With Forseti 2.23 we have a lot of exciting changes.
The Forseti team has been focused on delivering a faster, more efficient inventory process. These improvements will be more prominent for organizations that have 1 million+ resources – most users can expect to see a significant reduction in the time it takes to create an inventory.
These improvements come from both code and infrastructure optimizations. For infrastructure, we have decided to increase the default Forseti VM and Cloud SQL instances. Going forward, the Forseti server VM will default to n1-standard-8 and Cloud SQL will default to db-n1-standard-4.
If your Forseti scans still take longer than 24 hours or your Forseti inventory creation does not see a reduction in time, please reach out to us on Slack for help profiling your environment. These improvements are targeted for inventory data collection from the Cloud Asset Inventory (CAI) datasource. Customers getting data by time intensive GCP API calls will not see the improvements. We are working with the CAI team to migrate the remaining resources from API into the CAI datasource.
Forseti Config Validator has been updated to evaluate multiple policies on the same dataset in parallel. Customers using Config Validator scanners with Forseti will now see more efficient scanning of large GCP environments.
Forseti now supports Terraform as the official installation path. As we outlined in our previous post, we have deprecated the Python based installer. Additionally, we have removed the related Python installer code from the forseti-security repo.
We have created a migration script and documentation to help you seamlessly migrate from the Python installer to Terraform:
You can learn more about the Forseti Terraform module source code here.
The Terraform Forseti module has been restructured to support flexible deployment scenarios. If you have previously installed Forseti using Terraform, you can migrate your existing Terraform state by following the instructions in the upgrade guide
We are excited to announce that Forseti on-GKE is now released into Beta. This is the result of considerable community collaboration over the last few months and we appreciate all who contributed to this effort. There are several key features that make this feature robust, flexible, and secure:
Please reach out to us on Slack or firstname.lastname@example.org with any questions.