App Topology lets you query data about your resources and applications from multiple sources, and then view the correlated data as a topology graph. For example, you can view all agents that have a specific vulnerability.
By bringing together data across multiple sources, App Topology helps you to understand relationships, dependencies, and context in one place.
In Cloud Hub you can view correlated data for several domains, including health and troubleshooting, deployment, and security. App Topology also provides topology graphs that are focused on specific uses in other areas of Google Cloud. To learn more, see Types of topologies .
Integration with Gemini Cloud Assist
App Topology provides Gemini Cloud Assist investigations with the context of your resources and their relationships. When you perform an investigation with Gemini Cloud Assist, this contextual information helps improve the relevancy and quality of root cause analysis.
VPC Service Controls
App Topology supports VPC Service Controls to strengthen data security and mitigate the risks of data exfiltration. With VPC Service Controls, you can configure security perimeters around the resources of your Google Cloud services and control the movement of data across the perimeter boundary.
When you enable the App Topology API, App Topology adds an access path for limited metadata for App Hub applications, Cloud Trace traces, and Cloud Monitoring alerts. Examples of metadata include trace span start and end times and App Topology application IDs.
VPC Service Controls restrictions for App Hub apply only to App Hub interactions in the management project. As a result, App Topology can read data for applications and discovered services and workloads for all descendent projects of the app-enabled folder, even if those projects are not in the same perimeter as the management project.
When you restrict the App Topology API in a perimeter, we recommend that you add to that perimeter the APIs for services that provide data to App Topology, including:
- App Hub API (
apphub.googleapis.com) - Cloud Asset API (
cloudasset.googleapis.com) - Developer Connect API (
developerconnect.googleapis.com) - Cloud Monitoring API (
monitoring.googleapis.com) - Security Command Center API (
securitycenter.googleapis.com) - Cloud Trace API (
trace.googleapis.com)
See the VPC Service Controls documentation for more information about supported products.
