Resource Manager release notes

This page documents production updates to Resource Manager. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

December 19, 2024

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.

The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.

You can use the iam.managed.allowedPolicyMembers managed organization policy constraint to implement domain restricted sharing. For more information, see Domain restricted sharing.

December 17, 2024

You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).

December 16, 2024

Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.

This feature is available in General Availability.

December 09, 2024

Using IAM attributes in custom organization policies is generally available. For more information, see Use custom organization policies.

You can use the iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts managed organization policy constraint to prevent default service accounts from being granted the Editor (roles/editor) or Owner (roles/owner) roles. For more information, see Prevent the Owner and Editor role from being granted to default service accounts.

December 06, 2024

October 29, 2024

Organization Policy managed constraints are a set of constraints built on the custom organization policy platform. You can use managed constraints in place of certain predefined constraints to perform dry-run tests and simulate changes to your policies using Policy Intelligence tools. This feature is now in General Availability.

June 04, 2024

Cloud Data Fusion supports annotating resources with tags in Preview. For more information, see the Services that support tags.

March 13, 2024

You can add tags at the time of creating folders and projects. These tags can be added as key-value pairs. For more information, see Add tags during folder creation and Add tags during project creation. This feature is currently in preview.

February 12, 2024

February 06, 2024

You can use the Google Cloud console with Policy Simulator for Organization Policy to test organization policies. This feature is available in Preview.

February 05, 2024

With the secure-by-default organization policy enforcements, insecure posture is addressed with a bundle of organization policies that are enforced at the time of creation of an organization resource. Enforcement of these policies will apply to organizations created early in 2024, as the feature is gradually rolled out.

December 20, 2023

December 12, 2023

Organization Policy custom constraints allow you to configure customizable organization policies to prevent the misconfiguration of resources and help you meet your security and compliance goals. This feature is now in General Availability.

November 07, 2023

You can use the Google Cloud console to analyze organization policies. This feature is available in Preview.

September 22, 2023

Tag key and value short names can now have a maximum length of 256 characters. For more information, see Tags overview.

July 27, 2023

New Organization Policy constraints have launched into general availability to define service attachment controls for Private Service Connect consumers. For more information, see Manage security for Private Service Connect consumers.

Policy Simulator for Organization Policy allows you to test organization policies before they are enforced. This feature is available in Preview.

July 26, 2023

New Organization Policy constraints have launched into general availability to define access and creation controls for Vertex AI Workbench notebooks and instances. For more information, see Organization policy constraints.

Two automatically configured Organization Policy constraints have launched into general availability to provide advanced regulatory control for Assured Workloads. For more information, see Organization policy constraints.

June 16, 2023

You can now monitor how custom constraints would impact your organization's workflows by setting custom constraints in dry-run mode.

April 18, 2023

You can now create dry-run organization policies using the Google Cloud console.

April 17, 2023

You can now create tags that are children of projects as well as organization resources. For more information, see Creating and managing tags.

March 08, 2023

You can now create dry-run organization policies to monitor how policy changes would impact your workflows before they are enforced.

February 16, 2023

The organization restrictions feature has entered General Availability. The organization restrictions feature helps security administrators to prevent data exfiltration due to phishing or insider attacks. The organization restrictions feature restricts access only to resources in authorized Google Cloud organizations. For more information, see Introduction to organization restrictions.

November 18, 2022

Policy Analyzer now offers organization policy analysis. Policy Analyzer helps you get more information about the resources affected by an organization policy constraint. This feature is available in Preview.

November 01, 2022

The feature for listing all tags that are attached to or inherited by your resources has entered general availability. For more information, see Creating and managing tags.

You can now use the Cloud Console UI to create and manage tags. For more information, see Creating and managing tags.

October 13, 2022

The organization restrictions feature has launched into public preview. The organization restrictions feature enables you to prevent data exfiltration through phishing or insider attacks. For managed devices in an organization, the organization restrictions feature restricts access only to resources in authorized Google Cloud organizations. For more information, see Introduction to organization restrictions.

August 24, 2022

Organization Policy custom constraints has launched into public preview. Custom constraints can allow or restrict access to API calls in the same way that predefined constraints do, but allow administrators to configure conditions based on request parameters and other metadata. For more information, see Creating and managing custom constraints.

August 02, 2022

Two Organization Policy constraints have launched into general availability to help ensure CMEK usage across an organization. For more information, see CMEK organization policies.

June 17, 2022

A feature for protecting tag values from being deleted has launched into general availability. If a tag value has a tag hold, it cannot be deleted by users unless the tag hold is first deleted. For more information about tag holds, see Protecting tag values with tag holds.

June 14, 2022

The following organization policy constraints to restrict resource creation of global security configuration have launched into general availability:

  • Disable Creation of Cloud Armor Security Policies
  • Disable Creation of global self-managed SSL Certificates
  • Disable Global Load Balancing
  • Disable Enabling Identity-Aware Proxy (IAP) on global resources
  • Disable Enabling Identity-Aware Proxy (IAP) on regional resources

May 06, 2022

The feature for listing the effectively evaluated tags on a resource has launched into public preview. For more information, see Listing effective tags on a resource.

May 04, 2022

The resource usage restriction Organization Policy constraint has launched into general availability.

September 20, 2021

The Organization Policy Service v2 API reference documentation is now available. For more information, see the API reference documentation.

August 09, 2021

You can now use the Cloud Console UI to manage your organization policies with tags. For more information, see Setting an organization policy with tags.

July 27, 2021

The Organization Policy constraints Allowed ingress settings and Allowed VPC egress settings for Cloud Run have launched into general availability.

June 08, 2021

The Resource Settings API has entered general availability. You can use Resource Settings to centrally configure settings for your Google Cloud projects, folders, and organization. For more information, see Resource Settings overview.

May 26, 2021

The process for migrating a project from one organization to another has released into general availability. To make it easier to see the impact a project migration will have on your organization, you can use the Cloud Asset Inventory Analyze Move API to get a detailed report before performing a move. For more information, see Migrating projects and Analyze project move.

April 19, 2021

The Resource Manager v3 API has been released into general availability. For more information, see the API reference documentation.

March 24, 2021

The Resource Manager v3 API has been released into public preview. For more information, see the API reference documentation.

March 16, 2021

The Organization Policy Service v2 API has launched into general availability.

Tags have been launched into general availability. For more information, see the Tags overview.

February 26, 2021

Project migration between organizations is now a self-serve process in public preview. For more information, see Migrating projects.

February 09, 2021

Tags have released into public preview. Tags provide a way to conditionally allow or deny policies based on whether a resource has a specific tag. You can use tags and conditional enforcement of policies for fine-grained control across your resource hierarchy. For more information, see the Tags overview.

If you run one of the gcloud tool's add-iam-policy-binding commands, and the IAM policy contains conditional role bindings for that role, the gcloud tool prompts you to choose one of the condition expressions that exists in the policy. If you choose a condition expression that contains a comma, the command fails.

To work around this issue, use the --condition flag to specify a condition expression on the command line.

October 12, 2020

You can now customize who receives notifications from Google Cloud with Essential Contacts. This feature is available in preview. For more information, see Managing contacts for notifications.

September 24, 2020

The Organization policy constraints for Direct Path disablement have launched into beta.

August 26, 2020

The Organization policy constraint for Cloud NAT has launched into beta.

August 19, 2020

The Organization Policies for restricting Cloud Interconnect usage have launched into beta.

The Organization Policy for restricting protocol forwarding creation has launched into general availability.

The Organization policy for restricting Cloud Load Balancing creation has launched into general availability.

August 14, 2020

The Organization Policy for extending the maximum lifetime for OAuth 2.0 access tokens that you create for a service account has been launched into general availability.

July 20, 2020

The Organization Policy for enabling detailed Cloud Audit Logs has launched into general availability.

July 17, 2020

The Organization Policy for restricting protocol forwarding creation has launched into public beta.

July 01, 2020

The Organization Policy for restricting automatic IAM permission grants to new service accounts has launched into general availability.

June 15, 2020

The Organization Policy for restricting peer IP addresses through a Cloud VPN tunnel has been launched into general availability.

April 10, 2020

The Organization Policy Service resource locations constraint has launched for general availability. This constraint allows you to define the location where your resources are created, providing important data location compliance tools. For more information, see the Restricting Resource Locations.

January 30, 2020

VPC Service Controls (VPC SC) helps you to set up a secure perimeter to guard against data exfiltration. The VPC SC Organization Policies have been launched into public beta.

January 10, 2020

The IAM Domain Restriction Organization Policies have been launched into general availability.

September 12, 2019

The Organization Policies for service account management have been launched into general availability.

June 26, 2019

Resource location restriction constraint beta release

The Organization Policy Service resource locations constraint allows you to define the location where your resources are created. For more information, see the quickstart or the how-to guide.

October 11, 2018

Organization policy administrative UI beta release

The Organization Policy Service administrative UI allows you to create and manage organization policies in the Google Cloud Platform Console.

August 02, 2018

Organization setup wizard beta release

The organization setup wizard UI makes it easier for you to delegate setup and management of Organization resources to other users, assign fundamental IAM roles to users, and import existing projects and billing accounts to your organization.

July 12, 2018

Service account restriction organization policy constraint beta release

The service account restriction constraint can be used to limit the usage of Identity and Access Management service accounts.

July 09, 2018

Domain restriction organization policy constraint beta release

The domain restriction constraint can be used to restrict the set of identities that can be used in Identity and Access Management policies.

March 12, 2018

Audit Logging for ContactInfo Beta Release

Audit Logging support has been expanded to support the European Union General Data Protection Regulation (GDPR). The UpdateContactInfo and GetContactInfo operations have been added to the list of audited operations.

July 27, 2017

Organization Policy General Availability

The Organization Policy service gives you central, programmatic control over your Organization's Cloud resources. It provides a simple mechanism for you to restrict allowed configurations across your entire Cloud Resource hierarchy.

July 24, 2017

Folders General Availability

Cloud folders are nodes in the Cloud Platform Resource Hierarchy. A folder can contain projects, other folders, or a combination of both. You can use folders to group projects under an organization in a hierarchy. For example, you organization might contain multiple departments, each with its own set of Cloud Platform resources. Folders allows you to group these resources on a per-department basis. Folders are used to group resources that share common IAM policies.

January 01, 2017

Organization Resource Automatic Provisioning

With this launch we made the Organization resource automatically available to all Google Workspace and Cloud Identity customers. Google Workspace customers just need to create a project using their domain email account and the Organization resource will be automatically provisioned for them.