between start and end at the given step resolution.

Use Cases

Trend analysis: Pull a metric over a window to summarise or chart it downstream
Incident investigation: Fetch samples for a specific time range when responding to an alert
Anomaly checks: Evaluate an expression across time before acting

Configuration

Query: Required PromQL expression to evaluate (supports expressions). Example: rate(prometheus_http_requests_total[5m])
Start: Required start timestamp in RFC3339 or Unix format (supports expressions). Example: 2026-01-01T00:00:00Z
End: Required end timestamp in RFC3339 or Unix format (supports expressions). Example: 2026-01-02T00:00:00Z
Step: Required query resolution step (e.g. 15s, 1m)

Output

Emits one gcp.prometheus.queryRange payload:

resultType: typically matrix
result: the Prometheus result (series with their labels and values over time)
seriesCount: number of series returned
start, end, step: the query window

Important Notes

Requires the roles/monitoring.viewer IAM role on the integration’s service account
An invalid PromQL expression fails the action with the Prometheus error message

Example Output

{
  "data": {
    "end": "2026-01-01T01:00:00Z",
    "result": [
      {
        "metric": {
          "__name__": "up",
          "instance": "10.0.0.5:9090",
          "job": "prometheus"
        },
        "values": [
          [
            1767225600,
            "1"
          ],
          [
            1767225660,
            "1"
          ],
          [
            1767225720,
            "0"
          ]
        ]
      }
    ],
    "resultType": "matrix",
    "seriesCount": 1,
    "start": "2026-01-01T00:00:00Z",
    "step": "60s"
  },
  "timestamp": "2026-01-01T01:00:00Z",
  "type": "gcp.prometheus.queryRange"
}

Pub/Sub • Create Subscription

Component key: gcp.pubsub.createSubscription

The Create Subscription component creates a new GCP Pub/Sub subscription on a topic.

Use Cases

Provisioning workflows: Wire up subscriptions as part of service deployment
Pull queue setup: Create pull subscriptions for batch processing workflows
Push integration: Create push subscriptions that deliver messages to an HTTP endpoint

Example Output

{
  "data": {
    "name": "projects/my-project/subscriptions/my-subscription",
    "subscription": "my-subscription",
    "topic": "my-topic",
    "type": "pull"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.subscription"
}

Pub/Sub • Create Topic

Component key: gcp.pubsub.createTopic

The Create Topic component creates a new GCP Pub/Sub topic.

Use Cases

Provisioning workflows: Create topics as part of environment setup
Dynamic routing: Create topics on demand for new services or tenants
Automation bootstrap: Prepare messaging infrastructure before publishing

Example Output

{
  "data": {
    "name": "projects/my-project/topics/my-topic",
    "topic": "my-topic"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.topic"
}

Pub/Sub • Delete Subscription

Component key: gcp.pubsub.deleteSubscription

The Delete Subscription component deletes a GCP Pub/Sub subscription.

Use Cases

Cleanup workflows: Remove subscriptions as part of service teardown
Lifecycle management: Decommission subscriptions that are no longer needed
Rollback automation: Remove subscriptions created in failed provisioning runs

Example Output

{
  "data": {
    "deleted": true,
    "subscription": "my-subscription"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.subscription.deleted"
}

Pub/Sub • Delete Topic

Component key: gcp.pubsub.deleteTopic

The Delete Topic component deletes a GCP Pub/Sub topic.

Use Cases

Cleanup workflows: Remove temporary topics after execution
Lifecycle management: Decommission unused messaging resources
Rollback automation: Remove topics created in failed provisioning runs

Example Output

{
  "data": {
    "deleted": true,
    "topic": "my-topic"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.topic.deleted"
}

Pub/Sub • Publish Message

Component key: gcp.pubsub.publishMessage

The Publish Message component sends a message to a GCP Pub/Sub topic.

Use Cases

Event fan-out: Broadcast workflow results to multiple subscribers
Notifications: Publish operational updates to downstream systems
Automation: Trigger Pub/Sub-based pipelines from workflows

Example Output

{
  "data": {
    "messageId": "1234567890",
    "topic": "my-topic"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.message.published"
}

Compute • Update Image

Component key: gcp.updateImage

The Update Image component updates an existing Compute Engine custom image. It can change the image’s deprecation status (including marking it deprecated or obsolete) and update its labels.

Use Cases

Release lifecycle: Mark older images deprecated or obsolete as newer ones ship
Pointing consumers forward: Set a replacement image so users are guided to the current version
Inventory hygiene: Keep image labels accurate for billing, environment, and ownership

Configuration

Image: The custom image to update.
Deprecation state: Optionally change the image lifecycle state:
- No change: Leave the current deprecation state untouched.
- Active: Clear any deprecation (make the image fully usable again).
- Deprecated: Mark the image deprecated (still usable; warns on use).
- Obsolete: Mark the image obsolete (cannot be used to create new resources).
- Deleted: Mark the image as logically deleted.
Replacement image: Optional image to recommend in place of this one (name or URL). Applies when setting a deprecation state.
Labels: Optional key-value labels to add or update on the image. Labels you provide are merged with the image’s existing labels; existing labels you don’t list are left unchanged.

Output

Emits the updated image: name, selfLink, family, status, diskSizeGb, labels, deprecationState, replacement, creationTimestamp.

Important Notes

Setting the deprecation state to Active clears an existing deprecation.
Updating labels merges with the image’s existing labels; labels you don’t list are preserved.
The component waits for each underlying global operation to complete before emitting.

Example Output

{
  "data": {
    "creationTimestamp": "2026-06-02T12:00:00.000-07:00",
    "deprecationState": "DEPRECATED",
    "diskSizeGb": 10,
    "family": "my-app",
    "imageId": "1234567890123456789",
    "labels": {
      "env": "production",
      "team": "platform"
    },
    "name": "my-app-2026-06-02",
    "replacement": "https://www.googleapis.com/compute/v1/projects/my-project/global/images/my-app-v2",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/global/images/my-app-2026-06-02",
    "status": "READY"
  },
  "timestamp": "2026-06-02T12:00:00Z",
  "type": "gcp.compute.image.updated"
}

Compute • Update VM Machine Type

Component key: gcp.updateVMInstanceType

The Update VM Machine Type component changes the machine type (size) of an existing Compute Engine VM instance.

Use Cases

Vertical scaling: Resize an instance up or down in response to load
Cost optimization: Move to a smaller machine type during off-peak hours
Right-sizing: Adjust machine type based on observed utilization

Configuration

VM Instance: Pick from the list of VMs in your project, or pass an expression chained from an upstream node (e.g. the selfLink emitted by gcp.createVM). The selection encodes both the zone and the instance name.
Machine Type: The new machine type name, e.g. e2-medium or n2-standard-4 (required, supports expressions).
Restart after update: Whether to start the instance again after the machine type is changed. Enabled by default. Compute Engine requires the instance to be stopped to change its machine type, so a running instance is always stopped first.

Output

Returns the instance state after the update completes:

instanceId, name, zone, status, selfLink, machineType, internalIP, externalIP

Important Notes

Changing the machine type requires the instance to be stopped (TERMINATED). A running instance is stopped automatically before the change.
If Restart after update is enabled, the instance is started again once the new machine type is applied.
The new machine type must be available in the instance’s zone.
The component waits for each underlying zone operation to complete before proceeding.

Example Output

{
  "data": {
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "n2-standard-4",
    "name": "my-vm",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "RUNNING",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance.machineTypeUpdated"
}