From 45ce5d36cf8c080c011be8b4afc7e38613d39ccc Mon Sep 17 00:00:00 2001
From: sidd <schaudhuri@deakin.edu.au>
Date: Wed, 14 Jan 2026 16:59:00 +1100
Subject: [PATCH 1/4] completed service

---
 .../database_type/.terraform.lock.hcl         |  21 ++++++++++
 .../app_engine_application/database_type/c.tf |   5 +++
 .../database_type/config.tf                   |  11 ++++++
 .../database_type/nc.tf                       |   5 +++
 .../database_type/plan.json                   | Bin 0 -> 13790 bytes
 .../split_health_checks/.terraform.lock.hcl   |  21 ++++++++++
 .../feature_settings/split_health_checks/c.tf |   8 ++++
 .../split_health_checks/config.tf             |  11 ++++++
 .../split_health_checks/nc.tf                 |   8 ++++
 .../split_health_checks/plan.json             | Bin 0 -> 16288 bytes
 .../iap/oauth2_client_id/.terraform.lock.hcl  |  21 ++++++++++
 .../iap/oauth2_client_id/c.tf                 |   9 +++++
 .../iap/oauth2_client_id/config.tf            |  11 ++++++
 .../iap/oauth2_client_id/nc.tf                |   9 +++++
 .../iap/oauth2_client_id/plan.json            | Bin 0 -> 19562 bytes
 .../oauth2_client_secret/.terraform.lock.hcl  |  21 ++++++++++
 .../iap/oauth2_client_secret/c.tf             |   9 +++++
 .../iap/oauth2_client_secret/config.tf        |  11 ++++++
 .../iap/oauth2_client_secret/nc.tf            |   9 +++++
 .../iap/oauth2_client_secret/plan.json        | Bin 0 -> 19766 bytes
 .../location_id/.terraform.lock.hcl           |  21 ++++++++++
 .../app_engine_application/location_id/c.tf   |   4 ++
 .../location_id/config.tf                     |  11 ++++++
 .../app_engine_application/location_id/nc.tf  |   4 ++
 .../location_id/plan.json                     | Bin 0 -> 12934 bytes
 .../project/.terraform.lock.hcl               |  21 ++++++++++
 .../app_engine_application/project/c.tf       |   4 ++
 .../app_engine_application/project/config.tf  |  11 ++++++
 .../app_engine_application/project/nc.tf      |   6 +++
 .../app_engine_application/project/plan.json  | Bin 0 -> 12982 bytes
 .../serving_status/.terraform.lock.hcl        |  21 ++++++++++
 .../serving_status/c.tf                       |   5 +++
 .../serving_status/config.tf                  |  11 ++++++
 .../serving_status/nc.tf                      |   5 +++
 .../serving_status/plan.json                  | Bin 0 -> 13786 bytes
 .../dispatch_rules_domain/.terraform.lock.hcl |  21 ++++++++++
 .../dispatch_rules/dispatch_rules_domain/c.tf |   8 ++++
 .../dispatch_rules_domain/config.tf           |  11 ++++++
 .../dispatch_rules_domain/nc.tf               |   8 ++++
 .../dispatch_rules_domain/plan.json           | Bin 0 -> 14986 bytes
 .../dispatch_rules_path/.terraform.lock.hcl   |  21 ++++++++++
 .../dispatch_rules/dispatch_rules_path/c.tf   |  14 +++++++
 .../dispatch_rules_path/config.tf             |  11 ++++++
 .../dispatch_rules/dispatch_rules_path/nc.tf  |   8 ++++
 .../dispatch_rules_path/plan.json             | Bin 0 -> 16742 bytes
 .../.terraform.lock.hcl                       |  21 ++++++++++
 .../dispatch_rules_service/c.tf               |  14 +++++++
 .../dispatch_rules_service/config.tf          |  11 ++++++
 .../dispatch_rules_service/nc.tf              |   8 ++++
 .../dispatch_rules_service/plan.json          | Bin 0 -> 16796 bytes
 .../domain_name/.terraform.lock.hcl           |  21 ++++++++++
 .../domain_name/c.tf                          |   8 ++++
 .../domain_name/config.tf                     |  11 ++++++
 .../domain_name/nc.tf                         |   8 ++++
 .../domain_name/plan.json                     | Bin 0 -> 15454 bytes
 .../override_strategy/.terraform.lock.hcl     |  21 ++++++++++
 .../override_strategy/c.tf                    |   9 +++++
 .../override_strategy/config.tf               |  11 ++++++
 .../override_strategy/nc.tf                   |   9 +++++
 .../override_strategy/plan.json               | Bin 0 -> 15946 bytes
 .../ssl_management_type/.terraform.lock.hcl   |  21 ++++++++++
 .../ssl_management_type/c.tf                  |   8 ++++
 .../ssl_management_type/config.tf             |  11 ++++++
 .../ssl_management_type/nc.tf                 |   8 ++++
 .../ssl_management_type/plan.json             | Bin 0 -> 15388 bytes
 .../action/.terraform.lock.hcl                |  21 ++++++++++
 .../app_engine_firewall_rule/action/c.tf      |   6 +++
 .../app_engine_firewall_rule/action/config.tf |  11 ++++++
 .../app_engine_firewall_rule/action/nc.tf     |   6 +++
 .../app_engine_firewall_rule/action/plan.json | Bin 0 -> 5238 bytes
 .../priority/.terraform.lock.hcl              |  21 ++++++++++
 .../app_engine_firewall_rule/priority/c.tf    |   6 +++
 .../priority/config.tf                        |  11 ++++++
 .../app_engine_firewall_rule/priority/nc.tf   |   6 +++
 .../priority/plan.json                        | Bin 0 -> 11458 bytes
 .../source_range/.terraform.lock.hcl          |  21 ++++++++++
 .../source_range/c.tf                         |   6 +++
 .../source_range/config.tf                    |  11 ++++++
 .../source_range/nc.tf                        |   6 +++
 .../source_range/plan.json                    | Bin 0 -> 11416 bytes
 .../target_utilization/.terraform.lock.hcl    |  21 ++++++++++
 .../cpu_utilization/target_utilization/c.tf   |  37 ++++++++++++++++++
 .../target_utilization/config.tf              |  11 ++++++
 .../cpu_utilization/target_utilization/nc.tf  |  37 ++++++++++++++++++
 .../target_utilization/plan.json              | Bin 0 -> 71522 bytes
 .../zip/source_url/.terraform.lock.hcl        |  21 ++++++++++
 .../deployment/zip/source_url/c.tf            |  37 ++++++++++++++++++
 .../deployment/zip/source_url/config.tf       |  11 ++++++
 .../deployment/zip/source_url/nc.tf           |  37 ++++++++++++++++++
 .../deployment/zip/source_url/plan.json       | Bin 0 -> 23948 bytes
 .../entrypoint/shell/.terraform.lock.hcl      |  21 ++++++++++
 .../entrypoint/shell/c.tf                     |  32 +++++++++++++++
 .../entrypoint/shell/config.tf                |  11 ++++++
 .../entrypoint/shell/nc.tf                    |  32 +++++++++++++++
 .../entrypoint/shell/plan.json                | Bin 0 -> 66276 bytes
 .../liveness_check/path/.terraform.lock.hcl   |  21 ++++++++++
 .../liveness_check/path/c.tf                  |  32 +++++++++++++++
 .../liveness_check/path/config.tf             |  11 ++++++
 .../liveness_check/path/nc.tf                 |  30 ++++++++++++++
 .../liveness_check/path/plan.json             | Bin 0 -> 60762 bytes
 .../timeout/.terraform.lock.hcl               |  21 ++++++++++
 .../liveness_check/timeout/c.tf               |  33 ++++++++++++++++
 .../liveness_check/timeout/config.tf          |  11 ++++++
 .../liveness_check/timeout/nc.tf              |  33 ++++++++++++++++
 .../liveness_check/timeout/plan.json          | Bin 0 -> 66820 bytes
 .../readiness_check/path/.terraform.lock.hcl  |  21 ++++++++++
 .../readiness_check/path/c.tf                 |  32 +++++++++++++++
 .../readiness_check/path/config.tf            |  11 ++++++
 .../readiness_check/path/nc.tf                |  32 +++++++++++++++
 .../readiness_check/path/plan.json            | Bin 0 -> 66318 bytes
 .../timeout/.terraform.lock.hcl               |  21 ++++++++++
 .../readiness_check/timeout/c.tf              |  34 ++++++++++++++++
 .../readiness_check/timeout/config.tf         |  11 ++++++
 .../readiness_check/timeout/nc.tf             |  34 ++++++++++++++++
 .../readiness_check/timeout/plan.json         | Bin 0 -> 67544 bytes
 .../runtime/.terraform.lock.hcl               |  21 ++++++++++
 .../runtime/c.tf                              |  15 +++++++
 .../runtime/config.tf                         |  11 ++++++
 .../runtime/nc.tf                             |  15 +++++++
 .../runtime/plan.json                         | Bin 0 -> 52538 bytes
 .../service/.terraform.lock.hcl               |  21 ++++++++++
 .../service/c.tf                              |  32 +++++++++++++++
 .../service/config.tf                         |  11 ++++++
 .../service/nc.tf                             |  32 +++++++++++++++
 .../service/plan.json                         | Bin 0 -> 66300 bytes
 .../.terraform.lock.hcl                       |  21 ++++++++++
 .../ingress_traffic_allowed/c.tf              |   7 ++++
 .../ingress_traffic_allowed/config.tf         |  11 ++++++
 .../ingress_traffic_allowed/nc.tf             |   7 ++++
 .../ingress_traffic_allowed/plan.json         | Bin 0 -> 14180 bytes
 .../service/.terraform.lock.hcl               |  21 ++++++++++
 .../service/c.tf                              |   7 ++++
 .../service/config.tf                         |  11 ++++++
 .../service/nc.tf                             |   7 ++++
 .../service/plan.json                         | Bin 0 -> 14330 bytes
 .../migrate_traffic/.terraform.lock.hcl       |  21 ++++++++++
 .../migrate_traffic/c.tf                      |   9 +++++
 .../migrate_traffic/config.tf                 |  11 ++++++
 .../migrate_traffic/nc.tf                     |   9 +++++
 .../migrate_traffic/plan.json                 | Bin 0 -> 17728 bytes
 .../service/.terraform.lock.hcl               |  21 ++++++++++
 .../service/c.tf                              |  11 ++++++
 .../service/config.tf                         |  11 ++++++
 .../service/nc.tf                             |  10 +++++
 .../service/plan.json                         | Bin 0 -> 16880 bytes
 .../split/allocations/.terraform.lock.hcl     |  21 ++++++++++
 .../split/allocations/c.tf                    |  11 ++++++
 .../split/allocations/config.tf               |  11 ++++++
 .../split/allocations/nc.tf                   |  11 ++++++
 .../split/allocations/plan.json               | Bin 0 -> 17086 bytes
 .../split/shard_by/.terraform.lock.hcl        |  21 ++++++++++
 .../split/shard_by/c.tf                       |  11 ++++++
 .../split/shard_by/config.tf                  |  11 ++++++
 .../split/shard_by/nc.tf                      |  11 ++++++
 .../split/shard_by/plan.json                  | Bin 0 -> 17134 bytes
 .../zip/source_url/.terraform.lock.hcl        |  21 ++++++++++
 .../deployment/zip/source_url/c.tf            |  16 ++++++++
 .../deployment/zip/source_url/config.tf       |  11 ++++++
 .../deployment/zip/source_url/nc.tf           |  16 ++++++++
 .../deployment/zip/source_url/plan.json       | Bin 0 -> 32706 bytes
 .../entrypoint/shell/.terraform.lock.hcl      |  21 ++++++++++
 .../entrypoint/shell/c.tf                     |  16 ++++++++
 .../entrypoint/shell/config.tf                |  11 ++++++
 .../entrypoint/shell/nc.tf                    |  16 ++++++++
 .../entrypoint/shell/plan.json                | Bin 0 -> 32778 bytes
 .../instance_class/.terraform.lock.hcl        |  21 ++++++++++
 .../instance_class/c.tf                       |  14 +++++++
 .../instance_class/config.tf                  |  11 ++++++
 .../instance_class/nc.tf                      |  14 +++++++
 .../instance_class/plan.json                  | Bin 0 -> 33486 bytes
 .../runtime/.terraform.lock.hcl               |  21 ++++++++++
 .../runtime/c.tf                              |  16 ++++++++
 .../runtime/config.tf                         |  11 ++++++
 .../runtime/nc.tf                             |  16 ++++++++
 .../runtime/plan.json                         | Bin 0 -> 32778 bytes
 .../service/.terraform.lock.hcl               |  21 ++++++++++
 .../service/c.tf                              |  36 +++++++++++++++++
 .../service/config.tf                         |  11 ++++++
 .../service/nc.tf                             |  18 +++++++++
 .../service/plan.json                         | Bin 0 -> 64470 bytes
 .../database_type/policy.rego                 |  22 +++++++++++
 .../split_health_checks/policy.rego           |  22 +++++++++++
 .../iap/oauth2_client_id/policy.rego          |  22 +++++++++++
 .../iap/oauth2_client_secret/policy.rego      |  22 +++++++++++
 .../location_id/policy.rego                   |  20 ++++++++++
 .../project/policy.rego                       |  22 +++++++++++
 .../serving_status/policy.rego                |  22 +++++++++++
 .../app_engine_application/vars.rego          |   8 ++++
 .../dispatch_rules_domain/policy.rego         |  22 +++++++++++
 .../dispatch_rules_path/policy.rego           |  22 +++++++++++
 .../dispatch_rules_service/policy.rego        |  22 +++++++++++
 .../vars.rego                                 |   8 ++++
 .../domain_name/policy.rego                   |  22 +++++++++++
 .../override_strategy/policy.rego             |  22 +++++++++++
 .../ssl_management_type/policy.rego           |  22 +++++++++++
 .../app_engine_domain_mapping/vars.rego       |   8 ++++
 .../action/policy.rego                        |  22 +++++++++++
 .../priority/policy.rego                      |  22 +++++++++++
 .../source_range/policy.rego                  |  22 +++++++++++
 .../app_engine_firewall_rule/vars.rego        |   8 ++++
 .../target_utilization/policy.rego            |  22 +++++++++++
 .../deployment/zip/source_url/policy.rego     |  22 +++++++++++
 .../entrypoint/shell/policy.rego              |  22 +++++++++++
 .../liveness_check/path/policy.rego           |  22 +++++++++++
 .../liveness_check/timeout/policy.rego        |  22 +++++++++++
 .../readiness_check/path/policy.rego          |  22 +++++++++++
 .../readiness_check/timeout/policy.rego       |  22 +++++++++++
 .../runtime/policy.rego                       |  22 +++++++++++
 .../service/policy.rego                       |  22 +++++++++++
 .../app_engine_flexible_app_version/vars.rego |   8 ++++
 .../ingress_traffic_allowed/policy.rego       |  22 +++++++++++
 .../service/policy.rego                       |  22 +++++++++++
 .../vars.rego                                 |   8 ++++
 .../migrate_traffic/policy.rego               |  22 +++++++++++
 .../service/policy.rego                       |  22 +++++++++++
 .../split/allocations/policy.rego             |  22 +++++++++++
 .../split/shard_by/policy.rego                |  22 +++++++++++
 .../vars.rego                                 |   8 ++++
 .../deployment/zip/source_url/policy.rego     |  22 +++++++++++
 .../entrypoint/shell/policy.rego              |  22 +++++++++++
 .../instance_class/policy.rego                |  36 +++++++++++++++++
 .../runtime/policy.rego                       |  22 +++++++++++
 .../service/policy.rego                       |  22 +++++++++++
 .../app_engine_standard_app_version/vars.rego |   8 ++++
 224 files changed, 3111 insertions(+)
 create mode 100644 inputs/gcp/app_engine/app_engine_application/database_type/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application/database_type/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/database_type/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/database_type/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/database_type/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_application/location_id/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application/location_id/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/location_id/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/location_id/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/location_id/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_application/project/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application/project/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/project/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/project/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/project/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_application/serving_status/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application/serving_status/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/serving_status/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/serving_status/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/serving_status/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/action/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/action/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/action/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/action/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/action/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/priority/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/priority/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/priority/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/priority/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/priority/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/source_range/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/source_range/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/source_range/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/source_range/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_firewall_rule/source_range/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/service/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/service/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/service/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/service/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/service/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_service_network_settings/service/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_service_network_settings/service/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_network_settings/service/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_network_settings/service/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_network_settings/service/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/service/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/service/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/service/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/service/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/service/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/runtime/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/runtime/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/runtime/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/runtime/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/runtime/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/service/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/service/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/service/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/service/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_standard_app_version/service/plan.json
 create mode 100644 policies/gcp/app_engine/app_engine_application/database_type/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application/iap/oauth2_client_id/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application/location_id/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application/project/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application/serving_status/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application/vars.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_application_url_dispatch_rules/vars.rego
 create mode 100644 policies/gcp/app_engine/app_engine_domain_mapping/domain_name/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_domain_mapping/override_strategy/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_domain_mapping/vars.rego
 create mode 100644 policies/gcp/app_engine/app_engine_firewall_rule/action/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_firewall_rule/priority/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_firewall_rule/source_range/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_firewall_rule/vars.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/runtime/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/service/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/vars.rego
 create mode 100644 policies/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_service_network_settings/service/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_service_network_settings/vars.rego
 create mode 100644 policies/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_service_split_traffic/service/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_service_split_traffic/split/allocations/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_service_split_traffic/vars.rego
 create mode 100644 policies/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_standard_app_version/instance_class/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_standard_app_version/runtime/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_standard_app_version/service/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_standard_app_version/vars.rego

diff --git a/inputs/gcp/app_engine/app_engine_application/database_type/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application/database_type/.terraform.lock.hcl
new file mode 100644
index 000000000..83b50a830
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/database_type/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.14.0"
+  hashes = [
+    "h1:Rq4R8clqn9QByUbg3ZUc0bnvUalIphJTxOanUeD7y9Q=",
+    "zh:0dc10c3bbb58a532eb2e1f146af2bbb0748c2d4229d4c3809aeb0e3659159f26",
+    "zh:1d03027fad0ba6c9adca7ec69f29672084e589c5a5cfe5e81ffac572eeff7ebf",
+    "zh:50595efb23deec9fbac47441ba53ad20e9bc9218458475d68d668c3270ab6f58",
+    "zh:5a63cead67c76efeef8f821c064653fd4fc00cfc83ea6b1cd96d648346a818b2",
+    "zh:62057d22a94072123e6b63cd256e6cce88565b63363edbe508a44412b4707e9f",
+    "zh:661e90a6433bcf65f18d7064bbaa37ec6eec74e9f93c36a2ba9d11df90c0da55",
+    "zh:a4d11fa451ac562c4eea8b82aea6722dcfa0259f67b0cc94b05ed82cd9abc995",
+    "zh:dd82e44e83c13a34fa04f1c38024bf1d9a6a5496a165be16da3111db553fb3d7",
+    "zh:e88edd18f4102e24191384f4dddb56e8ed9235cd4feeea202f8da0fe001ec3ff",
+    "zh:ec7bf788161013bb0cf6a9394f9c5ddd8dc4d24f233a12a23b1be632d979d443",
+    "zh:f2d88ef4c8c88b9723cd9cef14d37c6461b36c3475a394e69e0c0156157b678a",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application/database_type/c.tf b/inputs/gcp/app_engine/app_engine_application/database_type/c.tf
new file mode 100644
index 000000000..4981324c3
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/database_type/c.tf
@@ -0,0 +1,5 @@
+resource "google_app_engine_application" "c" {
+  project = "gcp-test-project"
+  location_id   = "us-central"
+  database_type = "CLOUD_FIRESTORE"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/database_type/config.tf b/inputs/gcp/app_engine/app_engine_application/database_type/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/database_type/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/database_type/nc.tf b/inputs/gcp/app_engine/app_engine_application/database_type/nc.tf
new file mode 100644
index 000000000..2764d470c
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/database_type/nc.tf
@@ -0,0 +1,5 @@
+resource "google_app_engine_application" "nc" {
+  project = "gcp-test-project"
+  location_id   = "us-central"
+  database_type = "CLOUD_DATASTORE_COMPATIBILITY"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/database_type/plan.json b/inputs/gcp/app_engine/app_engine_application/database_type/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..6c87811cbc17ccac8f19f2fb1b5770904cdf4727
GIT binary patch
literal 13790
zcmeHO+in{-5S`}&{fC0jjbo<?3gj)976_0aMVmadfw535%T^;x!b)x%6#n(3=a3pK
zNv~EUwYJk>Ay_n5<Zw9m8FD{=`d7Y{Z{)kp$H+t$Qp<&mWG$8aC8y}EWQwPAG4dGW
zj2y{<JV5(>G<R)B*O;qNx*#0M4}kNi1<q1tfHBACRK^yI5uRM4x7y$kV%=b01J8xU
z`~vM5b7q+3@NS>u&n5f?=G1cHt@SS0rH+r=Zs_r7gZ+*1sqH$tD<fwX|1*nqg)vKf
zDvX)qm#L+PKAoX|f)VQtZw}ClITEiL_YL?=Dk+87C*4O_jg-%ax0a8<xPe!`pZv9n
z_l3812|bqJ$O2M7wN$A=`xq)YMqaEy`5L=DKuaC*rT)P3<i4B(qZPi%DQeYH?gt#s
z-{T69&aoc()UI2Hkyge$kNXC@P1CM;X52TR8Rc;#@A0<+mKA!TJUo+^@><@?bNu$R
zypUhzC;3g@;2HnRrH5i*pf8I+8!F2|wO5zG<{o~h9+7L@Z~0nIM*ak}6F}27&d^(8
z6-onT;~sjHrDj}cEfx1&tpTj5m1|n2HDJ3H=hn8(l5CT%ag{9_<l-D_PAwMn29&zK
z<YfYQlo(oELgs2~yAti4?)04;XX35<HNcxT)KP37IK*%U499@D0z_g>O|0<T_c2_<
z_os@<w)QG%bSmHO-UrP=m0ZpGy1h^tMFu~_NHb5KRmXDu&~teL5A?+ILzO&(M|vf{
z*k4}AQ+TSE_<JM2XG?d3)!?I)7F}(sty37rdX2$H8S6#w(nodqy>_n{dcT<S#zqBx
zMpjv$%M6A2NfRHmt=w%p?k4}**V8c;4CCpW%dgC}%xAY}H=CIEOUa*1ATKTo?3Rnh
zs*EsKbL(zN(>Za=)fv|^R%AxpCZ+M5)JWGL$2#3qSv1?$j36z~pax7VX7wgMPNR%s
zoa<%x&-QL3%Toz%vNl)o>N~sZBdd$;rE(^2eNI>K5_9>0zlHpb?;M>_xP<5GQmm3V
z2+XQkpG%WH9};s~=22r{#Ht3XT>HUft%WtM3OaHL9sGd*HBT?alkg_Mj=3J|qBjTm
z9N4pd5Z0Ya@lMOIOQBOMSR?C?cYeNJiq-y7*$?em&8TfHk?{(v8?247+M)iWbcZWI
zV5GN%thhSx$31l>wZ5Skr}(mT`{esFR|N{=d1nu(e>3bn)yjl+?|LPx%=V>eRDP{#
z-&$4w@qZYdtIgK7{nu?g?~X0VslHD`QtB@M?|3|IhhJ7DX^6;Gf3CN_y(+U!dFL-T
zTlX5G^^n8cEMqu|r|V5#Hbm=XS;Y{o$5KVP8lv^<RM97{iabQ?%}pSsOx%W*ry*Kr
zeW)bbPtCYePn6r^aphk7ui?|<sCvU#jkmrgsL7lmYvsKOt%!ETCt5@EtH3^_uDObD
zcoQmRMl&<a-eX8<6)N6?W37i-b_}oI8$ex|bjTmw;kHPE=Ox4Kx7`*@>9}w9r*O2r
z&C?lOQ`?f$8l9`{F1@X6B~>d;WqQ@Dbt?bZ(;}YZ>HSizi*;8E6h_?cK9MMctLvye
zbag!5B=he=IU8kgbD;Z%TbI7;N^!eQ<KuC0zdHxJ4QjOCyt`c*#P{&ZZ<Z*1(<EW{
znNb-Xa%Sa94&&h6H%wD7NL@Kk3h$~?sGQgK>-HTfl|`k5wuARjO0>6WHpBNGx%Ige
zt&DL?)zWz0;8|Ev89Yl)wB4U)>5}y0)_XQ#CKXG4a~s3Ob{F8R#&Zwk5bruY!hQZD
zwEX@N_dpNv{TNRl;`<@qWBLQ*!_1PNink<YxUt1IBAWM*^b9o~&m5U6bELa5#7Je^
VX!p(u-zsr$>TqmxLP`o<$$t}5DE<Hd

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/c.tf b/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/c.tf
new file mode 100644
index 000000000..4e8698f79
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/c.tf
@@ -0,0 +1,8 @@
+resource "google_app_engine_application" "c" {
+  project     = "gcp-project-12345"
+  location_id = "australia-southeast1"
+
+  feature_settings {
+    split_health_checks = true
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/config.tf b/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/nc.tf b/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/nc.tf
new file mode 100644
index 000000000..082ede499
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/nc.tf
@@ -0,0 +1,8 @@
+resource "google_app_engine_application" "nc" {
+  project     = "gcp-project-12345"
+  location_id = "australia-southeast1"
+
+  feature_settings {
+    split_health_checks = false
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/plan.json b/inputs/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..ee7e949c3d13b2008bdc48a720a570d72aac5be3
GIT binary patch
literal 16288
zcmeHO+in{-5S`}&{fA(m8^?}&0rDMvs$nctOO}<$lCV;e27!OQ?Kz|-yPWK<Nb2HP
zSS)Oc5;-L2#+gIzfB$}!pXDccwS5Y?m!(wlC?nZODW7D5+FEA#b|HnlL%Tw*<U-z}
z{KfR$xYiZ=DwRG8S8@$HzqQa=$s9BmcqTG-vl!u<kEpG;a|mZ$&%VMumu}{dD97kC
zM=w9`_CC$Nq`yR;O70qC-2|)D_O|S&Zd(^v-xyEj#?e(3GIjHxx>=WKv%*uN%>uv7
z96$8iIqG+4vDwPz0yQfUJF2Z0kTbcY9Ace(A7M0dKAql1zF@{Rz5Mm0kIi{MHpb53
z#|jczLhEOaD;0QesZwH;#TuNiu-Xfhw2`LPUpSe(kq69ZjsKJst!gE20tu(DaScij
z7>{ylx2;QKl~(4qUSPFx)@6IzI(^3kv^LIyCYawE^$i|s?i4j|hjI2~scSvW&a{^;
z3(SUIW`^07j-%wk2A|3;hwtRWw;5B?^gc~bX({fiKV|j4O_Zk2qQGjFSV`?4O01O@
z?LGJi>+u@Qb<fc5HR|+z<N>9~U$2rqKs~;<r1zk82TD5b6txw`3V(f#k=|lA__bv>
zP>Q?C0;9~F{rgp@wk@!xIi3{RJtcCT+C(4CeUh`_u1V{BS$1`54W-ttzWIcFP3L|+
z2fxSQJgu5KPcK<ItF8C{8@Wx?f*75N)s-~Ab&U960j{L)IOiN8<Z)z(5x9q>>9cz8
z^NkVioww&c5aTtJAGSQT4<4cfADIkMg4M+K`d2x%hMr55(B~D}<C2imHqIyz-Gq3B
z&s><lGke$gw>{hH_uj{dK6b|*`=Sxd08WKI6yM<jG3)!WB8S37$*M2j5BBSY`UL6+
zvpSCo_G_B<u_Z^R1~XbGUesqF+BY^wDCBR@^cbXKQR?AC%u*@ak}JG-Gpn{4N*rgD
z&T-?Mw7KY<v^*X55qdBkzpIRuuJ(T}jH58<#qqF>Ltq+q-%#$^vZ?VUFp~xFuLTgH
z&-kC>8<Z~TdGxx*ofJolv%w}Mk4rJfUpnlQh@ziWE=?k`M7~S-ijVL`AMjams$805
z=gmf-Nc@bn!yPG~F1;BsJ7ScFopDI{0bC*S7oy&|^FAgXoEnLydlzDrJOMbI&NXA%
zT%PW4O^1;!^}BK>C5$(T^>3W^6Ib5PGS{F$JZ}YE^ru{3_M{k#5UNaKVv%^i+Kff~
znMjBfdv4YEL7aCC{q^_wbDqzB*%sThFQUD1oUHemSUrhFlKbPI_Fud7sz2tVHXQmq
zIR+hl**RO>3WuysErfSJhOF(C+(c!oHP`&7ehap(Z9Oe(t9O%_z08i)?wM>Wt*86h
z=Ruu^yiFz6R}OjGkhi_;C~(Nzy6xNFR2lNN`o?P)uR;uY$lG>vOgWhz51dEd){L|)
z4;VM|2K7D8Os2r`cw1D@Px>--jaiyEQk#_e`l>v_Tg5Rw>YgE1WGThv*E|dHckqsV
zo3<$dU4xeGF>P12&C}K4CV9Ng?~4Pdl(anMS+0($WzN~I_SJHi-IngWL2=DIyQ;^U
z$Up8(il_eiu7;wpd0FRi&o6c6d2`d=TBc>jhZ(aT+k0b=elOhVOnvXy``Q##S?P9_
z?Ov>_wf#P?x82Ju)vkK~`Rsmj(EYTJ@62RlZ@KsF99`?{+B>@1>-Xv#!n^UO;782u
z`#esh^h)I$?R)oIFEKNS9XU-F&xO6KK52R0dvFX^ubj|QEv+kh9(G}JDoxv!x3>Jz
zcj5gIal6{Qom8ph^&a+N<zHCFdiAgu&$7a|&{8sEOH1o<amla`_wClVt*2|D%~+Y&
zH|2ap_z2m0c@}uH@DhK&<E_I>yl2RF4X@=-eEtLPLh`qFs9(!pXdmJkdJ;0ntzzEk
ns^28jh~BnmF2Ir5(%)+3n=)Ok{aeF)FWA3p&9<SJdXoPEqaF66

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/c.tf b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/c.tf
new file mode 100644
index 000000000..70c2413cc
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/c.tf
@@ -0,0 +1,9 @@
+resource "google_app_engine_application" "c" {
+  project     = "my-project"
+  location_id = "us-central"
+
+  iap {
+    oauth2_client_id     = "12345.apps.googleusercontent.com"
+    oauth2_client_secret = "secret-value"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/config.tf b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/nc.tf b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/nc.tf
new file mode 100644
index 000000000..c9ae2fa2c
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/nc.tf
@@ -0,0 +1,9 @@
+resource "google_app_engine_application" "nc" {
+  project     = "my-project"
+  location_id = "us-central"
+
+  iap {
+    oauth2_client_id     = "incorrect-client-id.apps.googleusercontent.com"
+    oauth2_client_secret = "secret-value"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/plan.json b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_id/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..fa0a3a99903b12d9a8a65947b0a9c2abd0399952
GIT binary patch
literal 19562
zcmeHP+m72d5an}${zIVWuCsBHedu@esX<`4_IlTeZ?L^>gJOTZ?Kz|eB58>tY59_X
zFxFgI;&3>3&XD@=-+$E4>L>N)@Tt^Ht<_d7)mZJ-Nd2iEakW!({JK(=`W4Sr>YW;>
zA=+QOzI*-j7JUUu2*Nw{9&kQ3z}ct;V65<YR8x(`7{9#WYInfF#k$6R3q02v^Cj9T
z`Yh1P;N9HE?o0S<^x3M3HP$C*mh!ychN1gUSD4=vpRFE8W>u*tjsKIzdW2^-_>Az(
z3U}t39`fq~*AqOkKk#ONE1x6&sQz^YK9fp9AzqX2V~j@1r^DN;Z@{>Qmp`BMv5EK6
z8asy`8*pR|sh?}AY(aY;Dmg}8>_GV~W;;Mj9kHc;pn39EJp-d1zR4+S)keK_IGjGm
z9UwhpJo2eox9&Zy^m*=ISD0;_cKJR1>k9Lv#2Rgj(;6R!T&HQ1^zz#Zlp_EB(E3Dq
zru~}f`R;JfwO@Yk*y{?s9m8tu!I>erGQntbJu)pQC8@TXL)g3zuz3SbsSTuK;7G&^
zexWo`URGMN_)XnjgXgL8(l&!I#>8L(93C;UU~d0*XGu&IWgFY@c+KklIg@V{__D^#
zYMbeDhqS-LeaZ}Vn_7`e@d|oCOY%k2vZmt_7US;dUY;CQz;doF9(~px*c)!GwAWiC
z(e^cwrj?e{6~5;h3&shwM}1k68Q_sm^u>fs`P=J}=m}+}pH#jq+@7rpSrJ?R43{aP
zjEM4N$JfYsi$Gq`uMJ_v9u5*GxY&`TKSI~_rELKvYXQlcLV|bDNJ<-h>qyhJjv6Ur
zDf5b(N36c3`N4BUl`Bvs)e8RDab+GwN@U5{D@~roW|YXXE3)L;(5x}&FDI~NjAZIK
z^iId2CF-O^#aU>PJ!$hJjS_VV4gEIO3rfEdbqXbNEot4~{1+ehm8i3(UA`^2cGMY)
zWSiq$*IN1-Tj}+goi%0tgX;sX)9QR}b2ca(4V)vI?T%$nja|7azf=yi0+my9o|2ik
zl^kc~$cwQuVYv`Jq<k>aF|~<0ClHcx=_@TqXT-$SAG6jmePgx1Lf-N5PzjNYxa4Ny
zR_&bOOk=h^thD1OQ_t@7EJxaiGP1Pi&A^7e*DYmU!<ZgtcTA)sS=iGvuC5gq?zFYB
z5-$BOky#bHb&iZ`ADL9&GYW0|*4F6}GI%TX6@P2>7rs-hpTH$NQzfkBUGi~pR>p>8
zsu;|QvEDF-Z56C?VRBW<3gZaY@CDZPEB=>!crMJTw%4rdu)apvuFuVfOMA^)&H@no
z#n^@X463k#==$$myyLRvxzL}qkL*(>uJ4s%bM1X+yU%ThPqzX6NF=p#tLx}o2at+;
zt+TALowAaoU)<@u{RSFj_CS0)5n}9`O!OxvMvV6cc8qB1Ty9m(P%E`&?Rpt<qX}wS
zY{$Jp=c&r|k>5?5i}*ZgQ{yv{g)|Q<qe&Y->i1@cVs$FEx)!#Z&3D^$Ff1w5oW6Hv
z#Z-*G@4Q3Y3~#FjRx%G_hmKp@f8?!7t{>x_bMIH!a@SE9J=^V8=EAcmS&3u4@P8>;
z37;b7n)ah)B}!JJdk<e;B+Z@j%#N0<L?3(bn&anY&3==-=aN29_CV)yyJRKW_9qHO
zOICtw&OY}Fm#jq7t}{C-ELn+=)-_vI_gBBt#x*HVe#~GqpHPS3DFmr-ht^>dhuT$r
z8&asR*m?K#Sxk?*r)!^mNO4&*<`-Fc;jU~S9yPnaQ&%}$Yn}u5zmyY)_4!eeh_?3B
zESC@WlDln=$M&VPdw0<>jN_b`t+yjxFO>>Mo?gkA+>7zIK6}J{S#qXV>M`N0sKD^s
zK76FW%)>x>OB>E<)RAaEqt&Atu9-R)&yU%sp^Po%x#?5S|Aj1<;L_E$<;A=D`S-(=
zw&R2pU*eC_b}gPVOmQ2F(|6JMxVXODzuR@4*V~U6x<--v;XOL1X+s<@n$K6}NOZ0Q
zOO)j9A-creo6mjb%{`@8Dy3Lo?>=E3gF)=bY1F?~bxyQM+8;ZPiK*rZC8QPIYFmMn
zNJc0X+lKw?bt9ScR<&a6OBWSm?N1k+Fc<9jqC`1Ov@B5$-y)GC(YX>VmbgSYP4dX!
z`iycyoc-L$cUL2PF4ud}&B|tp6}zk-hw2_H$OoM5y~kSe4u9{}Z}|TK@3r}eJN*8j
ze#i4}wo0n83!F@nx8WF=Qa$jW=W3QC^F0XWWDHMlw>@p%f5bN&nYTu{Z`mP*Ue*7z
CPhA55

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/c.tf b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/c.tf
new file mode 100644
index 000000000..0f04c2318
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/c.tf
@@ -0,0 +1,9 @@
+resource "google_app_engine_application" "c" {
+  project     = "gcp-project-12345"
+  location_id = "australia-southeast1"
+
+  iap {
+    oauth2_client_id     = "12345.apps.googleusercontent.com"
+    oauth2_client_secret = "GOCSPX-abc123def456_actual_secret"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/config.tf b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/nc.tf b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/nc.tf
new file mode 100644
index 000000000..9932ccdc2
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/nc.tf
@@ -0,0 +1,9 @@
+resource "google_app_engine_application" "nc" {
+  project     = "gcp-project-12345"
+  location_id = "australia-southeast1"
+
+  iap {
+    oauth2_client_id     = "12345.apps.googleusercontent.com"
+    oauth2_client_secret = "12345"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/plan.json b/inputs/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..710cf4d6b44898390a20161085356ec54f9fa28c
GIT binary patch
literal 19766
zcmeHPTW=ya6!vqa{)g2(H*CVTS!rMU(8pG4AF4(Xq7V|g1Q3w6t15rJ?f2Ond29w_
zdxp!dER>jG#>eOG<8$o!@85sa*Xk?vX8WnsL@m@xJ*%PGsDb)ZJ>Y7srucQPD)j-+
zRq96dR3Gg(Uf+#=dWF6MB?RF{y#t)@8sIF|3^3;SJgBk8Vu)W}aJAmz;9_mDUjfgB
z#{3!W7=32wW$<q9Q}0Xo3-np3QEjX{he~<gZ^O|2rz_Am#%HC+5vnTnsPTW)SP$^b
z5}yH{nd8n>^Fw}};d+E8He1>BaOF$HAJxCEAZKz(IK*r6eTdP>`E+<2^$8eTc=`0C
zk4?OvYh&l|V+n~Yp!HMDl@)mJL#4zhi#0gE0<}G~w2`{j_q0sjswZHy#(zqRR<%@b
z9SNt?xCW#rj7K>&+t#&bmA=gV>k8DyS(o3_zpg+hHP%>LoYnX+<T}loq?g}T;1uQe
zyS69lGyT^@)4Rq!*MIrFW3Ma7b_lPrfn@rS$_S%P^~m&~)FkUS`|x?+!sqogr<Tx;
zo}&>j_=Va;eVJ>`;(yxq0y0n4mwgn3F(w8h;P8Nv1@j-&kLr8%v-(N>s;)FgN0<dj
z4ZX)i({u}Jhv>NhFQ`!iO^bz8pJ(=Aw(s}XC?D+izR#3!1?(4~#Clg(j+C~sf6_^<
zzrr<V4(h-Iu6g$+TV55ch<@k~EeR`yN8q%?Snl1ctt6;dxf)Ud->LSVh6<UH=AdbY
zPm1hb6S-b#J(=VGRAa%IgTAdRuQbsTp;l6-jaF{-NSsxL(mR!}Etlu_LLO<?zB!XI
zx;lkFtdCAvaE|Olb8ol4MsP{dIN$D1?JcNT^mk)u@EX=hzrlHWp!sSeQ0iC;U2$~8
z+FRP3dW;Bl4z8qns4qK4&ErUkQW?jk>9hEV5~Y5*QL2eZO&pZsXGJ%pjq|(mw6yv0
zLy0!cI-^9JqD%YROY~nQ+O!$e{gQL<<a>*AN1Gwf+8p1y{?w0GE4?nOXI_~@;ktn9
zGn?~m&M1YWfMZ0lhhx~bF)LT&r^=&NI~mRx`YtO1tsH$Zb4ge)#1^R^%vhQFhRp?p
zbX@vM%h8!x;Hr<A@0h-^)?Xoa$^06#$C6c-Su$?5P6{U)v(<Km9mg3<UHj}t+K4i;
zw8zcjhI65pl)VjOTF<MTJ8SFudy(V5Hr5uT|GBcWr_0KAk&X3dS>c}F*8Rf(S-`pa
zh`)vU3;$C*slX*XQ?<0VBRRb|k5z|cGV08%vHmfHpBAigVX~6Kn#BN~^#z{$Bfd+9
zJs0L!`+nA$nE5AccmB?YOW)6G!we9+#n^@X1g@}V;Z{3y@s7*5=R#){gq7LubmIIo
zT<i*}>x}uaJ#~8@(2YjYDp$I$&ou?PxY0JtI-c=zx!Sk}1m^yiupqN1<5NqBvFkg*
zI40hVpAG8qrm2;=l{v$$)Ec@w%TO9kP}AZ>?o~2Tch{A@E^;hsw8)$%ZECD1x{x-*
z%4pKYkNUa!p;()Wt<Z)2X7k;BHW=0vT29wH#bT;XpLY%;j>3|~5X<MT&XUEj+-Uk1
zw$r8__1{Vs!*C;hj*%=z+p1o(H?GU3{=H-)>fGS>l8rE2kUgGVt~^UNg8F6lklH*)
z$wsu>McsC$D%l9%2bycYR+hKwGW%UiHsWy2+^v3<Yy@|`-9^<Gef>R^M`)8v^Kp)k
z6iYTDlml#zf8AgGsF$ljo<NzP;_`_415Y<emE6d<S)-&zRzE>ihZO27@^??c#q_W}
z-E6TBDK0z4yrMbvaO~4xIZ|t;fqQ7m$;ZPpiq({I@=<uf_K@8Ube&Wx8+mpm<1rKR
zw?4zfy<Kv)Sn4p%entB3YrDwU3+y}$q_?!;*~`|&x*5%mYP_wfZ}IG4{Unv~r98jg
z_8el!a|teo+I{)(L;d{wVNUPvi#Z3!&wYMUc;?Rf@@s6H*V~URVn++_^JynViEqMo
z5`WG!#~yO^UwpNDI`kC$h&g|n$BC3)seI#l`|zpx7z|=ZPLsvCDtx{jwypT>!gF^)
zxlx0>$0F|S7U`!3{gpsWMR1pb-3noSHB+J@pJRuv!*g|sir%PLAJdN0mk|}&I5ck8
z{2`k2;uC?I*ZV&6)O?9<gzs)!qMPOnkIN-{)n#-Oih=GM^Uki#_`b_lj!m5Xj8(s^
zLHp_&tI%7#&Ey*EQNF|Eo%#je-{T!Uyz@c772-EM@A8Au68D$Sa6(Gn>|<ayS7S`1
g&yo2a26IA(dGvixn|C>x^EUG49=qF-9C}s%1I9vf$p8QV

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_application/location_id/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application/location_id/.terraform.lock.hcl
new file mode 100644
index 000000000..894abb857
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/location_id/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.12.0"
+  hashes = [
+    "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=",
+    "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b",
+    "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9",
+    "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9",
+    "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d",
+    "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5",
+    "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2",
+    "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca",
+    "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc",
+    "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575",
+    "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f",
+    "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application/location_id/c.tf b/inputs/gcp/app_engine/app_engine_application/location_id/c.tf
new file mode 100644
index 000000000..1717deddb
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/location_id/c.tf
@@ -0,0 +1,4 @@
+resource "google_app_engine_application" "c" {
+  project     = "gcp-test-project"
+  location_id = "australia-southeast1"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/location_id/config.tf b/inputs/gcp/app_engine/app_engine_application/location_id/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/location_id/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/location_id/nc.tf b/inputs/gcp/app_engine/app_engine_application/location_id/nc.tf
new file mode 100644
index 000000000..74d9d52b0
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/location_id/nc.tf
@@ -0,0 +1,4 @@
+resource "google_app_engine_application" "nc" {
+  project     = "gcp-test-project"
+  location_id = "europe-west1"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/location_id/plan.json b/inputs/gcp/app_engine/app_engine_application/location_id/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..b3b6c51100d382232a7f821156f36853e533d1e9
GIT binary patch
literal 12934
zcmeHO+invv5S?cv{sH-!mO=$Wd<Rcd)haYe8%UFAv*jYxUkA>yGpy}wcD)xGs8&(p
zcw^6u=jNHQ^Xumic`8rj+3sazE^Eo<RwhzNCSPQR-c}ZPx)LMrFwV$JIh9vvpGR{G
zJ37Z)g;EFMrJMuK>k2p<SpvoiubE6O6%#zULvOpIA*8ybJ_ns^OZhF@DdsFO%h6pu
z$Dd31Ys|^z%ENULtWw9vZ9VjOw88qOc;yz4uFA-@rT^Meong!duMA^W_+?@Fp--3S
zUtvVClg%l5u|#65ao<4B<dSlTee!(*Y~*}<c!hii#U;G%>uHahbl-ZoyYOQJiL9aZ
z3(J)pypN$$VwA-eoX@e^Q?#@ZU+Yh;OkT(hDB9walA={@<V7Ii_G{b%(hcxYPSv(`
z7FlI1^SE!Y+BEBmXU2U4tz8E?nOQ!n*O<Vv9M_0%0jwuGdn@dk$g2Xrr7c&K4g>yD
zdY{0bD?n1b*XV74i*h1{lf7}FA5(ZutpTis)j0Z$0<ay%mGwHyB(I@3?psT3i`A@v
zb785VpQb(xCCNG9(YMeS5;CzB785;@uJl4KThguTHCFzc9mo2>A%#m&I0eKlBulDk
zBN?9i-k&)9olYq^)ZQnJPL<p7cZU_Y($=yb_x{k0BjXOi7_gl_tBp175Hss<*0ACk
zy!2Omjyr<#uBkQFM~^##u{w0j9ieWQsosOay(ZpMjNOC%%p|ir93yqc>E&)*g}L5R
zkCTV=-B%cSJyf1y_A-FxeN-dSe<hDFfxe_<!|H9QAB?44{$H<YIwx+4olztsGiHWW
zS{lzujVq0O1WZ?L(5zGA@3g3%E1X-(@?A7qZ!s~YO?%qk%6e4C{&u!AM3xhKw3vt5
z_hpg6kFVr2-fKhxT6=0M8?B%)pLcrCteuslH0|&yV~)qXVhW0wf3qIb4<@SutiEK>
z;yYN$XMESZwJV)dYiAQcWIj#Up|9)?mv%;NUIOB<6o-&+z!k=QVdbSO-D#O@SLm!Q
zuu3$XPOvVbd2v^&`fK|zyr=%<wwlIBg;j*YYA5SJ{VZn-2#oPI&=pq+{oWH|Y8^pk
zlCq1X`#pabbJdnGl6Tyq{VlQbRPPn~Q_ib`+SaG0SycO)PT!i)@R5HQm+M}jZS}8*
zWM0o@N^0oyfRy^i{~d{^t?=Kf*o?8b+RuLL`zz=1>a8Y*&=iXgRbLuo@0j!Zeah0E
zUiObh7<G=Z_ZWNoTE?^TG4}R3;(vG5;4$_tZ?^c{@xO-^q%rp9=}wo}JvDzyJ%_E1
zu2pi?zlKla8X_Yv-eQ`ga&wIxg*P^|vRM~x=x*;<bA3p4bCurkW>3nDa%Px|$B@$M
zSiIN8$_;bo7~ZfqTI%xRP(HfCLm3m#J;vKy%^pno*f*C`INCnsDU0INw#%uD&egWb
zZZlhN)w)qPyDD+b<Qw8$+7fG1;dx2BET)86cb}>o%o4WqV6Gy!f*<s64>|wD2tM`3
zR-M%=&bU2f_wl&6uW}7fJ|2P}%{R%q@uAJEwp?Q**nDR&g@RPf?Idxm%GbVDJ?6Wx
zDV4H)j_g;?{J3ZIpRA_yMB|YEJX~)|vA0+rsrDDo8~tS)ZV%}%>+oJy-h&7u<XGb6
zS-jJ`+dn6T2LH!6!}|^H&7I*6^$FhR@*dyc;6EGZ_~jkmZ{-6{$-<05>vT)psNtz`
o`F{yL>59kG2M{wyx*HwL84rzicjI~c-TkA0W6N_aa_C-u14JUw4gdfE

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_application/project/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application/project/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/project/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application/project/c.tf b/inputs/gcp/app_engine/app_engine_application/project/c.tf
new file mode 100644
index 000000000..41b337252
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/project/c.tf
@@ -0,0 +1,4 @@
+resource "google_app_engine_application" "c" {
+  project     = "gcp-project-12345"
+  location_id = "australia-southeast1"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/project/config.tf b/inputs/gcp/app_engine/app_engine_application/project/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/project/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/project/nc.tf b/inputs/gcp/app_engine/app_engine_application/project/nc.tf
new file mode 100644
index 000000000..011e00d52
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/project/nc.tf
@@ -0,0 +1,6 @@
+# Describe your resource type here
+# Keep "nc" as the name to indicate that this resource and its attributes are non-compliant
+resource "google_app_engine_application" "nc" {
+  project     = "invalid-project"
+  location_id = "australia-southeast1"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/project/plan.json b/inputs/gcp/app_engine/app_engine_application/project/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..e49b4fa2a356a508f62e378bdf6813579b7e09df
GIT binary patch
literal 12982
zcmeHO+invv5S?cv{sH+JdgUVV9XwH0tI+fknkLa^3sk7T4xD3W@Y>mK?9I}KY8AE4
zCicvDZk`!We*gL@FXe^2TD^>1$XrUfk&#qV$TvC1(^4k*bS6eVVxEyh*^?uTucNh<
zon2zBLTQ6=D93>Ft^v+MrhqZS>s-c`iV;4!#nW;{LrAr!z670fOZg4PG1g46%F*4t
zroNW&=U7w9Sq;}ouuGjEkL}Ro*#`R?<5gNbx+^1>mi|jib%8kxyb8>j;hTx&hkiQ6
z^BHDTE7|PfDV9i#HGVdbGr6Q3;xqX^0yc6!A6_MQpxDFfzMp*Dr2D3Zy9+-SkjNZb
zKe1dX!TT60B}Q2+!TA!q-NQ&5scZe7mC3$bfube;Q&P05h3p3s&fnt_kgkA_a%#4%
zgUBjlna9rtyG^sMcxC)-ptbWrCkx9*^%^5smg5@nO@Q^y%HArwC-SO-Z^`9~(qX_~
zO7AQ9a|TF?_YzMF;0nKe158KoKyMp7kV4!v8eo}Nouk*NK)=H|vwmlq<Tn(@eYV_|
z*yjv5Czc9&YHCDZvb+F1dKY>_LMFD#Vxlk7ou0^PCf&MUV>Mv0;@CEDNZ}L|jsbBA
zDU)hiNrBJn{+~GNXPr{=(0HFTJ5_E^e?H8>m0a6;-X}yijtpl6qrg0URvX*ZGlH>|
z^PN2T<Fg{yYW!}8^I<q2+RmKj6Dd4-;uFT$6S<zL6!yGh<j%O=pUq8}+wJyg@{(;&
z8OC9cm3Nr6j9~Mrs*&lg<P|2+mz3<-d$bYOYR=iNX}TsJiJdVe<1}W9O<EeSN%bN|
zz5u4HK4=!I(Rf&`h%x9hE#SgZR<2^xc8k$<IzH72r#klUv!6b)p4g`;_u{cGjRMj9
zOs?@am+$zWqqho|@LWxW=e&c!Jf5|sH2tVUV$R1rV+@Lzku!?e4kqgatj844<6GFt
zHQs9`+m+6-wX_i+GQ%e9&|7wgOG{%`KLx~oDGniDfh(*HgteHibf;yuU7@quz`9X?
zI>Abb=E+^D+FslH;XU=QwDmQ{Dy%A0Ry$c4+Rk#8fWRui0=nXAqjy_EOsy-ZOj6FV
zbiY?W$6WO#to1l<(f+2`d8+pc{VCTqLCrn!(kv>!#<OjW$iO%CTN?@^b3F@mZ2tBk
znYVM9lIr`0Af?{%f5+l!JKU`b&Jc~O{j865f8{)0yVb-Hb}bt3x6U*~;*>XaWQfFv
zNIbNC-lY$bc*qm~WNgehMB={l#q%b77gm&pNSt>+T_XA2h{WqTT3l0P9L6rE3)FEg
zZRX&+YuaKDt-RH%yLCuyYgO06&YzSOer1@M$B@#hTI~B`9fuio46omgm%0RW4?5=M
zPrL^iy1h1gFy-#HnVrJX@iA{*6sL||Zeet-j+^YZu+>+sB6YJXkLz51pf*KYVx`LU
zQ)<mCFQ@S^+xo4#!St}52XpngnXT{o-XiCpT-?nW?0swR=xVci#Tkze)lK4g@w3V`
zya{;>ex!7ob>l?Ns$9M?7Tnxbm_k7+<~&(ERV8d)uby+aY)a*9og?d&w0h(-cu-c?
zdBZVyP>rtJ`LU@!mg0qCEp3h}<5~Kg>cez?pWd@=cc+bg65-xr+I@Y{asB4+J)%MH
z^8x<equ1>KozU!tK9)~-{{g@8aR1pE{TbD@FoU2s<_-E39XGsF_P?*td$4#uJpwUv
crtA1%4*Ae**GtcCdG`wh&h@uk<j}qR0jCz%1^@s6

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_application/serving_status/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application/serving_status/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/serving_status/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application/serving_status/c.tf b/inputs/gcp/app_engine/app_engine_application/serving_status/c.tf
new file mode 100644
index 000000000..9f21880c5
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/serving_status/c.tf
@@ -0,0 +1,5 @@
+resource "google_app_engine_application" "c" {
+  project        = "gcp-project-12345"
+  location_id    = "australia-southeast1"
+  serving_status = "SERVING"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/serving_status/config.tf b/inputs/gcp/app_engine/app_engine_application/serving_status/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/serving_status/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/serving_status/nc.tf b/inputs/gcp/app_engine/app_engine_application/serving_status/nc.tf
new file mode 100644
index 000000000..73deb59e3
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/serving_status/nc.tf
@@ -0,0 +1,5 @@
+resource "google_app_engine_application" "nc" {
+  project        = "gcp-project-12345"
+  location_id    = "australia-southeast1"
+  serving_status = "USER_DISABLED"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/serving_status/plan.json b/inputs/gcp/app_engine/app_engine_application/serving_status/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..e010856e3516b90bd46e2dbd7140e5404da1862e
GIT binary patch
literal 13786
zcmeHOOK%e~5S}v<|Dp03`s5*T0~H}8#DM|_s%jOQK0?zZN>ZRg{p-N@*%{V$He2s*
znwDx6wXRcpW;}1t&i?uROCHJtS(|-~9LrF~axNX2N+#ds2(yXw@a;g1yudmmTe2?O
z7#~G@r*`!idlgC<ge}<toTmkFM$!k20X|34wN!NQ%>`zY84V%TIrU@EIkc3YW9(v2
zAG;jg#e4j{gg?Zdu^f81_JdRE`gkmd9<MeyUl*UT#iOS(a$@N}u~cVRGr}jsngRaP
zv;5F+`<NeM#dIc{b<ARk#8~6Gft<-D<q+rOdk5Ia`ReedatVrac=gXy9XIJd_i)$Y
z#|RP`LhE~$D`W6JhDwQ1787uOjMJ`Tq>cDmziwr+A*Y~dg5Q)Bt!gA2frP7{aRNxE
zz(+Y1+ty}em9fm@xxs1EtSjCb&keM880chX`KVr_1Iuz;BfcK6KAzdz)SijFn!>kK
z<%-f_z+X!58~AewNQ(Cavk`EG|9uQh+wee73OtZPylyn0n6jt7&_XkN0@@@`s`&Th
zwS17z@>br<n+B(&rBlD@p{D=f4>0TF<9qSz=)S6~BRuB-ID5d{vr&QCw=BIm26V?Y
zS{J!^1U$q<t|}+@<)9+n$_E2T^rcQBP2ey#^g&@45GR00s%eoKzV~Adaa5B?%IZ|P
z-F_?@fGbt)_<l#DdK_uv5i`ze`kY&R8;=-K<9PH*Ttv!b7cps1Udk(ZhZwb6*<y1}
zx3Q^>O=S_RI2v9BF*1&B1~E0fk!3d4@`l3uNuC!JVJ`O>w{!n$8sQAAc~$o-11?v+
zPiY2zSME<H&=;5emFq?B(K^^mug1DZxu)r!cqDdeF#RuY#6?;f?@9F{M!o{3tFq{A
zTW<nkRVK!ub6UW$rEEOQi_<uh@4ubssycS_x4c!{?r70XZ*{TXR0+kSFYyewm4Te$
zXDC1LyNYcnT*7npDOO7y1lB}Yr%Tg89}@4hyhn9G5vv=#`!$2fnhR@N8EoYOws?lW
zwJK1T&aSoQ4j{5xLD->3t`C>i%nC^#5SL4F2>BFTVOAJ=_quea-Q4R!XXS=9xaH}D
zUk9j5Rda1$4(}(BBWn>ONYqt>FB@7+YIQ?7mlDy^y^|l&Tn#9!I5}@XE9qO?OY<?I
z*PE|n)$@F5dSAWL)U;A%;6avKp$c<!_1HQV|96qh%QFm0YT3_3QmQWhcUGQu!n;*R
zYV&fnpZU@ESM_{To0sz$_42A*ZH`VYrCzo<dYhw%9*Z3dZH^xDB%iT@(B|lQcTvun
z@Gn2+EzbPQv&Rr3{Z*TzJDx1c(f!+7Tz6!K#>(e0>M$qvPQfas-vw4I4Xw`k6<{Ay
zN=6fQL8a_a+0WOk{r;oW=h4(0*HdxR-9Nqr^b9&Kl3MYtm(NPt&bRA5jdHi?oloKD
zxXLFpic`mVt*_I2F@Hn!?KZR3Q>`z>7Fw*6N?$x0)J=b)YUQ5pX>X}MV=4A4F^qU#
z-g{OLrs7av=$@qyY<)KGeRBTEWyf5>KEU$swlb?%obkA*q7tu*=jxBcrzNZ4M@rY-
zYB|B$UwN<ID)<t21J>g~m0eYJhgs|OU8X4%q++hdciP%*)CuQp>ppi+r_>eaInqXv
zm?t`Kqlj|CjcNR7qlkM8M?0-G+bFAUrg-L17Hd*`+lW``Jk_u3`ejCxveO+D_Sl4H
zi)qiRyDq;wM`o&A-j+?gBk&CG4s7CW0lqP?BOmeibG!$|w+GzsFIXRDz>HArjOe3V
ri@gH*J4pKEG+xhKo0z%MbqlfYb<t|~z6swbac}8xZT?)89J-RfOJylo

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/c.tf b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/c.tf
new file mode 100644
index 000000000..5fce90e2f
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/c.tf
@@ -0,0 +1,8 @@
+resource "google_app_engine_application_url_dispatch_rules" "c" {
+    project = "gcp-project-12345"
+  dispatch_rules {
+    domain  = "hardhat.pythonanywhere.com"
+    path    = "/*"
+    service = "default"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/config.tf b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/nc.tf b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/nc.tf
new file mode 100644
index 000000000..a55fe6f2f
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/nc.tf
@@ -0,0 +1,8 @@
+resource "google_app_engine_application_url_dispatch_rules" "nc" {
+    project = "gcp-project-12345"
+  dispatch_rules {
+    domain  = "inavlid-domain.com"
+    path    = "/*"
+    service = "default"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/plan.json b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..497921d49f407e9b4746abde789c63a98cf53f5e
GIT binary patch
literal 14986
zcmeHO+invv5S?cv{sHYHg0{3=1mD3EsER_8ULZ}PO}Gj5*MW2F47)oxj=fFDR;(hJ
zde>u*=jQQv_SerJ@=zYgqxG+l3z<tPH!_r!4CISU&|1nhp3bC@H|ST$GdYq|z$XTG
z<$9OE)lp(2Jd-nw^CB?LLZ%pFhTlZSj*20kd`4@zrlCo7MSTf6=Z^9lz%g*9!18p5
zaq74ne-4~dMzy)#H&&_rEsT$Ddly*W7{AiZqpK?9($RnEs2-rt0>1(J%<$&g@k5_Z
z(H^14YAu_AqkD?pV?0>`kMBlug(u~j4@>ZS^cTM^ZMI!N8^}xLBioeD5HwLfRu3$`
zZ5N>HJLs#%+xM#TDdg&IY81BN+5&u^!-B3I?@GwQj!NlMu1j#F1W%3tX>WB4I&$(o
zh8&0JcZJpnqn6;`aYI}3*SK`rF>%ri+v$n1a4SjMF0k4(OSPD`T|~9m+jE*-+L5)L
zXRnH7A?chu4$?Z+KT=jD-Vm-J)dgg`LW@3>mh)Y{qD4thoJDekT=`i_v|X$%|LPAl
z$MSfGqc0uZ)N1-jT`|4G1=dD?yTa4@o}!ec!rNBZ=b5^y)R14a(~nre$kFcixJ$Ga
z^3=S2ioNd?`_}WozNI5>gY<vb&bx50S;4A37iW%p)2!9sX0E!xY}`$_qmv5m@3j5<
zW3_FyBS$0C=1Apzo~JonWH5uq=X#+&HYi|CZTQwl2lTUfwxOQ&en$t46o&A*jNr%E
zVd@bC<MTcmP&pH(`QkbT|L&s!%aKsKj|M_qvCq;pFy8At7}Yg#Y&=o8^Fci$F@SgA
znS$AXDi;zy2gN<>;i8P~d*xkYitgnX7$fB76ZBltmHa``&^>=*iR+l!5p|6xE1yHu
z(@t1x6~{u(&eJl_(>!&iMDwY8Kp`J6rq5XFiB`{I%?zidO50rFg`=!opXJgxQ{l&Q
zcAnRH{L+#0=uj+$-N|n3C#&K2zY?+7?z0(9->w|p1XFcY@zp!*KWnjzY=zy~bQKoX
z?TGp8nS8>(IkIJ%Tg%hu{hbqjWX7fW^5xmUTRwBcy!%M;dFh<4`@BIQE9B>9PH*bo
z=6k};quyUBrpX}IE9@6G$t}*Q!$ol^IgkG#j!WZ1w{kswBxm=Xs$JiKa$;N^VV^rr
z%&X}9n_xJS`xlw0K5}cyq>tR1{0O)9X-DB5I7~-=Cb4i?-9B<7Kf5Hw6z>_=jPTp$
zQyb@VujQ@(1+?N4Q9LU<G!qirU(`#~vp@BbVz{cw&1#|)j0)4{tLhaxsdt2|C1X7R
zYm)4EyRCeQ$+jsUUE!v9n>p9Mf-IJe;tf@*1}L}hdJ@oa6m~DetCT5hlkrtth1-0<
z0NIfVYKgpMTWe1{uUB(T<eRH?;k|;^dupyWehSqwEZm>>*O}VUrPvBXvGHz3u4eGQ
zn{|G?z44W`T63fFYgaWE^L;x1Hn_<fZo{+hZLEI?F8XS>ZgC}4Gj|By?6OKvWgp&O
z_3bv;4%<dq+h)=C>QS3n^SenxBfPk6r&JTR(b+uy<=Q##M|k5LuMtk6J9XwfS#&%9
zsamJ7kAikrD_1`Y^>I+1)u=vN*p)aaEi0Mgb?gdlJJl;$JlpQ$9?KE7!?)|Z(N&!<
zZTIctp3pZAcauaK=li%P=BLhsclynk&ibgT9>YhRH#oKH3G!4<@O8>d)D)lKI~9Jb
zawc!__bYt2`CMM(|1<pm?yvj}<0yV<I7K#Lh-#?nn@O!bXl4_<>^U=g`id-8b8qVH
UziH!FYyNvd_N^)l$e~;L4GpYUv;Y7A

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/c.tf b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/c.tf
new file mode 100644
index 000000000..ff364f338
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/c.tf
@@ -0,0 +1,14 @@
+resource "google_app_engine_application_url_dispatch_rules" "c" {
+  project = "gcp-project-12345"
+  dispatch_rules {
+    domain  = "*"
+    path    = "/*"
+    service = "default"
+  }
+
+  dispatch_rules {
+    domain  = "*"
+    path    = "/admin/*"
+    service = "admin"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/config.tf b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/nc.tf b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/nc.tf
new file mode 100644
index 000000000..9a4b66169
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/nc.tf
@@ -0,0 +1,8 @@
+resource "google_app_engine_application_url_dispatch_rules" "nc" {
+  project = "gcp-project-12345"
+  dispatch_rules {
+    domain  = "*"
+    path    = "admin/*"
+    service = "admin"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/plan.json b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..98980258e9ba5c503476bd0458a997995e007a9d
GIT binary patch
literal 16742
zcmeHP$!;Sz5Uq27{6o;kAl^MW%y-Nwh9D^NnrJavnk6v&>oa*ps={V9MU$;o)Pf1Y
zrr9EkWNmybR{O{I7y6lgqF*+jitcGiHO*;4YZ}uRx<hS6Pk6eZiaw%UMHh5RmneTz
zeb=USjlM!9M&W|4K<7h%&NIzGV}Z{d-I`fU@Z>XUtIZtzS-aWSnCH^We2(%KeP-xo
z=N<0T?923*=u^|QG1iT@N@=glICb5+!uoFUsm(aDs)`=W{2$D$$7u76&lqhM_~yy*
zL!Qo1pQ6QjBb%|A_YAFX@nnU5{N0ou@uc4HVFi9qTm05@)Ab74z`PVba-F3!!JJq=
zS`T!8U9T{&e=t8sZ{MrVpCPYq-k4z*u04bAOIXm8;av?mXsRrImg@=}slk&|lx%NJ
z3pzFOJ%b!4X!nTP6jW>Q@66Md{57tOcH9|hhVArRS-6&@u2)!Xnx*QVx?V-K*xGZN
zU24iw&$CzQrAwaY(r}QiQ~cwv**2l+O1;|H@#BBA&!|u8E2D3$qwMiy{%q^_kR*H0
zHJ&zi2$@-G`I@Oin(pz+i9P%roL#_D_b)Ry+OG2IBJEK}DYJgFm;4JFH#NFu5yk^*
z&vc@`JpuB#1Zubrpa!is+v>dgJQ?54JN+6y)oT61X!|Tn*K>8d!f3pgGoIpEFuG#T
zdptffcg0!?FZ7zlVd+20>XkM|>RR$V(BY8X0ydM60t&Y4#<zm**i+}(hFEh!ca{@v
zbmw;Qf*C|xbXhRNv0;X8h%%>F>W&|y8O9hsWsMmspjSU?G{!E>XLXL)xOmk~5WmE|
z=i!jV+c;v^n9%TIKoumG8}kuQG?W-m<>{V1*Ti*9d@Ji3pTBIJSI$IXt(88y<k8t0
zIPS=?gqW>K-%;YZv7$dg(?*pgP9Y~YKMF0Bb;&EdH#4g@C%!b!2%Y_5mb`h$e5Bl0
z1gecq`amT11YDb_Xx|Yh?VE)|Z<WWx|9;WoHd(k)(rj4s*WWSqx4NF{0i>V!-2F$4
z`iK;z>SWV9@lDQx{>IOezT$U|A9q}e-2z#PdEQ+pa|9>N<4O-Hb7MdGn!z_Mc5Qs0
z!uN$Kdr<0n{5@zKh~?R_IdVQT-=^`&mwh`z_<rS|CcRjzurJys@%T=_ayrbNZAygd
zJs|QlJ`5`|S1`Hw|908*d_(hcF|X2IiT~vP!{iRD?Gv55Q3@j5_3m)n-s5W!XIZ)P
z>hKX^j<pnAXK#Lo=JCQ<N$aK5M~T=vrWxT8{ij-6ct7P_#Cyc59)R&VS4!emF^<Z)
zu^FptQi}DJHT(H_DLq_I9bIhZyrtgSa&{)?<Zzasrq^#SSr@5=PdgkTFFBd9)A%Vg
zI#mOlK9zg>E?jG$4Vpe+jHt^U@-VGsYikedw@5^n6)1f(`Ad8YBpK8aS&yGIH7%*{
zF9t0mbeos-mNJBY`=RVcuyW(fS-xwtx$2TfCGz8}yO<{vYHyXPnC&e(I;MUIp4fB3
zu(%S+LOld;`pkP3UGUM2JWVZk)x3VVSnN40uVL7;JDnHX-o6(&F7>r1?BYYac?EqI
z3TtKishoZMJG0$<gPg<SJ8()KcNae9@h{hl^35n`@x<SaNtt)*$a%6D_DzJ=zg=%8
z+Vqa^{jrpri}pIpX+`tIujg5f-`CX&x^cW{{xt-2<96+WZ3?z&YNz~NuuX1Usy}QK
zLqMZo<i*Er8XdWeD~l@Uh@VL;=aSCx?%(ftC-59^0rH!GSM&*gU*mrgT;Uu3{ek{y
zMN%0n@musW#Pue~B6a@{Kyrk9{#jhhBXdie$;xlKY-?@b*XB2}?Yr>Y)@1-OhhFJl
DQaQ~<

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/c.tf b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/c.tf
new file mode 100644
index 000000000..c5d800c77
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/c.tf
@@ -0,0 +1,14 @@
+resource "google_app_engine_application_url_dispatch_rules" "c" {
+  project = "gcp-project12345"
+  dispatch_rules {
+    domain  = "*"
+    path    = "/*"
+    service = "default"
+  }
+
+  dispatch_rules {
+    domain  = "*"
+    path    = "/admin/*"
+    service = "admin"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/config.tf b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/nc.tf b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/nc.tf
new file mode 100644
index 000000000..dd2d94f91
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/nc.tf
@@ -0,0 +1,8 @@
+resource "google_app_engine_application_url_dispatch_rules" "nc" {
+  project = "gcp-project-12345"
+  dispatch_rules {
+    domain  = "*"
+    path    = "/*"
+    service = "unauthorized-service"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/plan.json b/inputs/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..bb2d7f53192c03bcbe55f59f75738b68cb5114b3
GIT binary patch
literal 16796
zcmeHPS&thx4CZrz{)a%1MYCtxhy0E_H82d<-over#n`zT>|byDQ8KF$Ez8n)CZ0_P
zMj~r0QWP&y6leeW`z!rOKhUe)$Iv~ksiGxKXiH=INO$OMXpW~VGV~VX3|-R&-Jtzh
z!EWv73b2ADh2ffRf#;V9o+nxW#|oc2npr9)c=7?g&5nkUYEOLyI@gx+CE6Ka7Jzbe
z$6@NQjDHQ7il()>-Uq9c@w!c8*P{*AH^Zm0^T?_UJy`l5EY)L-dBSImF)REsxBQT&
z3-qTLvE9jLZ0TNL^bAinfaBk$^oS?bjt?8~d%DMOO`Gl;Xan<7_{e>h&IB~Ee6${D
zc-=Rk>kH`f__|(oIfcBsWsSlnTzdlF*RY_u<y{3iXsj%Kmg@!_slby9v}|v63%aoK
zy@VVm825<Y6j&?p?=sMq@-=R(cHCKM#_jY<S-6&@?i;K&&r&s{?wh0*JA2NvOO09j
zW%epix@9`omV<1a;vau1wh4__`etXxkN@Gmq&Bf{tiG|1vd0tp+1BqNN%o#wJgx5#
zLRoJ6T&P1D@5_}Fd-x?dyMm>5FEc;esq$(f?NLK1vwpLe`~w;{wYugaj0g0d=(YOw
z8d1kBy@|vOT5AsVdGDE9&(8b&79Q2<{L1S3qDa$AHQQh|-pM(dVk$VcV!!)xJZ9;N
zwG_V6a}kFHepCdNH%IPT%KXpy;<^<qraT51BD-dM8)7^5(`B|H);z>^juYpJ?LOF3
z2=9H5_8c*%zpxL@u-EEXut^*sGS2hCGFsYi6Ggm6{$hwDgy*{b7S`ERJ4!S%Z;te+
zQ8exdVRRf}5YL8rq%n48KD~1e$7itKM{%b;>iMFJ<FUo5S)%@Bg^cx-WmzCO&-5kh
zV*=fCXPvZ;i9cXn;}e<7{K`2guC)TATb`Y*fisbuUC6QD+&#e1@4)Hu%#yi~Q(Tyr
z)>KKKS9otJt9GZrJkEIdRHoJOx{P0fxr`2hlD4ayR5$U8I~7+pPug}4O8aKv(6RRA
z@ZV>B+Q=~-l7*io&xSRB!yQxqs{6SfK;XpZcAZ0NBX^Xmk#*n1H#;l(6aUuq3ICUP
zanGafd{yq6gcfN_vq9y0!8b3CTYSI5_lG$<Q0{ud9cUcM?zy=+lfJOOmhVf4v6lI$
z?xK2@V&1w$?$VaaKTmq8QE^XnXa#8=pD!BE$yxm$;_*B_^eb04MC4-s`)z&K>)S4u
z@+$i)37>o)5qY<n!?<S-`RIG)u|UZ^<0%=!AxiX8^54q$`m&h9AWt#GdXC@S#(E`w
zaFiKur*OvoLikjB1Kwk~Uhy7U@qoCW>!~D@mD*S2Bw5ei)iI@DMc2a`z8nY-sq4e)
zb#b|OyIjG^bvs-MsPVO1Z`MR=ajWK>`B1l+I-y@cqjNRD>(g+%--K)X=Y_ft7$XyN
zhgwZ%+1lFU`YjUCtpTRbw#JF?g`~<_a_#BUr^Y4y?!3Ru(2OpDmNpg>w}aWw;N-^D
zwS4>L>e;2*O613tc_~jO*p9V_atO!Z^zS;$eh!|vTynp-qN@{{*Pm#POJAafw7#@i
z8!I!1(TqIJZBNy_b~J3T=eWH3VbA^sXRz(Vdx7UtTYJJOKD3!v&}X5zR_;HQvrl-7
zcA9U<^Qgyby_;~cjC-X%ly6G8swe&SOb*?-GnYxC-**#Q`%b;9*vI$s-Z0C#%h+G%
za8}Vg3HxPM6T<r55ZicO)W7v3w&~vqt}kbmZf|Vrn!w-7cHDNLzn5qyym88j8&2b2
zZqy;Ov>ETDRyT^~VnWT*wEG)3cXD4MqbAv%8@fWR|F3wv;R;p%%;j5phwpFjmke(3
zd5iB?^xIx;mE$LV_kMv)-vpJW{;vo~B~h5^bCE93%p+a3D`zMUjdpK&^LyOx4SF8y
K>x7s?&-5>PH`zY`

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/c.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/c.tf
new file mode 100644
index 000000000..eef53664a
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/c.tf
@@ -0,0 +1,8 @@
+resource "google_app_engine_domain_mapping" "c" {
+  project     = "gcp-project-12345"
+  domain_name = "hardhatenterprises.com"
+
+  ssl_settings {
+    ssl_management_type = "AUTOMATIC"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/config.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/nc.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/nc.tf
new file mode 100644
index 000000000..313b1447b
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/nc.tf
@@ -0,0 +1,8 @@
+resource "google_app_engine_domain_mapping" "nc" {
+  project     = "gcp-project-12345"
+  domain_name = "random-unverified-site.com"
+
+  ssl_settings {
+    ssl_management_type = "AUTOMATIC"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/plan.json b/inputs/gcp/app_engine/app_engine_domain_mapping/domain_name/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..90bc8ed8be1cbc2dc9e6df692caa7b6e089e7ef9
GIT binary patch
literal 15454
zcmeHOOK%%D5T0{^{)d9++I5^ZXnPBK>Y*sm$EAU>a4lO=BTIthz7Y7YxBWg+WA2W2
zDK4c|gJdDtBWlUvaE9|F_uqfs%E$7Ne6syGxs#==<zBAkK`Qw}ZqeGv48JbK$=B%T
z<e8kyCE%xK?1S&U##qIY!thL<1J4&Ncvdn8js-rqGVxSg<Covj+H7fPQXQ#ZgU+R=
z{2p+EF>{OxbhnSGk0t&k#;oP0HrK1hDz(3bY3#PQ!}=!pto=N?DkoD<|I|}mq0b7R
z3VjxMGV}bXFly=L!*=Dru@_rY@bhMepLTBBcECYiDWBLT_pgDE{I_zp<89l4|9^v`
zi0{x<^{0T;-`6N8;mQiqSwaJ5o;Pdo+G3^jD3=XZyvCZ(0jV!_4LHa1rF<r@LD2^P
zXOIvzY=z(IeCfZ&4KTgNe3VwZo?RFXwUV-Jht=k3njLA|&g@dlIdWr-K7{1iV#_)5
zocyFFaxZhI_vMVz;=J^NJc10Xt)#-7Q%FoL+K=*+{2<@TH-P2yg&p%7sK3E_6!#RZ
zm7L*^`$?ak!HQnO0)F0N0d)oYpu>7LuoYa_EoOWG?`Q?op5$4su37q7v@R@>#=2FZ
zZc^qI{+hPprTh#Td@tY0OF&A*W!c}Z`5%i$U-i@+ot?IC<}DBX$itH)7Ty!hd(raP
zlLm5{T&1@r74+S-3&+yv;H#p4tgxTC(`n5nPb+;T<-8kqH<#{&dVHjE?t*!9<Vv=m
z1`ZcfEFk5+R`ElKD$4jW#udyW`t5Diw|#L1Bd^6a_BeyhU3e?VnBoq9jAqZa_VIR%
zFP^eK<*tR%caQOf<&C!UEWY+uSneao_@bP5A5MIcidn8&qtNC)wh@Z+v0lA8QXwW_
z_Qrf8)@9l=j<l^GE^gT$wHz9yoW9oK!12Dd4Y$ob-<4X1YwVqz>YUn5?iJ?Np&nV5
z=W=#tE};sLmtE%C94Eg5bEtl5{Y!JdX0=pTWFc30hZVAJ(T6jNXJ3RgWaZ^l6&Kyl
zT1y$O(lSg0l(vT|$u1aaI&DRz=^?tP)8BJ7M*AP5a$>!f;<m7^W0lVm-oUCZ<xl)C
z(>c}`!$?+wc~X(5?Mj)o>ZMrnYBZ(ThlrmJ)dil^ti4BIhIg~I>J`2pCJ~j4LfRZw
z*CxQsm?xaP&=-eO62?Qhl%%3FozKF)+Ltp&zP{AGTBtTR>x^OV-+>!*Uxm!u{Y^dG
ztzMStVxA84uTw_5d(3S3tqddCl>FOg?Ai@!4W$f+ImyhauDuWOd)_+Vt*YS|!CU(r
z+jXl}X2F^#{5Ib^MU8We<fA-O-_o`*HImPwM;RmeCa=1DQL`607_;RulDFLHYR7$d
z+(;%Bb9B+7ztf}S#?N`trDC>ljO4XGHAeEs-T&=zwcUT(zG|(*>r;hkob6AWzh0SI
z1T~GfIhij{QLA7)p%v9syrNaNdKI~jDK%DC)4buBGa`<(aZt(aIo@yOolxGHviO)c
z9`80^$`&@|qbuz4c|3a=Z?%s1Pi&2ldfcBYyLn_?hbwslEr|CbOLR>4vje8T{K*r~
z2lWoQp4pT|&gs*QGMtg#zzN>w<+*0K|E{;^f~|7?%rpPyYRU@eycTxZ0o%{E)jl^*
zMNYw!oExsE<-`z`YUTG~991ka2G7a;jx%SRJ7=dK`zEf=-tPVM={{IC`YJ2d(z*L;
zAZ5A#E`E*%<j&l0Km5NnTIH(3Lu<B*N8#!3VCc*WcRh1XO;<-NRQuf(Uyr_-XHF^K
zTvi#)(My$)!dyMo{t8vbqmPdM@0dBb^0}XV)KL~j8b=>(d6R0t?>;(ZG1?=ICP%FG
zh<9IteY;22r1{3BT;M&i7r3{6fj7qZ*4T5r7j+?D;$2)m;s3AXmz_+IKA-P}&XLVs
p<5pUH54QdGN2m&MX7=R$vp_*tZ`NvAmtfUIZ(79je{$$i{sT~op1A-3

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/c.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/c.tf
new file mode 100644
index 000000000..8a772ae0d
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/c.tf
@@ -0,0 +1,9 @@
+resource "google_app_engine_domain_mapping" "c" {
+  project           = "gcp-project-12345"
+  domain_name       = "verified-domain.com"
+  override_strategy = "STRICT"
+
+  ssl_settings {
+    ssl_management_type = "AUTOMATIC"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/config.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/nc.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/nc.tf
new file mode 100644
index 000000000..82545b8ba
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/nc.tf
@@ -0,0 +1,9 @@
+resource "google_app_engine_domain_mapping" "nc" {
+  project           = "gcp-project-12345"
+  domain_name       = "unverified-domain.com"
+  override_strategy = "OVERRIDE"
+  
+  ssl_settings {
+    ssl_management_type = "AUTOMATIC"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/plan.json b/inputs/gcp/app_engine/app_engine_domain_mapping/override_strategy/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..fb1ef2b4d05c58bb797d581028cd6616ef9e6002
GIT binary patch
literal 15946
zcmeHOO>Y}F5S?>?{)d3)#<86?hung+haQ3e{W>%-7LFw=YGp}~oVG#Wzuxw}r6ydC
zc30#|s~XNikSI$07|w8pZ-%q~{_{z`l1K7*^Kx=63t7pHT*|E!@~4bZTgw!`&c(?K
zv~zMMCvuMRYt#3(Y`sEX9i?rAGkJz_zO5N&DKm^Q$7?L3l8Q_G@&UE=hK88xK>Z4I
zE=tO8P>#@NhF+fT`aadZ9Djj6E4ix7^)_0iwzp;b=(e@P`bK!I%6W8EP9`P&lalHJ
zZI*ZyXfww@(~=(rdM!%%uwInk*ow6Y_<6O(Pdm4*JB&eIDW6y;_b)LX`ETWH``fw$
z|38AFFy6ka%BO(T-&82*!j&bYvw#LnOWv%&Ydb2XN4c!A;uY3>f|B}D)qoTHzmTW$
z9u%$dIfaC%VN3j0<xBn=*BI$N=A*Rg_3YGWsFjqhJFGTM(`-*$cV?Gb&Uw2sg`JpU
z1tWP9wdXG89?#{8QsGLuc}aNb6&o4Rs!?ViH#Wh^Px7<;C_l(6l-=j^d*yeGeT5m+
zPEJr;Vr}uiPhdaKVf((Rv3<INU8Tc%*02&>*BCS2f{)aHwIpdat7(=zTh=s6ps{LC
zsFicjTi_jAiI?&VWbj5_%S)7$h)c4(P4nM%>V1)^Gder1-n6tiJV9<hOJZK0L9;Ac
z?lNg0r^!{G)1-phMT>AKUG}F`I2jArFYa{OvC-$1zLoC0>vuPI-3e7>q;hU5)8<H(
zY@P=8hbHEba;{bU67WPfz6^+h{zKm0R(;!rC_cdc-5*r(Mt+s=fh&kCzQea%9SW<C
zvBQ8Y$e96IP>%*=p<2>hhMm$6PEI@ZEqxc6XfOqbv{O<)W8BAL6IY_VYDA;}8lWFb
zPb0))>V1uNE8ibt*^O8B#V5y)Z#Zx~H=f}(Ugv#@U$|)Rq(tOYYq(eFRr?rZHxHMy
z(`WJif0|#J>diQLhmn26Q)6Cgo8t(nuE>^L;Wbvsh(!)(bevt-s2^N(tSF1_<o=^8
z{hSu<mQZEbR0f)k8%2rFh9>It_f%cc_J@d;*z-!qwq;ej3PfY(@(11v`3s-jw2d)E
z-;;4)-b<wExl(5BdDl_W;xb)F?;|F&uP*RjW>uaAj2vHW?0JFj`$<G4qa|$)BWfdz
zOtj<gS$GQjI}swGR7z6No6f6cuJ)zOk*+V*^UOz><Jh9#``6&ctc*OS?fzH~w<DI_
zbTLf_@?(?1?jF)}_$2*EwoU%^GdAspb`7Nr`?<GFiKsmU<es+9`xPl1u)Esj?Xqgs
zx>>OJKHqwJ{lztN@cX{;%mKsu+u8xc#~Rdh3dOA$@eLmGfZ;87n(BRFm^QT0M2r5;
zvm_Ncr{PK+*_H!_*O=6R;U6l7uWI6ji9%4*n6*hyd4ebfv(hw*+J;p0tgc3mt0T4b
zRUM2o8B=<Mo)!Uh$&zCpD|0`YA!Wy-$9TA`y{ZIs4O-@TUc7G^vR89&%J=mNRaROa
z|8_@b*3w1?smJ+T+4dl-I$R(II<90vcG0mw?^ymWZ<}~0sJY^LPtzVx&@pV;exuQC
zOr1mRBC~dRm+AA|HCN8tDrUkGrR>g7ZPS09(Uz&G*Y->I*p9)WICJ*6e5lKcImVh(
zGJ228i9VwAy6^VmsE!i6kQDFtFmr~vz13^i^+RVK>+JRCzy7<c?AH4tGq)tq$D%BE
zKXs6z0jV}HZ$JFM@o6j3F9DmR#Iv{gGN2R76RoGAlbon<iZ<%(TBd5Jw%780A(ZW?
z^>KMIpcKC^0s=T>97gwC-U*?-Y#C@AP>SVETm7M<ls1b|kF{csSW6l*pFAeLf#<9~
z=eeBX$-w7$V(=8t2=Y0>XLu6s6rV5fwBQ*&&++<gD;hx5!)JhJ@aQj*jToMJuFw7P
fXAEa%OXeMV3YuEe6J~6Rku%M+3E3ay(4G7T&u+|P

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/c.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/c.tf
new file mode 100644
index 000000000..a8ecef3b2
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/c.tf
@@ -0,0 +1,8 @@
+resource "google_app_engine_domain_mapping" "c" {
+  project = "gcp-project-12345"
+  domain_name = "verified-domain.com"
+
+  ssl_settings {
+    ssl_management_type = "AUTOMATIC"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/config.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/nc.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/nc.tf
new file mode 100644
index 000000000..53e739ce9
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/nc.tf
@@ -0,0 +1,8 @@
+resource "google_app_engine_domain_mapping" "nc" {
+  project = "gcp-project-12345"
+  domain_name = "unverified-domain.com"
+
+  ssl_settings {
+    ssl_management_type = "MANUAL"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/plan.json b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..e2f753822710568f799b857e9a075679069f61b2
GIT binary patch
literal 15388
zcmeHO-*4MC5WeRD`yUEEw`r1Y#n88)PXoFZSi6@Mfsn<C>&>wZJ6%^4`Pa97pXiII
zvm}$W<#nxKBs696c)a8N<msQkKgqZ9jXYR?oLtLXmU1H(aw~=WDOc#NWP+zNaq<k~
zoSev!oT7bb=H8a0mzb+ix*(j$6Ttbt0nS3EfHA}8N=79X7kKg>z113rI@T5TOW-*#
zF~31O!kj5)dAytFgmVdhjyX%Y4Ay#E+og`TZ8vl~+F^eqe3s=px+^E+68~|Db%8Mp
zd<u-2;g?BCj{>viC4bm2%5NOS-Wc?}+@Pmj+x8t`kXA}3_DTH<z$5)FpY43xccA}A
zU{t}|byw*a5c`_|gB+?Xz@0fHU{ca%30hmI<R1C5!j6~N^ATFgODF+H_<b&q<sC3u
z;r|32qJ%B*ETl{N9#??$4(pLy&2n~ZB-C=s_8oQ`Cuw%3?K^WyE#<sknLtlWu!E62
zs*UF<<{3|=iDKbOzIje~?iFhuQLB+>AJ;m;$!mEdKg*Bu9Bux3{;d2C*q2yA_2d}6
z1@>0|^%3;vDRkd=4Z2Tvu&s62&k9<C`?|u4x1b~CUo}ab&T3mFO_#Mnsc;PS38iud
zd<*>5wZxhH0v^1QpX3ZJIpU%;Z`=BJS+ma*Wky%0)|-?%hZf}ao)fdu22GQ2xl6=>
zlqOYar-=oniyC2Hvh1x?Wf=?TFP?PjvC;ib-%391`aR9LCn5BVl+SH#+#0c*O_RX>
zyonjOoT?SS27e-tE`vwG_#y3VtGsRVDBeT=4PM3IRamcr-o#6I7H9He@F(u$e3h!^
zcJL>f>EfS$k~mv$VVo!WfHB@jHzv(1*5_D{#Ff5Xm<K7~12B4Jd{Jd!nj?&E-QJ&{
zvfWGB)hjuCR>OhfsaXuSjx|4*tc9zcotQkFN)68nV`-mx%!_NeIwKVy^~Xh%u`!I3
z-vHU?IW^Ozv0gndsynhRcX*8*GEb308HKaWBkIQ+I#g~&Pjde`l`2oM&s<8kCR84_
zwG~c>&7IV3LmPJbJXTh8{62Cd)?O)W+lJCrAO|y(Kkzq~5BQ%aZOkP4nauX`HX=^W
z6*H^PbD_j#V{)PQk%`$=7I+)8ENubv#g}V+Uf}y~98u0_OP#|!+6a*8?fBajT48?^
zLQg0blNj$!*VQ&v`eN3ImzU6<`Mh#Hqv+56HK;Ky^Nn$*zb=QHdCELljFW-%jAW&E
z_iGFK;cOTGn^$Z*4c!t-9`<uv8Iwo*5<K^~eSTi~!NGS|y}a3mS}jk5)o<}_q}N|I
zbMW6cx!LrjTO&5j2%lAUB+h@|JxkfF??arz?}O*wWjjMk@%!MpTZ+W>X+dKB<v4G$
zZQa3h*G$ylxqqpid#JIj{-&g{LX+|F7`X{nplR;3%RkX9TbM5nA$84FS*%wr#>}W@
zTE8c!B91kytn*|wl!eDQaeozhAqR91+BVzYws?!TEJLO0P+4L<3(9diRW{?sP=*U+
zKCgm`#~c~cQ|<uiukwzGH-TCguD3IJK6CdyMjp%xUrz~E=<){B*R*S0oYz&XdZm}L
zy&APk{&hv$wrK!6&h}L^*Y7_LL5-NI)x%PvkDRp9dpC+Il(cwnKWkQN$DHwfSJ&$5
z&2~?J-PY#KK2NNqNQ*7V%k7o*F%l3f`)TLlzs<&4j_#VB-GpZ=xI%lC^G-~<J+)qB
zO!jtjAA?o4G||3BE8SK(B?lTKjk>zFvC^sIwH+*TMTx;OD=nJZxO2XH?$@rJXH^wS
z-t7O6P43ba&AX^m#OjTzs>SQG8^lK%S)9r--t~HlcfgME)|Y?t>kYo0;7!^S`2qj=
z{MU_`k2aofbxsktU7*sedW*HWuEU=+uFR3FDf1Y#jb^;V3<UEdT0>FY?2|%w@-Hdi
BkzN1*

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/action/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_firewall_rule/action/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/action/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/action/c.tf b/inputs/gcp/app_engine/app_engine_firewall_rule/action/c.tf
new file mode 100644
index 000000000..d14450a1d
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/action/c.tf
@@ -0,0 +1,6 @@
+resource "google_app_engine_firewall_rule" "c" {
+  project      = "gcp-project-12345"
+  priority     = 1000
+  action       = "ALLOW"
+  source_range = "0.0.0.0/0"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/action/config.tf b/inputs/gcp/app_engine/app_engine_firewall_rule/action/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/action/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/action/nc.tf b/inputs/gcp/app_engine/app_engine_firewall_rule/action/nc.tf
new file mode 100644
index 000000000..875639f5b
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/action/nc.tf
@@ -0,0 +1,6 @@
+resource "google_app_engine_firewall_rule" "nc" {
+  project      = "gcp-project-12345"
+  priority     = 1000
+  action       = "DENY"
+  source_range = "0.0.0.0/0"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/action/plan.json b/inputs/gcp/app_engine/app_engine_firewall_rule/action/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..ecb12c08fca54c54d524f105f2e1ddc586b4858e
GIT binary patch
literal 5238
zcmeHLO>fgc5S=p;f5K;)CV_J34GC@tE=UMaWu;Bx8XViQO$(~>*MawDyxFx$NvgJL
zQ6kHZ<C&eAoqanW`}^0GL^78`Dp|-x8j0mXX82c2imy4S$GAr_kTHIr;ck>(f!mF{
ze#}UoW8_ggvXl&?a$GZ+s-_9Pe8;~U9LGXiDrha#js<?Fpk|<ZDtQZht>kPq?u(9`
zfP0GX<S==WBq}XY88LL1xMFbRprmR?j9H{Q>Jsz}SB!tAbpRbUXS2oZh}2U#xD!a4
zwj7Q8glxxgJH4ip8Wt;w&XN+=6<DJbnz>FfW)bpn{+wG4A6Bqwux7mmpcir|=NMVz
znPQ$qK#6am<z`0>>N%tmAL~|nsHnIAwZE1VjBHew!_g~wi|f67Y`w-gP<{ojvcsF}
z8e}S)bEd_7($7T0NQQb5k>-=HkVSol*aYvT9Q0@h7&itcU#u`0qKPX{d~#h)$`JnZ
z_aWZh9!Pa<h{UEvo3nVSHrJ4mgF=f_-Ba{k-$zR!H*tR-=*{7S$AVvP%m0nw*YZZ*
z$*0z@d;Bit1Q<5VTkQ4GIR^e1V{AuROy0+8AJgwXR)_v}IWvsHZVe)=47D@kGuEAG
z%sR!p<#daGE}}8UGTU3`Unke1<?cjx?~NE4AeV2r3%SJ8d58I#@65uiaBPQ!9*&V6
z`Z<Cl=J0i<w65Q;<G<4Vx6dQ@UkN?z?%I{i^BDJ*#Ya}jx%LYQ_B3n7u)1Xx_jhd*
zj&ZS}TVq?_)2-sW9E<~VXteI6%Xzms#Aot-7k0BQEL`Up`C!)eDcv5_WX|M=BE>pY
z>$80a9Oi3>7?aMPj@6WP>8_U`Pb6XPwOq5VYa&KB$#R{Qmr_XBTWuqQv)<f)nTCIL
zVB6{P9U8ke>(U&OH+QeJf_iqj1AA!n`rPJG*YEhZ!NTrg*LPpcMeHpsN-PjzEHaF-
zC&uy;XCXtJe%J}f2fU5+6y>OWeg?PIn>-`S5WOaHieKvlTop?WVujL4v+luHxuo+{
Tif2^JOjZN?igqba<%#?OK_-=^

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/priority/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_firewall_rule/priority/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/priority/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/priority/c.tf b/inputs/gcp/app_engine/app_engine_firewall_rule/priority/c.tf
new file mode 100644
index 000000000..52e3e2925
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/priority/c.tf
@@ -0,0 +1,6 @@
+resource "google_app_engine_firewall_rule" "c" {
+  project      = "gcp-project-12345"
+  priority     = 1000
+  action       = "ALLOW"
+  source_range = "*"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/priority/config.tf b/inputs/gcp/app_engine/app_engine_firewall_rule/priority/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/priority/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/priority/nc.tf b/inputs/gcp/app_engine/app_engine_firewall_rule/priority/nc.tf
new file mode 100644
index 000000000..ce381326a
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/priority/nc.tf
@@ -0,0 +1,6 @@
+resource "google_app_engine_firewall_rule" "nc" {
+  project      = "gcp-project-12345"
+  priority     = 2147483647
+  action       = "ALLOW"
+  source_range = "*"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/priority/plan.json b/inputs/gcp/app_engine/app_engine_firewall_rule/priority/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..d45a33ac5fc9e00e889ec102ea18881572b51a61
GIT binary patch
literal 11458
zcmeHNOK%e~5S}v<{{i`kXlMcj)EjpsE=WkAXcgKt4Wvo52^3WIuLIv_cZk=!+1Pot
zM5|TTb=Dq_$MYWl`F$gg<&iwOdyHJjL~^;3p3EhaAJRu}CPVx>79*z^XQVAH>7acU
z%$?iOIp!*qItXof0XQcWaHcW>j4__RoLek<_~ko#vpXD$STC^8f#<|xeuefNb4Hlu
z@UEWY&n5f`=Hznbt@XLEOC2A!_0Yr72Kzh5liPK4S4IXF|AECi!<Z?a3}eRlGPLx_
zK-;06ca85OJQ;d!pDo}Wo=UiK*f%(9Qc9`BK55^>illxzyt(`W)(d!>?J0eI;(q0=
zzYa~Npy>qMKeUv|LE{iAPmX6Y1GnYaaSJVF#pnJOzE9-2TmqvR-b0)ZrE7}ce5$1H
zaRx}2SdV8_En~-lbcW|1_6>F$CuQNxuutAT12u{|<E^~I^IkqCbCkk2_AI#b9I&Us
z3S%n+qr_b=VDrR@G2i51r!(4eY@ed0(^;!p11!l$UvW~Ti0aP)dQ&+Hz8*oZcAyhq
zR_Mf4E9rMr&|uUIlx0e?uKjca`twXFS=5nptmI%S<$XJ%_$+I06VHkJq86kjA{Mku
z<ohzm-bQKb*!3TVRv&|3(sjh4>-F`h(r9-2aA|z4QhZ37y#sCgQeNZl4Rr1+`+uY5
z>D?camanr(-AYSQv>&0JFtDh_C?SJxrhn(GtlGrtn4w<k?k^_TGzK8g?9=BrC2xGS
zeN<oUq4@Nsz&Fm5s^^btEnLrWIwx$oIysq9K7GSFInlY@NT1Ef7r=BG0QEc7M~u_3
zl!Ob5S$^kZ#!*Hw-L{?DMdac5aa$3Ga`)~dja@_-+psyIrdD1ETc5Ww#4%&}hQEni
z<DDXf3fCYSVU~nm6*B?MQpHG9Jifj(WfgIdTl>PsLX48qWo$Xr8!6gD-L<yWUzhEz
zUW#{R|6<~V|K9?}?ebwoKaCAkIV!ilo?1^YZ8r<IPaC*-Y}VMrWjZ+IG@s8Jd+2ib
z+qZ|lN6-x{G_@eBYpm-G;6E^DTg;wU+fC(hKcev=#b}LU#VKZn@=rMiTc@JIdLwIB
ztYYo9!s4HR?m^o$FNQgQrpg%SWh#X?^{*6;w)@UF=(^gLxqo#ALg#9`N`5m$CjEbv
zs8CW<>ED;1w%)|-mDck$cTlZg6whTXEk{`ATMv@1pqh|1Rc6%O4Fs+6IPGM_uO!w<
zwL%TsSj!mBbLUl#*mu8YtwQd9w_)va_j@Iuuda^nmlFQ1kaA6RA2earcD+5P%u1CE
z=7Lt=Lx{m3cI7l$-)BaltUa1~Y)BJUo5~pp--m5%U}FQF-LJ|C#Aud~=VCQYI8QmX
zm|;)TM`f6f*X#YA#vU&2`KS+g`1Y`lx4V_TKrxC9`Fv4haolzV&8yVx;Er1dcOZ_?
zw(;gYv=4ZnpsK+;5~sK!(UwmbUyM3vUwK1ygeawls^8+StyV(9@#J@|%#p70=+{lc
V(e6Ga@8r3gs2sbfbC5!}@)x3E0LcIV

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/c.tf b/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/c.tf
new file mode 100644
index 000000000..c9bded9ec
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/c.tf
@@ -0,0 +1,6 @@
+resource "google_app_engine_firewall_rule" "c" {
+  project      = "ae-project"
+  priority     = 1001
+  action       = "ALLOW"
+  source_range = "192.168.1.0/24"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/config.tf b/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/nc.tf b/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/nc.tf
new file mode 100644
index 000000000..dcdc319aa
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/nc.tf
@@ -0,0 +1,6 @@
+resource "google_app_engine_firewall_rule" "nc" {
+  project      = "ae-project"
+  priority     = 1000
+  action       = "ALLOW"
+  source_range = "*"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/plan.json b/inputs/gcp/app_engine/app_engine_firewall_rule/source_range/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..153eb74cdfe4a6fcb91054ec3a36f3bfaa1a881d
GIT binary patch
literal 11416
zcmeHNOK%e~5S}v<{{i`kXxbEtN^jhexF8{cs#WMSke4=rf~x*?;QQ<h>vc98d-Ez$
zv}&fC*yEY;JU#yN`(B>P6L~g$j9kl5a_LJ)CX&eyxx(96y7+b=M$RzKNLyNR4EQ3L
zJF%m4%vCIP7~1j@cup$tjHCw~13Xu9X{qSoo9}oVPiZJqT~MEc&Y`8e4|s_=J<M`+
zSI_b168{i$a=Gx<`ds2t$A_>UdpO#Fze_y1T}Qbxa%1Vgu~cUmGs2T$%mBZ1tvoWw
zwrl6z;rAY%3~!Fl7U&LlC0sdtH`r@RN~Oei%D#gYDgAVO6Zr+I3w+D*l)gS`?|bVv
zk;w=$9YXuNRx&wc9Af3paZkq3wj3O{0BI|}_P6l+P!8o56piuO#s1K`M)=N`N;;2Y
zV7kS6+^cFEI|{5b-1qR^fZI4L3ulJ!)a?sMqwF)@$~!#o<zuo&DSl)3f}H2TJqlJB
zSR3dia$Vr&j+0`3QiGk(Xv-0v_EK1f@)bKpiKzeV;Qas`P{)ej%HC8dTLewXXVDkX
zdTG15T3g=0TerZ)YdN*B1)dJ^-K!<`g8NG=qraSh2Dh5-f*(^Baqy5RU2;s1$f!gr
z7^7$dv)cO*<+)?me;giu08L8w7rXA`n@MHw<(bc=>9tz(?s@sth*?M?^yDr}-mI5@
zp6nG0`gh5f*F~Q5%6L$Y5@9qjh^XbdAcF^HM(3ieM!xDQq29K(R|PDa^&6WbZ7$0<
zGx_)8C}^e`)?>-yO-XNDzErOtg@yVVb-l*voDgz#YBKA3=7x24qI1t9GczM!fYa6d
zns;g@7?;)360R*}`81P^lZ;Zj>S(l%TEpq%s%i|??xKEJUDVlZO+jC>Y%LLbZPkkq
z`g)e3av8`s{0-#}pD7lpcnv7$83|?2a{!)E#aLE6y}o5-6_t-$``T7Ntc%j^Z9dj}
zDaS_TT4D9C^LVSb=yk=yn9AV)kA`tvKCXIa9}m@zW})w=n)xL^V{jOZG(Used^}98
z#<m*|)2pw2)SK0M{id8x&W}%zE9&`iKg^uz>)1hK@8$+s0#9j~^%PyT>gcFi?bk3q
zrWoH)?kdI1DE1-jdNk=;u&2oW6gyQRzSVY7{2fpp6sF}Wtorwz#JF5iCA@4FrFax>
z`iw!>RoLXrLFX!5WWO2ekE?&(rqEJT<$onV?U@J9tF&jYrv=siMd_RetLo}zm~;j8
zgzTI049(p#(B4f|rc!6siZz7uYLIYT`0n;=wnkq+&)R9+Jhy%ivUxv1B^kHB)o0_I
z<=wyQG21s?|Bmw>O<iZUnKV*nrCJHkg%;mCh@l{M<+NSc<{5(Ozrx**hB0RjDh-AE
zc&L(480Rnj%00%u6uZJ$d(-g>w;d0UqE1tlT7}DTyN`#wPZQoFO7q0J6AI(BoTn(w
zv^!;1s&=e0>ebPCUdem8ZVhQKPLW(b-ADefIrK4Zc^%`<*MYskc7SZ-rF_8ur|4Fk
z;QurG%_od6*BOkWym#6|UD82kued?09gc83Pb9c9N4oB!-wz2#yIYdHY3J^ja%^#u
ILkT^|Uwyjz$p8QV

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/c.tf
new file mode 100644
index 000000000..19fee63c6
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/c.tf
@@ -0,0 +1,37 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  version_id = "v1"
+  project    = "appeng-flex"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  resources {
+    cpu       = 1
+    memory_gb = 4
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/nc.tf
new file mode 100644
index 000000000..fa1f8b1a2
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/nc.tf
@@ -0,0 +1,37 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  version_id = "v1"
+  project    = "appeng-flex"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.9 
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  resources {
+    cpu       = 1
+    memory_gb = 4
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..99b9428f3271db69a81ffd3e4e3f31c71c15c33a
GIT binary patch
literal 71522
zcmeHQS#KN35$@*&@*jkG&dQRH1j&04<RuSDkcSuoAyc+2M-mz8Snn?M*OSyYrE<^I
z9PFE<+z{5y;d1(@uBxuH>wo|K)%?c%V2+;u8uQ7l%*Nc9b8~MN=Fxnlr#o{+-`<+W
z{E>dwm{W6XUQ_#9_3nN9>kYjtz0CD+YTi&k??(Drn``Rhmi|7Pi*^?0^vwf3-968t
zKWjVt4b5}a&isbj3wr08-r{+Wztepe{jcbqjahcadf!{6{9d>7z3X2$w7v`a+qC1z
zsv2|I&i}HV^@4u0roRRK=9d1?RSS;=!4_-!O3xqE@A|uSOsmj)r01cZ8`^omO<;y+
z?8G^ZkG=5k@80}OYq0&LT%rGLu#%h3Y(gNkrd?YRWn8sz+R*;!Ua_m#uRFrT4Xyu}
zTF_CKGLGs0ugoj+nPzlH|6b8<f%4Y$T^C0FYrLbLKGS&ExpDeCQIxB(KtDIMS~m*R
zZ|Y~@{hHRgXjgknxO_#cW%_(?&OGNOy`$F$g7K<d^L-1;1wnP$&Kh)M$LMl9dEd45
zqw%R;n|AFhqTK~y(8~No^INnuvZ0xS`YfM)ZBA$%zBn*9@|qyEXrXmQGq^Ip5R3pZ
z%irDj-P9QR`!q1qy<*2N>5nPRu3$mX#C|he7cGCp?%xwdFjQ}8?br0zKf84Qq0bGC
zbWXDZx5W7gtek@LNqhRm;G>@9lhaA1-_p;aRH*xDXcxc(|Gfnc;dDP75j^iJjR)S0
zQxczUX%5(xTcSHFL8Qe4J|{6U&N|>9a~)tHuoK@c=_JU3gLZ6iK&%v;Woq5vC~0sX
z<6@NEK$}P24YYY|H)yAVHDuv?;%<-;N>UU!?0<-lfpWHSG*EI3KMUhuq5P^L`57>U
zlyujA0<XqtA@X<}j{yJsND>ZYlj|0CklG>rKo0DmxhX~hzXPY?)ofY`6&!ETp6!q|
zcn=}H3MazsuG`gz;VG{X`WpI#WPM9>5P2>J7t+WLkhL(k2U`7t_WOaLf8Bmw(N4%7
z$bP3hi6GfxM{@N23-!HD0%d)Irh&Td6;=g-221`A9XyG{eLa?bZfFOrP7jG}L;E5U
zHh3C1D(kn$MEkHGu>Q@O${k5*(9CY=ofv%9^9tj2x|hS^w=5a037X)u_p~!?<A6R0
z4s3araFB4`&YTF^w;fM<joHUE6auV-jt)&kaPgMl0v>%t825@W61JaX^M!sHhk0R`
z76<u9+ELgHpwXT`+o^;T#?d=?iMD@jh^m24SM3Qjb()8B_ol_y541lR2Pa7%TT`tJ
zRMFK{z$>9Y+_g9W+iNWBpz*^>2x$_%Vg%sfl4Qz#q7FMN)@0az##Shymp6%RBanq~
zO5ucn)C8LWK7mqUtr5G-+hqC^`o(_pisJTGpA3w%S1nbrMhM;lY!cb8A^ZDDVi>Ne
ze`{-Lh>xYSUER^nEa^`$cWQrLC)*$4D4=`UrN+FaJv%Ip%r^W7+8bB~#_giv{JyW5
z3Kxm#Z`G63yRswO`=CdqpqYmFAmlyxSYZFmr6aM&;0s~yvV%u_!h;uInjgQNYN7Pf
zw7d#lC7dEcBbJZKzU+hS!z%|Svb7X;g>hO-&!H?trcai4Ero|^#6v#pdak77TY1lw
z%H#DOk3E-`x>-`Ony$#C@1wNVRNBsxc<jS7&pu6dK3o67C7l>4P6WM^uyMna3LC-C
z#HH*w>7>9%>K#%iMzXthSekub1LK|G(-l%D>#$+`6z5uBy8{Q8=n&DK<7DUI7?7B7
zjw1HrEB&`@B|y<+;pOSdxv``7wMl^<AZM+|;c`L0cUW8?MYAqzrP{9LOY67#9azL3
z+S40$vF*R+SOn-+DOLe_No0rnb{+z;znedqznOoUznH(8KSzw!mqmmoV|Te9ox@%;
znfW8dRE5Llk??UzFyWoGvL9qx$byhM!NGVmUoXv*C%=Ym3sNnj#sEpIo2@}EF<hDh
z>*pFlf(Sf5Pv_$c;!b`I_g_tzM5Fr&)eCh$yNE96Yr5N@pKhg)?Ov)67N=bG9}ck_
zCp2u@EQi21V!3yiBsCnvT2|8cozq8|iW9}yLc-<{$`hLQM7<zNIc(oqX{hbOSH#*0
z$Dbi~K9;r`lACjTZA$OUVOgYc{^qu<mfnH=wimqwn@Dc0%;ofQ)!qE;e9*!2XRjb)
z)>kKnz3zL;UkQUz&0s++g&)p~^jz%^Y=3~?v}UjfR`|CsC4=P;QT`<jw=gM4_Y$gQ
z>3()$W2zY}HG?I8z7YGiY6gqW!|?TuXpRxaze4#{&0sldJ)|{*CEm)UF}a(w5o^I3
z_MOu@?4lRz8Et#+LZfD|FtoyWord&Tl>8Vrhj4xizxLr<;ZsmZ&0q<=L!f4`gx|kV
z!WWW;I$Yw6YX*xx4Z6=YgQW|Nkk7b{gmdC*2Fo=35U1L`TOn53<+#^wuDOk~SWp}X
z?uM!vEW`b%87xDX48K9_pJZ&-43;5$wtv&8=<S-NI1aPYy48M1B-9L+aV&v1@FhfR
z^s`J@2B;Y<Q+wY3o+JMC?H&65Bi~pK8AJCjc@8y$MIfYGE%%FcxMr|uNR2<&43=@Y
z;M=gM8QovaV8OX*^H=BY2@SuuW(f7Zrdu;uEQG>+0yTrhLeYK#h1U!g3y<!nbh&gf
zw(8RQ-OKQum4;f)VChoM)aOu&3g`MYgQdS0<#%Ae?L{xaCbAzHEOTev*=Y1gpGQBb
z`wQ65(7zQ{?i7J%MzrPe{P}tPr%Yzd_Pm(bJQ!FIc2~Crb~oQTEwJkEQ(YGJ)8L*O
z;1t^v=W$2)DR2lkc5qFOd2Ez-bc@l!9}(Y*(dTGL-gP|-IqH-vJju%ZEK6A7r*>wN
z)$RrvnJL~+S49TB<*Xj#w>DX$w5&&!%(cOYrK-fl!A4*tEp~FBs>1B18chH66WF-6
zu3TWMzj9VBoN;BVz1R`U)g7^8x@Bv`R(HX8oE=iChK?PvEL6+oz~~60+;&%%aC6@n
z<i}@x`AV+b7VVYf8~##OW#JJ@R%782Q{JK!cP>MMC|Px-o1GCGy(i~dLzVGTS6PXJ
zs?1E<?y5`Wq`)(3@0bN2+if)!KOQ8IllII>FOpwN>o=x9-^*_&=i8*XHmSW)N+`!g
zR}@%C8;9Azs@&C3O6*$tswX9LMe<fT;ofspH_4Y15{uO?k-BMeK!7J@s+TlvHI&p<
zOG@T?<cR+T2P;#ZM8|eXq+)nglH8mzho?+yRC0FtpSGv~k~dd_qeydA84<g8p6Vhw
zb24JNYxyc7&}+)%Ubyq~*s3A9_<8?^{1iDBmB)&-t=pkTGt6rw{l-#e%3O)AJ=s>@
z@bfpxx^xT6W1i|BX>%fSpU~-ZAApg$s&)+fhJ=y3S_in#utKS}Ci><$=w1&ix1l@x
zTva)=yeph7j01o!v5Tlp!4==&<q#P<qzVUm%u#*gNky$_-X+gnUpnk@w^Yd!GVM?F
zFR#mwn}2V<^>UtWKQ1o&E3L0)BkxJuJxB9q8(5DeM}VVN(1!kC*F>d1e6qeNp=Vel
zAL#$Y)i%(2VfD1h{!h2ndo-1)kP0X5{STpb3cY)Iyi>6pD#UZ(H>NKaEKxTjhc_iR
zRLW%)z`lSeNL>#jjJ9AW7I`hShg{V(d?VofaXFVIwHs?23e|pQVJM%=Yj4a=RcSL4
z{N(oG36U}bAwT5$)&hy|?Q3g{RiPNVYd!4)Nw*R;%{4RoH4=Gs@Z<U1XWQ5RhLsn&
zS3g{;I^ghL=n&aP)1>bSq2KpCG4%T-b-@04Q1vjq7sKbOhfV2W@i!oJW933+6TM?q
z2h$K4f37;%7+lImc8%*`{&bZy)+)D*nM-?0ad&9ddn}Fk$*T4}{&ZNL*IYWuoU}Sl
zXHOHB_xas`rm!EC0O56rsr<KZ8P6`2{UrA5v9*f9uel&gTi2SyeC3k<KO#0al+%6u
zoOipS-?27&L*Kz0`l_|mArkwF;+$6W>ot9MNuO5qFY;NodAB(}s^&avo`mPFo?dnG
zF$mf3fJbHP3u44_p5Qs|Y@y)x33zqLInQb82aca<ZV)^&hh$fQ6#JF<e97!w9<gk8
zE{|Dro>8ebEY?Y5zs<9DgKCY$&=5Q_etgE4uhg999|+ss{;IX~P@+oGN;`JdHRsul
zQu@C-t2xgk>90tBLNucI0zz<f-ZIjM`tS*{(>3RL2p4F|C8Lvo2OkI@5Pxt%a&<q-
zU!qgPB(R$E3>xFC2}Ct8wKb;ZJOl4*&hr@ckA0_eKm?C!&hwE8@!{2+=P@jk@ACTM
zLL?14vzqe^dq~ZB#x2F4Nou+N77ZN_lhn0BbK6SxE84c^JRg?ly`P^f5(Q31)N}bl
z^tH{~DO_1voE!ZpX1P@yv5+GDhH4VJ@0#<xY`ugG@nib@Kzjzu_RT<x(^=KWv>yyV
z?24bAyXHJYbIBFA;<guEUwX}X7XIVbmi2V|$pCr<zWx*ae#v-u@yl`ybIo~{+XtYZ
zhUh$gnB$8n)q6A*Yaf<fHKaW2rx6>w?;Z{N%yA>HAD-zs?I&&@<_)rbJK>8>WxWdH
z@%CY~Rdb%9Gr@lV@659O1h35{$)T_Yg;_wmQL>@?($8@VpA9S-h@-};VA;8&mD-yI
zrQeWK)HmbMpQ`rD3R82QyC>A{^|YGv47~uB)#W7j3Zv_gw*)t;4*1LSuHX(h;jg~D
zPoODny?e?(lDg_)Q+k-cR3msOZOwTWNQ||)wT-HS4WYgdI+#CQ)tu-4PU>?m^!&^l
zXOWw}tKP#{;VU)e(@Ewe;&E)~f2&u*S%|k3je1442Hat)Zv`5U03OTA<x`$}VtN^W
zS17Ha5xaS}uyf46Vc*ml!2O<FJ#3$7#n-LPMfV5HPnS^~vTNgO06ziDaK|j?f@1|z
zp?Ds8%!|6U%_Q>oy_5H1zIWLhY0G5IZ?6(A^N}_-hhF-TcDFh8G7D*OZgs7Gpl^Tg
z|FFt<m$nyl`}Rl5vS%9CR6LHiGC$qo-kh(LtH39X+*mGn>4$OBH!v?}t!o)4Y<BXt
zv?c8nGG>~YOK;MG63%HSQ41dYY3>H@JTtH}VSJTJY?#d>&Fz}zB)sy3ZiIN}#P_6E
z*S3G+y1q5_yEMI>MXfY!4qDcjTA}_vy}d+6NP~4b?nFyFL+MRg#B)tmG))5&8A-Py
zU(Qh?W`~$I$e!RG$33}_Z%MtQZ$Z;Hbn47WQ+j;Y=P(SP>OD<whefko`2e@?q{%!K
z*rvhHVJ2dler1+!crKB*M}*C<2;0~6cl;cOn*yuj@Gk7_a4w(gj&j+PG&`&-X{PB_
z=IDkuuM%;+upO4UhP@q*AFPG+Yd*$7-woPKm*8iY=ErY&x?$(elV{|$z&fYhP{xRZ
zrSwwiLm*L_KGIreWfiHgqMIv}rcarn3l*OxkrG3xS7s_LY)<1f7|TQEZ6e6T$SdV3
zrJJ+lVw;won`&Kf5Vp8(rd0^ULNTzL!L$5k^N7PXw>2ZP4D}sgm&V;AyIi%-i7L1A
zU4MkWZ$r;2Ca<e3bo-S`_<p`}Fy+dXVJr4|%a`UrYaGdnI5=1uyVW-tJ||9e;5xD&
z9hdRMxZLHdx#{=jiwT2K^~Pwt8GH7liLoB=9nQE?cjU?((#%|XllJhuF==kemGw&-
zCTq&ux=qvDnbT>Y$Cl@?Ih+MsA|TPNNt#=cZ5Mh>?45G5jx=~*y)gpM?X8;xU%fG7
zkUT7!t=<@9J<NL@MLVzF7|1=<8^hAycD$+H7`an6?gV!`jjA_h>@=GCu6knxGNq;D
z>WxA4A9RCZtX=iSOhKl4W6If&Mc(6k?|dx6mZ$hdH_Lm~8v`Gd_Is4u`Ra`kOmu18
z<g)L<8#Biv#_a)psYCm7>>b~%nck3Hjj5oa`+iU8zu!^B(TO>we^2QK`G3&A@96%Q
z6Z3oe_l<dL{zbp<^B{P45Jz}T*12=K<=<uljo<jfyNi+WOWa(~Gno1{d|Ajjf_!uF
S{9E{UuSvW9*xE6l%>MzD(*48$

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/c.tf
new file mode 100644
index 000000000..87356936f
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/c.tf
@@ -0,0 +1,37 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/hardhat-bucket/hello-world.zip"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  resources {
+    cpu       = 1
+    memory_gb = 4
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/nc.tf
new file mode 100644
index 000000000..8c0bae7de
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/nc.tf
@@ -0,0 +1,37 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "invalid.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  resources {
+    cpu       = 1
+    memory_gb = 4
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..4258a1cf94a44910ee5b2e31950b6000e79e0733
GIT binary patch
literal 23948
zcmeI4U2j}95Qcq?#D740P17Vzk?1`_+;9Pi3o5iqlQi9uY{Kp)lve%g!29^!iGB7f
zC**_DTB{_RV|zTF?=v3z@4w!qL3)|a(j=Xx{WMF%beWFy-!zT%bgb5A`q@caX;**0
z)XyxpPt-fctsk?Ko@nIL`N;EhqETagj?!VCX<tt+^xsrHo+WUZXx6ig$Ep4vs`W(e
zrIo&CdOAr5SL2@Nk^Aa>sOR)Byg@q7(2g^Vq2@l<XQ&=ywTv<zL#=`t-st}q3;nv3
z*wT!qfH5;xgG{%vU>^(0;k?Hz{i&Iv$6aD!44Ciq3Vz^qo~d`Kl^m*VqLp_0K^xXR
z6@4edaBBrGx72=?9;a8DVXEIFts3b#*Ry&Z#$&41SAvS{tdfH5EHRgAUF0*o7-<a9
z$Kt_A(Bbm)^lKioFCNd-W~l^=q3}7#kl<YOMrMF<rWuA>_gVTwt;0<HNnQ&)u?+8~
z?JOBc@qv0=s2{V8G<KBU3O3(E>O-oIHJ2$@+J~A2EIi*Z%MCcqL=9#e3+{<N)|Y*a
zM>^21_493KO?f|G|DoVd({CF`1g)Ua8})?m$THu?8a>nVu~r)TRbv%nkW$uRnz9mB
z$+H7V$l_XJ6r2G%G+#Xzv}X0Ex&5ZN0n<FZ32q+M2RAUo3eChvq`M!Tk%HgFLFl=e
zmvAOH`6ADQeoXT>WDHrcjjDNq*1i-~ksaV;mCzDwZ7rFLW8gVF^9&PNaP)=$k!7^P
z7-L(_Q)W5I_&^ETvCXt%RmOs5U9@)5a-m*BS;z~)KFQzDG$yd}T0$PtW^n30eXFPE
z72MLxR^Z}l-g<qtwMTm<f^2<$rP*hKIF-IV)(4)zOIzYCQ5dUW+iz<#m4;y}PUrS*
zqIF>BX6aF0*@5H$N@D$vG!N^3G?x(8yd@jqHNe~8ul46#ec|g&c-Yfm-QalPhiPj2
zW-4Qa%g91=EUz)}TE~J8m%b1VkA*RQY%9GM{6PngOU;S3#q#aX{n@gdEqlC)C=2eR
z%>UJr8r)@-FN6;xkcsXZmuI7YZHwSGRwlf3&28*3UKib@oxV^4&J^mDXSP0$NbF@y
zuP2qIN7j)?WCxwVM)M6C<2CFb_Oi9&3Ah5K#)~zKGJS0G;00^2HVqWzY*#a$t0g?a
zK>P|{d7*XK8nd$1c<j!7hB*P1jm;qK3A4g&EHM}wpH-gGa@MtSreU<4b@aK`NBcYM
z&mtv|L^QvzZE;NUI`c4Aax5yGOS8Idj}&F@ijsR*@gi6d)j|DD@(^*IrEDUKLEU8v
zcDZ!D6g|xp$3pg#A@gpX3_XNYSgu#c$Bua5=T4Tf5@8%m4i@>0A0W=fLJeg_-NRaP
zspseueXQ@bzw6o(;Noj-zihFfXt$U3Jl+j#;cNX{?2Ysz750(X2lON?9+5-Qz#2~1
zRv9;Rxp>{s)!J@j&(U1lyduTLzbsn8#S!?Oi)>l&KG*klM2*#2#D~a%@vL^1VR{um
zrf<>@>F4xa`aXR-AJx@?Wy{=szj2IaXqS=^&wMFb5__8hMGJ{6(8>d0fs`=LQUG_M
zGgjX=lX>iy?)NRAPedPHyGZ}~h&()A*M@G2;bR1Pc=Jf{uH!JjTOld7poL5DsM!19
z9Zw^|ft&AgY!MW@`#2{c-!2{@f+G?k;v{cTucl8t5m?;bqxSPxG2bRzz1hOvTqobl
z;uFi?e~yIrMq7>#ElW}`Yk88ECuw<-mM8f%@+A0vzZ;Vuj0}k1B*Pcoy>BN5Y&ndU
z!#K)sP4Ujuav1A!S}lhWwrEpa+;SLxx9;YYoxyK84DvzvxR%4HcQGT|`!Ks*Er$_R
z1dBOKa$@XQ5s$_0U*wBg4kIF^^?617!+U+mQZ4$3l0RmjJ#s(~lkxaa^BsZL!)H6#
zSs^C}FR;bt1DRsmrQi=$7|xlogEyF0KCoZz$|8@h^Y_#odAF~?ZFMB<1Qd(k>PVvU
zCTdS^TI1rKrIsK0H1Z>@j-=I*v^tVjN5bxy>w{Yz$zpsR5u57)*=HyIYIP*8vvj_p
z)sZ*`y~`X-iTA0x7^@19N+K$}?<fAhuL_c=n|4J8wLp{n=0nZpFn=r6BGxr3^r<xF
zZTI7<KdD#tG1s8f>x`^q{p@~fQ_8uJdakYnp*xXz^85F7HI{vH^P6i{7PDdaS}LTw
zHE3W~<9+i=7xbmhAh_19TZ_glWXnqhd~IizYuEl?wx-MLR;|X{{9RP#hYqxAwQ{1!
zXQVc3{>^pRS>A`q-j=GcR<A})lxz1|2Di?rwv&MEB%t3o>Zqwi?AQ6&@Eq+Vp!cG?
zHRg3CI{SF_DT{jVXZ=aQR^hh1qYO>jDZO?|uipva?nyk}cep#DozlCXvzslu>gxM;
zN{?&>ktQc8eb(36zuND0GbAm$S}GkP8f)2Aay~xYS7*;!c6IYj0uh(@Kl#_Pt1Y|Q
z>SzbDHk`OEH<#T0&Xdr^mR)^_?5f|xy&H*_IL<qg-8w?@ugkTg^_bWfsc+heXWg5}
zx;=<`UTQ|_^zQeLvQjV1T@CEDI?LN`mFq^8&iZzFw!VJ2mVsfuGb!%DS?06vu<{#E
z+$rc7*ZF;JU+8<wTc6!|;^}_(t+|$k_hZ-lcrU)(Rfi-;EiKk5EY#)`4vV?1by=%E
zvkz29{a@a3Rj(S0Pi)!ezN&s}i#uUf-)R-p?z2mdohtXe^qZYGd#r;k;d1_?ACx{h
zl5%39&s|2hT}i*(LZ8*`%+Fe^z6q!gguRNw-TnXY61F7k^>6X!Ak%XB7N0)YET58F
z1ubs6sk6}ipx3tV`Wt@!{e3{jx@*5nR-hlQzTYRj<Mp?AGAEGR{UO9Io1>!U5%Cmg
zxc5!()+4Up>uKI<b1c&@qi^fduPW^Jez$omqSaNAXY*E6zhXrOsuAQix|?__qIFAh
zWY-;IoXU0^CifHXrmu7h<+h-6_vBvsN#CDn#;56P{od2(7xl*C`((h0qTje<5GZx7
gl}HBY>}>cnW4E3BEcfps@jjtmDiGhN&(mk=A9acVQUCw|

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/c.tf
new file mode 100644
index 000000000..54888810b
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/c.tf
@@ -0,0 +1,32 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/nc.tf
new file mode 100644
index 000000000..c094514b3
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/nc.tf
@@ -0,0 +1,32 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  version_id = "v1-bad"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "sudo node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..fe7b377c1f48921e5e78e21d923eae2e8be10910
GIT binary patch
literal 66276
zcmeHQOK%&=5$<z<{0C#su`J8pAlTDhf*_Y1k|2i|0wK#@EjN<Lkdoqfp}(G_zA0CF
zy5^yNld>CxJu?)iAN8*4>gxag=NI#9^DFb>%cnCxnvL0+8*^dq%*s5NkMy)RYx?%q
zbmn{dU1wgK6LUt_->7%*`d{zpU1?>hh1cc{we#IXJ6m&2ZQRo5qxsN};)1@pr>Fgw
zF}S0)qu<duH~q+O==y=)xu&;x+|%z2-$nZydS_=Y2YtPBW+}hd*X7pruREIG2m0*#
zeq>gix$4J%)sK2bzuD4fMZdYFzpQ(BtO&N4(<gd<uYTuZ>x5>ZaiqtgpF6@l;3hD`
zGca*M{R0=_?cJGw(;RGjIcFF?8qDNoFq#+$Z3$}|;*50<ryb!(w+gHRUwfj&9nJrQ
zuHd5~XPnUAH|CZ3iAJ=i|JQ^qaNd@_8^S1jj(ck9C+ZKFo94e$#kraa^m9kE_2WSO
zrhW$9Z)vWpezvzn%WIk~^XEHr9yl&(9j)FIj5qz9?|N9S2&$L;sKGb3kD;`a_kFKn
zJU-WI*Ux=Jyt^U_+L(XQ_*OlS>}cfRJ}YO>%qh(ylm?c1-V&r%J+#&|g0=ZfFapG^
zeD{-gbA9OV^T15E3XEUThdIs8U`5abz8S8oUOoc*cf=74)mxhTHGN#&rQ45v?x?2=
z8Wp4^^e3ot4$h~&_Di8hJ<3NfO{L$`&#_#n+vx}kkb(br0uJ$fKkgAS?-TV0*$gd-
zyIUFquyRX$XDx`lbijHNJww-l{#fdO0zsYl?vgY?2^zG0Ljq!^kSufahD6Cj`{)<F
z90uCl^I@RPefvQ>7p!3m-;s2KjZl-LAYuPWatxgFltcq3r^vH7`4ua#I<lVuQ&>s+
z{tmJl+CuE{G#LT;_mM0d*e2IK>|nLS`hgwj>f9VXLEb^q@N9Oyg$jwc>UBG84aOm?
zSCK>*-E}|vI6CDy!e2w1u&i%s3}Vlv&_W)&0k#&#c2Bck5x(yU`q%yahA<&G5Pav<
zM6hgukrHixrna|PpsY1$9;oY95mgXqu;qV0pp!J(*L~^djxb<-dRSyT!i!kgkZF*p
z?BAXc?<0P|{x^Fnd$Q8tncdJkDfFzz6({R-E6+>bvSqX-XhP235oS2X0e=t@*vc%C
zAn~%DB@w)D+n=<Wg2y}@0;+_M4o^gA@s{8M8U2DN?iEoaVm~M5XZmFt<;7828sr}c
zqlg*6qrLbNrxHn+#_y0NI{vjIt_D4=dkr+F&Eute*VF5J!Vmg^CUL1X*UZ2bLth25
z68^)!rvb!XQ(*^>A5lVBlV}w^fDSLoraUI@u%lv6hT~@(g%W;wlQ}j5TL@YT8Uj`m
zVg|Sary^P-ahbQ-{3o;veDjRbaH}-~)9kwE3ib#gTR=@>`*jq5Kg|roEwyiBEgi|R
ze6g!NVdj!PLb-GJIm?D0ktpDM!BS`563(8NMCKU&J>dqCf$6wtyu5ckQ;{Mm?QI-O
zeP}y!ybpd<4xZ^q4#M8U8Vll|rF<k_G5DD%_i{i-SM;<sFX<mVGWqLET3tIM&U`zu
zGNyTa?z!vb7FL*`QG{QtOcfj*gB>JmT&(wY1RqFV*5oeV<(F0#BJ*12yPn(Qykm_Y
z*e-rLCZ7x|t7DqH*EpVfu5E#{)ndI~u}@PhVAsZG3BvLdb_IJWaa;mv<=XGyOIiOH
z|0vBm8utO62<eE`^-sNIhK?6s1#$eLC6n5_>n{lO067~UjJ1^DOAdW!_|&kI*jur7
z%OydX;~h7ob@ueDA85wV4tL~d!cV)QE25vn*4(yiEF>1!wsk~WVT}Olcm3D|E`Kq<
zH-9#NGk-LHGJlA+Ah8xV)FZ+Lskn5rEO_-pM*cwBJ06b@M0J-06Nb6f+ptZb$6-An
zTE)GEM%y0)?P8`Yc%<w_VBYN2`{d$G$-&`wEfWBlRImVRugAw}qap5aA8X(1b`G&h
z?0PKAtMu_Yb39Y%<*#)u4Z5tY1C4PGJ&f2STN}`<R(i+j&~YEuL(boJ$+f0jk|@QG
zjT=L(^y`RA5J9$U63=rDq&CzJ5%Xssg!71y1D(oS9Yx<tN8fAX<#|OGp?^z9#cE@q
zgs)%P5Al)LzTQgMdMvz-@_F~j^$Ya^kxln4W!}fZsO8>c6*!FM#a?V4H+$Sz@oBmD
zLKWfHmU}-1vpBu4TZ;87bUTNLs<hmDc=;{&9-3WpOwwZQW2%-N2QBwrXOM@k258vE
z$*)*>)pGA&^ecZY_dY$YqA7WpZJrvl8Mj?B9_r&4>k&QmJcLHey=Q2}$vO?`^Q8R%
zabt*=w_iuxIR}SK<=!K=6nln|VcoLuHKmWATNZx&9`YLN0D1VtCqJ@f;g7k)e$%q>
zEiB^hbQTv|bS(?tg(fmFhx@}*?Ox989PXF3IR>jfyBrlRS{A;G1^20C;k)pdenJkM
z>_BT-_|q_2{<foRl3}iL+jTV!ui740iIsUbQ(knT_$)08e;V`rt<IAd=(Q~TuQ3b%
zCG8<Zu19DdhENb{-nDFeWE;e1Kx3u&dDZ1>+4%Kqwz-~5%f=T86u-x!Rb{d;9Nux|
z&6bTngo)h$V&d#$d0(z=RYV}+UODrh>jB&Be~Hti#A{<Q7r&O&vhiKqPCwPhOUuT0
zF;O1_C4BzUeu$6kS=J5HGT(jYQSCnF=%`zpPxk#Iwrul4rpC9N0S&*Se3t*yIsU0R
z{aE`rT=jgc0fbh|M=bJ~s^fEX8MP!pQ><;5X-6aoXbAi5xib1PHOf2sir#t85$Y`X
z)r|7h%A7&R=WNK#!m=$f!yjpec2BAwWMr0jKVL0>v{o`!5H>fNqg>f@sJU+dJ=Tgw
zq`^jDBv)Yam}>JMrY66u{RB3?S6?YG*IvE+e_MUNR?U6eW4-F{wokvz^VAyq=#Q%t
z)r2bdSQo0?ryo?)>LutLiPDiqws1?=`v{XWp>m~Eo<2t?ZS5<r!j-c&KKD?wCVu{?
zYnon$1yQs1{V>y9;##5fruA7z=M&|wb)N>+@d$^RQM&3{m_@GJo_oehwyo}W_?q@%
zGDy$rJSvYqtj|z7tWl>We?&NqvZwOmC9@<~P5K&G%U^rGX106TTJzjG*IdLtO;q&D
zQ)9kdR(mQ{`{Wnq$zlhc_|^AKts&p_HR*vz*0g!_OwDZd5?PCoV0CK5=g&$nEg4I!
z4QY=m*6OQ~ZO(m^s`V~$Z>i$WkidDqxof<a%qmZnwDoJb!^f$UJ?<~tQ){=ElI{7k
z#GAa;zKlGNS2yhnQn)XYKkFOgD^+uS+%|Mi>00Zc#bMoYk-%x$-MUq&&3#O@)rVs&
zRa0HtJ3`HIb|-SHfh$xN=W|yO<ra*^)KD*#t^KI77KFd`b-0#_c+4%Grv={`XM6L!
z!gTAmwzgVtr8CUV)_4w;-TM7Qtjlo)YMlPC>$4G%|H^wf?b?L!Gx8I0)^A&B(U^M?
zm>(NTDQ)#&u2Om~nzV6xmdNq@T7)*rtWKm#sHuE88S&gTtj}=TE?<47L^QoLRO;nX
z!>2?RoUUdb$6JUKioF)wLaAElp*g?dv|K8ZHq5n*g{r%kDpt;wjWLzxs(d-vV^3Bx
z9$o*1;T(&zGWp$)o;IADN6IG~yJtS}?69&CQmxSSh~S$~wc5O*IgMO5|1*py^_W9t
zsD8huSL8~_mIJ17F@A2I$((1B!-HsE$(Z8gn=q*qDuteFj!$W*9NsGl=c|(0C#B(C
z%Ad$l53YFvEQ`vmFDylCrYUdEvR}5PVUL&J6X|oR5B4^soOE<-yCVJO-1bF^R_9ZA
z+P+8&kEJ{CZQB=VAyn5dUXspsOn!I3WZM@xt<(G<7+(=d+OHXDfL-^AR$6QB;Nu?a
z?%?A-{dVxReUU<mOIN%5(+{d`wSElEFgX(*J9tkKZJhVT5%W8`M~2%K<uq};JT^1R
z%~xytBFC7GJ^xZ#YWpGu67F@`e{_HQ^wV%RXsvUHkO|rLMTXd{;d1YJW^#nUMAJ5?
z3VRH2;tR`md{gSYpwfB^_-i{PHID6b+aZbkP|l>sioZ~N+aU=WX*(n>r!3#;9Ror~
zZ+i<lMjn@zjK{qWgWUvW&*N!3B$p`~e@(NI5dqxNN6uT=^_lqa9B)YC!g7`U+?|2E
zJ?(iV)w^#yB%j7Be$jTMyKpKkZ_DLrims9BB{ApXjB`JwIxRBD#4d`B^61@{&^>L3
z<Vhbt8}8yn4OUxI>7>8EAx;gGiC^Om$=LI4%4IV6;RHHRs?N5ZlCH#k>Z$J9XPErg
zV-Jli>Guz@QrC7$O1*2=pvc2JMo$fEBwNzK8>)^D%NY?18F9>bQ?2^ibr$FHk>hrt
zj5)96Bx{)1=P;=lDg|3kvW2w0t6P7s?Ub~TAKr!2a;b<~+bKE3i`<9fr<@0lIyrnc
zMB6DT_?f%99#PvVIR~e?@0(ZjnYe9ix%>I!^H6O&CBr3Z^Gs0B3wd#fW+IX&epx6i
zHC+z#iSo5sqPl#ThoI+qoF4b{%=!t#L@0$GgICgaN}`So@@`{gLcSWtyrT){XG8Ms
z>4UsSsZJ~7i;GW{rsSNSK&g5rOOTs}kNd6WZ`h5{R)}_8(c1fNWJOKK1*O*W1HA`*
zzw7aATVhO4zbn!nm7zEExuPhhoZh$mhJ90?%ILP_XZ1mL-BaJ!G<Mw{XyJ<HhU)S=
zim;y06|)3<_`Jaz`VN&lU-ea`kR7@1VYwrp@0FTa4A!RSfE8K54Al#H2PtOY2R+`$
zJj@Q3JpFfG5pF-+SRB>ZYy0&1qcR@3rtZ9zcI0~4owzazxk8c;BSYZt@Rj26KHZ^|
zSW#WqkHizq<C=@7=~l+4uZZ=2B939%E46TiF2g8J+D0s)<Ze;vCvJ4|wp?p^?$T$T
zkxOfG1t(k(CUMFv<P&hPCh4@M^Q*LPUS<S#BuuYz#tTOCKx4S3F^Q}^CHeiGm)w(9
zeXp*@^?hsZcX?VnPnv1m7__Z1H$(k>{#r}YLmsLtQSmhI2&FZ-F6{}*0~6^<U&X#$
z;zW!Ndpu!VL3SVm%G!k-L*LW4;A!MNEm>2#f8Xag3ZH8|PixPMXE_4_w(^$n1phBB
zA3<Q7hdx1L?*64b?aC<q=v;C!bDbn7y~{O??&98#m-3~m-wHJHU|45F=V?{O=tnoN
zGD*ES49i&K-j1ga_Cnm#q|%`82W_A8s$z7|V_?Rvz`bPsG3g@>uF^{56@f%;UU75j
zeWGtN(z&Z2uZTwD-34{IV(P4;G&=U1vs;}a&K`}I1@5e;&tj?p1)QbAcKeNaNp~0K
z2eSAO^S|pOqliNJ?`5b<Ic`1<S0}2+GkmsF+>Ars3Z*gF$h=mAoHayD5b>6n9K+|-
z%lq=}IgCyb*E^2tjap`YYcXY?YL8<WwWzX&$<%WgPfWFd@1V(QohK$^$TM<jO|C7f
z%#et)C<Ti8ny0mMFKwXvmgl%JoJV_6x%1Lw9(m}#MU@4fPhb7)^cGc~g5>k!*%nns
zP7Np-CznmFW5Q}LRfkK{Pn^V-R^r}{m-j8c%y!_@6x8C&vR0L*%l-6Hi!X~r2)(xW
zvOui1EN$`Sdhx*)UuM14;>*JAa`n?Mh%ej9I3W>Z=_gFO_(prB^_+3$rP-ZNMkn04
z>9O02jcjw@P!x?hzcXi4i|)+)mSB6@L-;k-r~512y*1y{zc>B=zcYWQ-@7@mh+CuL
u-8JRLTu}W&o3A}xtAeqNp7BepsqhHqe$9F5$e;T7{}YMrNu_|$qxm1;bWGX+

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/c.tf
new file mode 100644
index 000000000..ce0d8da46
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/c.tf
@@ -0,0 +1,32 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/nc.tf
new file mode 100644
index 000000000..9f0a88039
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/nc.tf
@@ -0,0 +1,30 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "unauthorized-service" 
+  runtime    = "python27"
+
+  entrypoint {
+    shell = "python app.py"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  manual_scaling {
+    instances = 1
+  }
+
+  liveness_check {
+    path = "/unapproved-endpoint"
+  }
+
+  readiness_check {
+    path = "/not-monitored"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..03f4a3ee4abff6568c943223e725430f67358f21
GIT binary patch
literal 60762
zcmeHQOK%*x5#~8S{)5ryNS0+g3;2{v5ag0W666p=7-%J}tc|3Z%#0MT7y9c->g!U0
z-R#GZ#m8u5La?bGP4iLjDi(|X`|q#jx8^tI&GS!Velkn5Hh1RSY|X+vnk#zRm>c@^
z-ZbVDeXlX^%&|G8_IJ*^+xFXQdRKax>*1YwPyKux>1SnbsgHa5xiXjSEY9hZ2YT8(
z&!InSJNq@wbJ@=Pj@nCl=a$~$d5^!-eHZ;N>7BK?=#2Hbw@UfG+s^mye!HRdUDD6G
z9Y<ExnCo`_*X^tq^qm#`Ea*G;^p~3!9t(mk*7TL0e{{ar$JQ~e!o`t05BIqt%mZ!$
zGdu$m=QKWW5#Ha{{6cH6{iR%C_-wF}yUuJh5Lyw|mc$u1Eu7YbAGcRv75Lf^C9Y}x
z$JBz4x}0%Le_xun<_pbeL;v3pw!nES`m771@HK9zr!O=fFgMPBCl2SjRNy{0v|2w7
zbl-HJLH8?K>!MxlJ<;+Ft(N)ovpEZ#m-LQa9|*?FcFo%smJ5RFMLTQojUA&a?c{ym
zHjKxodTrXZFNt>-L_tgQADZ8y<&ibb9NcH+?5R1Sb%fHu+{i0})S`vf4b9-jd?OeE
zVphKU$-AjB+|Sd%%<UBzzosANG`oTYK@<39xGq}x2<&f(BN(dpwDw#2>FX}Hf9-Qa
zBc0Q%AT6OkL6uW*K54aI3_ZHDeDcy%?pyA&mJ8i}8o~l(;J<djLC^QY5h3%w(s+=~
z(31G=p5_3o+!Nnf3nDEYu%5)o&~>0cmO7w7P$xdSAWe{i2JP68fLJLc%hb9dQPR*p
z#>FW6fi{o4A87N~e$Y+@YuLhDl5VgON^%q=?7vBlfpd0AG;nf^Jk!Z9t-NZ;eg;fo
zC2iW@AgiG*#2$~65s-gZWZ}Rzxou$ws~y%4?7+UxO)(PW9V88}X5Ct-ka&w$x5L(8
z9Kw1PNrc(mwyW3CDX$U!8v2A~eNS@`doG3+(%22KwJ^5_TK$6X{Xo#aZGT@9CIkn9
z@06MdmMt)nqwjCj_bLgLT@9KB>Ta)yDhM>#@_*>iNgVCFW4X@_VZi$Iu*lYg7qPG*
z(;!jVzda`2NBn^OZ}wC+WTn9~yQ6nv=-Hi@PS&}-9G1Lg%V<T=gq+<HW;n(He-IMb
z$}Eu}dfCpB2;R3HPkN2PV;T+tRl-MyCnB_XPjG>ZenS-ZmM9XjpJVegeKU^obd(kc
z`A5PiVg~SN&!6K|A_?R89kRrYf31nDK~FcW2Ab05dg<P@^!g*=2jf7K^r<z~%D@#}
zUj?!f{==rF0mNQoVF!;NQ9@Xg=oKS?4ll^2d`aA4XT_cj$ImzlCH(R}acl&(5VRCD
z1gs{+4DcH`710`r%X~=YKcQdXn^zQvTURqM&EB+J!5$%G3#dtKzlP%PCy8OWqW*2H
zr6D<%E_Ssc%v{iqQ0^3dPLttBBntRmu+*3jgtNnv$Q;9eAlx7_Fdi4x%lp1(DpDk-
zzh%!-@7j(W?}Hzef@d0%gRu9o$Ab80E+2_^41Olcz39-<H9f7&5&eTlCVxGm-L+HV
z%nu_wV=j+RJvXh~!VVKOitvk-se+@IU<b(_7wf$>!3UC;HF=-!(n~7~k!daSvE_E1
zckJQ^wu_&RNhibd>X<6;T^x@+m$ty!YO!9g*rzcTaNove3BvLdb_IJWIxc~<>f7(&
zOWFSy|0vEn8jb;-2<eF3^{=gDhK?6s1#$eYB@;V(-(L{u0dh7zsI`>fOLl!{_|&kI
z*jur7%LPH1;~jUTbvE>^KhTPy9k%3W!cV)S7SYdcZ~eY(EJTZI+dCqyutos&Z96xC
z%iqi&&0ozw%%9C)%%9X2B=+LEdPKM&7MJ}j3*P;ZnLm>D*5mP!sP2Mb!Z5db8@37b
zIIIUmt9Z1~X!}#3UCeX^kCeR#ted@hpIn?VIoSQIW&$9S3Kn4L{dk==>f#Q+Ywdft
zpMC5S_dS;RU3$IF9Ih04`L*t)L6_BipdrqohY_1(YXh3qN^hMG9gbl=<n(>#+-piD
ziDLX%-5j*iuOTi$1ljIM9OfQKX{hZZ=FdI|=Mf<XI+nK@ioWHJzL&<!VMP|9e{)C0
zN@F00ub<lw@sZcQ-b&bhEWD2VdH2Zm3-tn#P4_)z-s@mgbMLVW97gkEFYe#t)>}<A
zQ?F*~!H<f!!h{>7?dGP%T6of@v<;oEsF`{Kja_Zc)SHG-X{+*ec&R>i<}}RtFJqZ{
zE6Slk_6a1?8?q=lQxBgWR$d6OTr>6T>E~UvAb;oFD&Dz*9gBUDnyELPLs2vJgmT8(
zmy)T6J$RO7e7+gyy^jX*%22;{Y{mEta<%63X*3j{_rossTt1(sXTg=uzm&J79ZE^D
z-rq%?q$q6*^>+(neFV;#>7GQgyEltAZx3gOYks3p(O6sa8^@sHeunG<$?c!k%{9N#
zg`0hD$g=NdfgztA8N*xBi-^|Vx0x}>$kEhBvE%fAtC~?CC(N-M($7w0`47slKH#bO
zAvoSII3H#velOXNY;Pj#5}q_pihXPO2)T*f3`DKP2|nufBYAahUSvND^XS<I#w@T)
zzojh6nj0z9I^UvB5Fjq~!iKq#M|83SJ8*iO=H8nO%gJFHd%Zc5dP!XK!Nz!nYd_U|
zurb*DYIL5R+t=Aad6%yv(yqgtUb@tLFqi7bp0ymM$BR!sSX^YPG^M4E{?r__F-mnm
zgC&{wEQ}8o&ePhsp6S2y<ea(T$W^~0jre<r`$>fK^QaD+kIR<HZQGsM7Msb2b6fkX
z8H@OAXpLAz171>1SdRSR1SM#SBNp?tBm4&%!YMPZ2RcuU@{ZeLbe3{BUFf$X?yGUQ
zW*b+RmX(E_=fetrq7~Yc7=DnERpR}06>QNPA|Sac*M_Z4)+jA|D<vz{V#HD>;^JT<
zFp?ISd`T5)_fv_sul)ozzOAnmnCh?GSwh}}Em>*Sj##edsU6d=)@f{IS&YYL@=Mk4
zwIh~=DzDNHs$mgHmp5R~l&l=f7H;lSu3>T}RIcQz44c0qERRsK5-g9H^5k!vUWNrx
zvf^uw{P7%l<8e?ON|kQbid$<W%p!ODo_fY!i>+z1|4Oc5GRR%k*{Fx_e#?Ch8#7$)
z<&Q@53243-#h!wetSX<Vj0=-E$_7>CuEbgbYw7d2OIBLtT)|uwR)?90sq(e+o#~FH
zYM<P%G<n(nRqbLcr#5Y-2=eY(UZl}8CG)SxGRm~M5F!U5!OCP(yA`!07fN3dHMeB+
z*^dg>l6{X#beE=|+?7r_+c;N+Q;B;^?NXtK^p#C>X8guV+VT}l;p3Fa?Dd!Ju@y^m
z$@XCeZ<V*AId-+-5-nZ+t(zAsvPEu5&{Q0C`{e5PX)28l`-bkxU15~-58Zn++&EJx
z#k;*uWzO!iqG)%Hxhjde_Kxg_>g>+l*|Fhx%9ADW<YX;O$%*b>D&jHsbc+P|6E|8i
zzlQ17?`?0j+)ihho$cZ~R1diCLmrj63DWLZaot5oDBQb?xE3nQ<2SoEA^ePJ6mGby
zJ1s8e-UR04hEhu1J(#Kwnu;cEoL=jvx-^kzcOq6oX(GpAV}{fAVMfz)L#15qHhfB0
z_ihbO9d98{D0e_<d&pG*G&IvYoR)J%(z>~pTBxRq$8pwTj$3o`<0qfz4eyUL9{Z>J
zSf6Ndwr|e`6$K@al<)KFpW@@yg;w3`dqg;YI@W9Tid>sQp3CNchG{yPqqLziRNj-e
zq*v6JkhyO>;Ap+|vv!a760Nt?Cs@O{UZ_Oc@_9{Do=N<T7>AQH6)PcLB3)OnM0m=!
zWpiD|y^?Ug%9(u<M){$-kmGcSqtDea3-7hB=d=+I)?ayU3OFoJAeWUsCl|*l?`a}B
zJFit?kH3t1|DgDo`u;ENRHRS+e#sAcY$GQ)akn6UsO#}Fr(L(Z1Mnn&p&JPKY~Gr_
z$Nm{^CB%8ew{0{B*_t<$|A2}?EBfr3ep}N2$a&wjf5v$e^<1RYd-k`k=gM+(p0n(m
z{M-Ka?!vW1p4$Z6U3b1&6p<6qvYe@9*lKr>;gi(U9XJJWNwTC{MH4x00%O_N3%96-
zRDCG>CvzIrUDdAVu78FcnSRAI9qsNOv!3o4w|u4`7cTb>)ANg=Y-9<!r#rfp8&g#8
zFM+jsx?_q9P)QtFb~&o?=k%}RsM;t0x1R0*&FuShN13YnkaP76$e4`qi!^DtG0Z=5
z=QfmDVzuh3<LA~wsUmC05AE9R*1k?v{l1=gacOP%980_P%nR;eJe)Hx`Ks1e%`@aK
z{)A(jU9VOoe0W>}eZi7IgyXJ_bb|g6UyZ9m@Amt8PsHS^Hs3vm!Z(4Tf}R^Qabtr=
z6cNO&apkJacjx(9&dX@4$>*vrI<-gTN{DW({jkr?gvX$2Rt@fr*%JRFYGJET>hdUu
zlx6K{?e6!m&-Az0hVFv9b2_Wlb4YtETN;vT7@t)z3B^P>$Jcy+#NAQbdDGq#Dkt}a
zKXtK(-2T2#zW>Xdc|XHICs*C7iGr(e>aS-CAiIZtMm<yDd)~BfEgt%rf^ZJ17UQ_Z
z7#>A%t*GukzgEHx`>fWY3zM;Du7h~lvEpDIh*a#~T&KlNj#`Vk?T-Chi{X5gbDuaj
zybsyV>(;f_^GLPOAfNKZ#OAz&aq8}W>RJrQ;)O;;q~n^R;=}C9@!hSlY~*fFOhM!C
ziUe<*d}Bo6=ijhz_WcsKC%@Vw(AW=@0eYJ~lUjqd@ioBqM~*h?uW$}LRv@>x%tH_F
z!gIEDpY0yX+zbWk^S#Trq=luO|FppF8<b=|(#D=0kbb1y?^yzwg|zUs`)2|)5E|aV
z)aC63Ri?V4y)x!;9q-xsUYW0Cw=rePUAID)VH9Wk%zF=zjH8>Kye)0XQ`$0Snwd*)
z(t;Dt36r=d3-SqfG2M`K!d=vE&VHU5*qJcBN**I-^GI{Jr8$YLJfV{?A5~Fa8D*;N
zYuu@C`F@_Jx3j2~>gM3u8onz|U&l&DPD6D$YBr^vq4Xv#_N%Sd2WPH{7kq3q=|S6y
zeL2U8m>q8Kf$a&|aon>D*^A%Mr{L*3nzfIu5;|WUg-?x=rnkf5S?tU3slzmTX#(3+
zJnNoaNYk&((vQxi-tHTs=C?%c$XYozTzxkMRmaht?rpu4&sD!maFPbY@N{9le90m&
z{pjXxBB`gtu)tIIww^xN3+dOxkHe`Sw0$b>Yq<4k;?%vscdBK-Jx>J%88Z&9(o5wP
zfkbIu8Ovym!>J#yh(^=vFg;g{?dz0SGxktX%MOt@<O`LR1^rczSCcORg|zkR%fhf<
zdvQS#3aLd}0&<V$otkPw;1tSP@Wc2lB=)foF+oP9#N^mpJn^D--;u+hT_&RJQ;S8U
zytLn2Oj!q`Lysz_&YcnJ3F88J%WZ2^%7w`Ev!88Kqf%oKJoC~3V{hWK(spr;N?~_@
zKKj}{_m-lDhl_h1&ZQUK+h=NDyGEsuzp{J(tf2^|Z#{+(t5xvswmLeHUUYBksVG+_
zn5-w2&EQshiQ9RX*}1I`J?SbnxFhNCEWPO7)>BE1a5Cg;gj3+)CwJ#65PW~Kc3-j2
zuHAHMeo)7B#xwmyCQY^7Gw3)gpJF%PM@~1-S|8axU)o)J<o8@r1P$l!5ivrATAq=H
z7JXw!E?iuA>@PCfj}IR`@AJk~CnyWYe%x;#(NSBAK)3Rcw?gSHWt4Poo@b+ecHcsA
z=Wg#<WsmQU_O2yM^VFPBjh){Um!44k`H23#H-D%9Pt7Ouf!a^>@5KC*zTcNeh`J(A
s;g&K!&#Bs!%{CrC4azbEBTH>vp25_&Au*8Cj0{kT!rPmI0HG)IfBi-)h5!Hn

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/c.tf
new file mode 100644
index 000000000..af3c02445
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/c.tf
@@ -0,0 +1,33 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path    = "/"
+    timeout = "4s"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/nc.tf
new file mode 100644
index 000000000..f69c93790
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/nc.tf
@@ -0,0 +1,33 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path    = "/"
+    timeout = "30s"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..b72078a3d1c0f54419942b6d847b3f11c357e9f4
GIT binary patch
literal 66820
zcmeHQOLH5!5yp9|@*h-ljwM;P_pqnEq*A%$kfd^mOU069S<8(mDx{=1yQROLq(8KK
zF$2zwfX0KAjZ*D`Lv!%x7rGnWjsN}kSMxjbojLmQ*O^adZ8m0QF3i1Im`8I(Pg}F3
zZ*NU!exToV=CwICXVm`Qd-vY{dPDC@FLOP-HgBk(cO(7WnH%ckmj15HM>~rP`sRV2
zwqNEjoVA<%hUU4pGhb2rk>0tXw|L&;@AThA|7&_@V=jARy&tSne($&Qz5BoJXnh~)
zZ)3-iRdwdt&i~rZdO^RrqrV0H=9d0tY2mRT*kVne>G^~AyCJrYX%#+>{CW7#9bq1D
z6PV!{n7E+vfs6S5?#+K_4X(eOD~z8FR<i2NMgyTc!rGcRV`<^EA^iBg0;|B+mMC#U
z>p!LzeAMTRWBT{CIWa%cjJEXuC1DGkcSqm#VHCf{E%o#hjR(w)^WUk*xjq&6&mFBc
zj062Q{b$hq9j$d?S9?peyrk7Kf4(>8k@J$?(dz@jcx~5wZ(+G0s9xGxgKyjzeQ77}
zhqiG%KGkby*S;p+T@VGW&A(}W3(F%LnmM@7$=Ne=O6!QFfw__I2vQ3RttHK1X?`IX
z0b)+RhsnFCG5qiIz|8Lz7{8`J<}|m01wj+|X1Fe_d<6FIi6a=Qx3u;f`Wx<De*fC%
zjz+qmSwUK2{{&S|!THqgekt_m&+;i~r}E$OpS4`*_tOy;AOrvT3>@@)zdIsi-e(#Q
zvKhN1KHbtBfR$U~JEuY9r32n4F*5c#&>u@3P#~xi-(Av9P=W^C*pPr&DJ09(x*<{W
z&_2e+DEomnkGvmf^Vng~&IN1e!uKTIpd-}eC`j0UksJf(JSWk>$tm(oC%?4vsw4dw
zFol-1wVxoXv0I2fo+cw8|E@^Gfo^hRVF#@p+7I-=;hvjgB*;5R8eYxDYN(KS3%j>N
z*I*n%dlgB9+1=RH>*$o%2zw2ELbJZ5Ify=&LJN8H2IyLt+XJnBLHK?k=-=4SYr=%!
zK=7S&CxT`RjFjm67wY>i3zYpGG!NAMUg1>`Xt3u0(4&(y+V{uupF6^Uv+1FcZ3r)-
zVMC@tqOyH^OuP^O0o&hfsccD0gJrg&cT(utpO;S7`Mta>dCQv79YGUv_MR}qJ`UJ}
zkibr6i3HKhc9ul2zTJ4zYYHCoa0sXpHaaX3p~YK*3uN>WQQQepBz!-|=4bk48s+II
zEe-OIgi-hmV9{QD@l%N;OyhUR65s!|A+82JE$t38wVUguduQqO1K|hbU?&+;Yp#`n
zEBdwyWF_o}t)&6@UQ=NQiyvM>Xp`s_BY+MsNvAv{?r^hWONRYt?1d73d6U^U0$m8Z
z6m|$`P4F4u6F3##8u81#&1OHLU*MZpl!jY>XJDFLTCQM=5V8f-B)VTm{`b?&FubGw
zov)=MIhN0NwI$44(w|W76n@UK;YTD2_+GHonYV<qmnD(ehyOshfoEXcFRGXKL(5d8
zNJ@X}fu`Qq9ogRpJ1PgybR-9%@8OIE{?Af25}z3SOq6@sqoZqjx-+lnKUie)udnEI
z?Tk3{?a0ZP&*M|iot0ZSVZx3g{NiM);OG$aAUWgWeQ!hXf#l_#e8_kCrImxo^e*$x
za=Xqt_VEMVC2Wt$C&S9_F-_k4I39bht%0-F;;dfLPg6ADp^nWGgykpn3bs;oTmoq|
z)Zf9Ea{e#&QJQwNI|lYdNJpHmf3}htd%V~x@Z<M2nbgsT_JTkUkaPY)t)>K9vTr-X
zriPxx){4_xE(yx)?^w~Uv!!4CNGrzfa8Gt7?6eiN@P77t8}{XVAzEC!-r;G5HUg;M
z+qnr`{%ZbU{$l=a{$&1a{;1X<aTeF#M}!MfaXE~#;L{J8`6KP#dOSW7)m;)y80K!@
zhHip=9NGiCRXkd(xBV$nFJ`)eMaotL*3DLZNG#5n9PEGBA^{Ld1r4zFdAx2n>f;Wd
zwfeo^&pu9xhZf8HDZPHr++8X5<*)TD4SQKT2inCs_F?!YS=+$Q>ZG@B58WNZS;+bO
zE_v3JOA@8nvAQ{ErC&!}0uQn~lX#hDAhn^k51&8VARI@880b{q>d5<6+WTG`FE7ip
zi2b*;SFAP$O4$0P?T`?89crz_oyWrJC?9u^Sie{+5YcqsQsli3MlJRpr@(PEFZyD$
zxY^>yiBF5Y7pjPFTkQQ9%yj#{-;>s^@cY?^SEa??!^&^5_t@Db#w5+xzDw1TanNG#
z{Rr~d(*Pf~I{BrQS1tDb$e#SQ*!y(9iciV?X!BH`&2HZ%{h=Xtu|K2dp8L>fvG)uu
zoviaAeV&vLpqqnU-hLf^=Nuf;V(+!t&n@;|pE+K``=5t9LZTvD?7hDm^q*VoeIFW{
z&wlI{>v5d10F5z)(rfR$FYAm95%K*zSr=Qduu<ixY|*0c=V-b`-_Jou{tdBjl6lsm
z?*%F`ZAVcg{TStzZ8Z+P+VZ}{iTp4^UUoyt7;e$`<Cy1f{rGr+UW>l}8l&%Dk@kWZ
zkJ$JNp&-<{Yf<=!GSEjp<AnHS)#GbX`1NbGwJ3a%Iex46^0p{^AC`FLikmG8e+)Li
z8l8UZ_jUfFd@^6hX^0MUdg;=l@O`Qud)9K49xpG;!`Pzm$Ee2tuDl%*;zOU8Fyk_R
z_|B7;b<Ez;VNE{C_lIxU#e<B^Z$9!Fc1QW>{^w)+Q)BsY`mw*N`Kam;TO}X9$U~}%
z&)#L!kN{1w$7h~)g#SQ8$g}5)==0Pl@Axf7XDNsJ3Sp;Jq0*lt=lFgNSy^0^C06)}
zR_Jn3!yqH8#QXVb_@lRyzJj>5$r`0)%b{kz07k6kjYxxyz(`tP@{nrs@23|3aQ73~
zgtnnlV5+}*asRIBe63phZp3<3-`$vD5$CD3^)Vh-C8`Nk9<eS|dCV}VrqxM+K2x)H
zK5Mw8>wLt?nOM0}Dn6g<#k-nUTzxBNO?)1qW-WXkF=y?Qw0#*GM9rG_{Rnf`wDl)P
zvafY?FH!Cq_i0d-nMvDUb*;F1oMgMIe*3RwA18wZa?+lwJjQWj#>>6(o?)&5!#BgZ
zIxxaHV_pw|*i@TF*)`(fYhW#Z&H0+~?qzGtbMIVh5&4;@<d>(me7U&xRH_b%FU%9i
z4mt^|>zi6TzO%LHfk&1Xah{(k`B5`oy+qU^Bv_r=@KbT=`kL^iC1Z)RA>X2sy(@mV
zEgx;pHHu5sco)C7RBvZU;2z)HwcSfbm8VMD`Ze5P<J5^B50~w!HQP(c_WV)eP2NuL
zr1_%1!SVgN=ptKEqQ3n;`Tn0gwbpn0#@<u9#yV)RU$0!Clos9X_bN5H52>ble~zVU
zsr&kloQLZ4PQ)|-SEwk?_pQLoEf~|(PA?TD@#IA<O!K=tONBq?mhRC4f8tJWURT`S
z`mLR<);sBp)3bei$7;6z`};VT<I2;x^<iV95fJ~%Ih^inLiicpDBSVePFj4-9Yw~+
z#!^Z<J(#MHo{J`31~W_KLp_~Hl~5Ybaom{kwEZ%@>7}7kFOC{ECA53Lin)%r;3pJ)
zP1{4M8tAc6*YUJm%9GZQwbVj&7~!Cmb7g%@rMaq{<?U{%9@;MqXD!ak<e5GN>Ttt2
zQohl6c-IrJ4ksHiRSIFjNOb9Rugxmj)ie2<y78ZJJn7FlR)+fT*R+a;60-E2Pb^8D
zo%Q^9hp4^f&L)lH`dw<N9oIBvndGn_npNWC*FDEcrC2Fc;|``0F+QcCvVW^2p07$q
zpOl7oDSM(H>)b2>#5#$WQ$t^+wDh_Cew^~AH2e8o75aGjoXC*de309aa>LP~WkrUq
zx#dN=eI2$<%ZqgInEM32ZF!LnLUrxpIqB@?6!r<2Y<ZF6ds-L-({G!u>1lvo_nA&w
zYi98Ah;=jgc+9X2zLpmmLg_C1GYqQjw0;+=adIZ!ckqGi3EcC=zU_PZj0m^u-)szR
zWYjQTt>s1TVpe<arSt?1qUA*jG+aAxKf2$AeQJ4;u@OT)T+drxBvn9JTe&KEPVZGP
zNuzAU*CNLNcfPP6jdMvLsgKODIiX$Pj{c4f*WcFI45fD~#NV{MNT0*pbIXfFR4B*K
z<D6gUyyZoLMp|B^<COVNex86&M~5gI5BvP3Wk$|Zocq_ZQEM8?mAS$52Ms~)S=iVJ
zd{~StlDWtw68(m6wmP*|WU5u)G9v~4^KHvSAHt`!E?O==Q+At{8QI5ZKR*zs-~y$g
zrz!TH6u;M&8Od^7VhptYzhPuCpB@OtkQu4H*QRAi_IbkpeE6rVEkjajF*7&B$MEdp
zTu$g(hU6}6HTrI8&7s91BU>J)PB?3Fb-Q($C%gR6Vv&8AxaZQe-7+K{tmRYPx_d1{
zQs6#p<Il!RdDL2l<PbCb6px>B7I@2$L=~bi&mC-zmLd5aov-Nr>PCXb?f?FYVtLem
zzh>NG%aDx4R;%68G9+W`PWT*tu8M4llS=V)-K-KHPlyI+8Ipad#8Q4d6_&CmT83m!
zOW=?)B>Ub=pWdK1!jA@T*R`#RcR@Ziu0+Yc<?(nysqy?szlA4qL+APZp61>aenCa(
zHT_*vjFp_kjgKa8NQ;=mzWwX>6l!yPq7@^Oak0}MXyKaHhN|)#x_9!JTC8$o?UXgO
zEBX#_I<eKH5EZ$!5ZF*`!-==DJ_ckB(vI(1PZM?%;yM5`R4wGpQLG>gdK?qdzb!@1
z=fWaM!*C<(f<;$8$M*SqM`b?Jre@qqKho|u16O7t?Jj3%AhesG+vn{C)pNZfo{*E+
zAs2`7o}2F#<%MB9WTZ<CT%pT2igSII%@UPybhDGUrLAeX%b0m)F1<+$PPiaU;&xfc
zCq!~BNjfd*-m0)&MS4nYWml8CT`-$Rn!^pvNo3_I$?tb6JL9?8jZ5_B-kSRNJiVPK
ztyDJ$U)Pvgq5pk;4}y%4hwe+<!<Ki3(wnr1Pnx<TEe}j&B)<*eM9dDkozSfyJB|n1
z6W^=6rEjqZt!USo)296KL!WgNKGl1k-d+~Z!aKsca-KXTfo&f81dR>zmh$u~vkaqi
ziN(y7DJ7#zn?`rKxAjuKRMlI7Mjj0N5z%>il{tpd%}FMyH)U1IY(m@d%$9vXMt{ec
zzg8XfOE0>&^}NFt+VF<0H28;6V#pm{n*CWznI-dF1h;8$m0rFsIikU_K%zFUjNKTO
zhSM-!k=;He6FSbDA`tfT5kkDN^6pd{wq`$%LPIBdSuniyYCH?02Ig_U4BIp-%2C*o
zUGpR9#_(|6Tdy&E*RXPi^SvMo2R07hZ<c27=wUdWb5R3weBYIhYGU4sg%3E2a|m(%
z25%Bh1H@m+{B;^+nTC!W2kkoE_K@n1zWn&s{OvjzHIKVbH)GFnJTcY-zQaydD}zYp
zkZ0!7o3zd2&XCY)lmbP+&C}a?&~D(5Ezi0+oKKt@ORrOH^SDnzM*BVVh30XegPxAU
zr+UoO+soqF=5a^l(%czu{@P?d{iV^J?rpu4ZytBn{+_3s=5fbq-fq+c*W^KbPK>qf
zbB#Rf=s)dkJ@+)9J43$t+yxFC6*s>F<&z{S9H-+nJ+CyMd-J(t2dM{z=5v>Q(Y0Y`
zHp5Cv8YvSeU7jMn6ghqGbE`Wa)oF%n^XKj&A$S*9k!O)<zB6a$l>YmkPJm8rt*Y1N
zjrkjWIx|1efB64f`u{)Z_rp^@`0`O9@rGioFU*HteE)cD6UH(|MkWBxnRo_Mzves!
S#M@o{c5}76(H0PTGXDo>E_uZO

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/c.tf
new file mode 100644
index 000000000..ce0d8da46
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/c.tf
@@ -0,0 +1,32 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/nc.tf
new file mode 100644
index 000000000..22b67cca0
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/nc.tf
@@ -0,0 +1,32 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/invalid-path"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..089f40024d5388f7356d20f97fe91a0b6ac6e8d5
GIT binary patch
literal 66318
zcmeHQOLH5?5uS6Z@*h-tjwp(jeDKMaR4SJol2i^+u}~C6({Km^0YF8zi+?>yf75Eu
zV|T%M1C*v%_Fy6GJo+`=J>5P3`|q#n_v&}*#pl04{h-!rt5)ht?bSkkR5$drQ%m~x
zUJdFy`rV*jt21>$?H{~%_xjgcdRKZm)Wd7_4fXSOqMwbrqdxBG??!#lv$&#f9_VTJ
zc@FNZ&Fr@{&$XWUirNqK&K<qQ^PYakei!|(>7A{*w#ItrtWtjOw}*T8e?8FpKG5G*
zk0YxZ)UBTXt)BIQezT#!1^wop{$;7*u^`xDO`qubz4tp8TW7QiA4mQ?{O5r%54Z`;
z@C-~`(fGhce1CiOGp)h&S8|2%v%yMM)@)KBv>~jmi8GcOPFuo{-z%^ReC>!5x3vB<
zYQaY~XPnW$uhlE{Bh6?>|6dZez<C?`&W2I^8h6ywk2D@IH_d<N9_RX0;6D$v+At3E
z-}IkB_ZwR4La+9oXn9GiW&V7pE+gk9y`$F$g7I3fd9Pu)AgEsJS%YuP7`C*N_e0w_
z9-r%V&}&~4?=Faf*6KerzlG+JEzKO<XXNaKI;VBS(!imSHw3ALhSrj1uvEVgi~uns
z-^1kH+!+4%Wnkv_3XI><A9I>n!GfR(d^21ZT0R2%d*TR&>OHOfj{e-e%kMw+d7zQ5
zXjYJx*grv)b8tS_yI&4H`m=lt+Nu1v{O43I^!phI3y^{TdIApVd_Nu$GVc?O2ic5W
z5})pA4#3Ji@tx5i%F+SvlNcF$9q5mx4k!@RiSMpyC#XS#W^716tQ3-EZrzY5WoRGc
zVwB@Rn@2tlw0Z0>XqSRDbm2WoH|Pj0ISLZ?-z3MtIZsJ6aB_}3OOs!z@@gRc88C&G
zw9}s;tFc>%KAtBdApdSi!+~ycr(p-J9oi4{KzGkAF%sk*Bn_`-t2I<eyoKJ|p=&S>
zp}mSE!tCz!>eJ|y*9dzJeL}Oor#Xl|mqQC>^aki!nA-!benI$tAn4!e&uhYj;6U(Q
zawmdj3yjq0`xokaQv}NX4q684ey{K<2sBvpf3WBzkM{ks{O5r%U~GD5WLv_EXxNZx
zkf?0mo)PcEf57%PTPi!!(qNgb=$#yT_UDx*>-=7xm%L@oXhYD1oZS;<*vA2T5E9tP
zERi7TvYjOntZy@(^qPamG8_V`gpCeML}>Az-~t)_f++44Q6zjnXX+>VWgg|FQCc44
zKN3daGk`^V_1RA)k}!|oAxnJ!*Os^%^t9AF(A;jGF5L%BukQ&z7zaCvORc3=2ClGe
z706214?9f*@V(~34i-PWgwQ6@D@FhvUXxCFO59;)#g+{F&)5qk{PIm<-w1Re>{8ev
zpf$l~fKT95cx%Kj^QM^ngnof<UQr%y{hfhncB#37Ekei^P?P9>1Nq<23&U_j{TpA)
zKys{{?`lVwxu!p%+&TPQ6vK~56!5)ZX;5znXU|I_vk(7)a0Ac4v|lt`-n*8mNRgcW
z){drb>yGU2gB?|ZX9kjk(D!i00{>?%8;MU0ej>`fw&>`Vo;K<w{RfLo{`DoDu3Zpk
zzL_`~^Lc#kdC+nTCrsE;gkOwI6&#&{9wcX6yzgxZK9Ib;le>IZURoK5%<nR9HMgf(
z$3A|byM*mA<z!ghJ*LZhAIDSAtu=7gT8z~z`e}{^?CRJoL0Eo5uV5=BjY}Y{T>Tw<
zDd+!UALVIB<1w%&LOSAf{gal=*yF`kfgj)2WO7G$?FE4zAZPr8shSdON!xaYO$|MX
ztrerUToaVp-?5@yXGg#Ko>q+AVNZ4@?6eiN@P698xqTU5NGh&P@9?xj8v)e!dTs)j
zzo|c}zp8(zKdZl}KP79BIE%CQ5#fSdT)I&feEK0X|46%cIvzg~)m;-z80Kc*hHip=
z9NGiCRXkd(xBW3vFJ`)eMaotL*3DLZNG#5j9JIgdkpPIKf(F?7JU(qVvT=vcsrtR&
z&oNGkU5n-LDSi5$IbJFD<uCOt4SQKX2O8rX`!IZytZiUtHPSn64;_zTEadWi*F0+~
zC5dwE*t9vMO22`)1Ri8_Ch<JaKw3lX7(RctK{$>GG0?fZHIVnMw)ed?UY?g{5&Lg#
zuUKmg)Ufqy+aV$HI@DT;JCB9cQ9te;v3{{uAfoBMrpWs=81>kDoC3$uyy%PF;%18*
zCq6y)UZ^6z?XmY$FiYF_{hm_o3csIYcvX7rJ*@m5dyk!6VodUU?PIEzjDsF~??;fw
zo(A}^O_N`#@~X$)ztAUtJ@!7|ui{g(9c`ZLvl;hY(;pgQ7yC1M>e+@ykG*GTrO7%U
z(wABJ0BLhbm$zSr-?;>b^w|5<?B^bPpPo71!uwx_J3^u&d+fcx8`#f1_TGj@%4a`z
zi}ko3d+)*$@t1a1c&@g~@tk&+tcfgG=$LZUwdk?;E*9LU9((V?WBLh^Z<2S`WACS7
zbokqWVo2-=W#n2Ro|$vxQ2zv(CGv|>kw!fSD-Dt?73@s(e7}bu(=L0Y<PrCn{6ie%
zN6icLdQAS87?b~!G71s-5gU~u6od+RJvJY)2kG(9I5&P?Rr-2te)|e;u0_*h^F;!s
zXI%6eO$LVcC$7WUWAkm8$md^G+WCaMFKs^~5lFZ#=K*kaV3P|V{+k>>ZYt)|PnLRY
zzKh%Gr}lX1vH310+GF6$jm<wKp{8ZNyPrIIxyWPx2v?>;6#)30jkjcK<iqjMusiC<
z{68J>pBv$iGm+!f(#P3AZ0&sbC{L+YK6{;org*nKOgkb$KtssB=Q`<!sZrkXTa3;b
zNT|9HRzWIsSLS#+zI8+HT8N9i#0r0)6`BmyFv!R%@qW3={^+fyuOM!1vPNmya%h=F
zfDv1HBl2J)Fp?ISJf%wg$Enco?tTKB&^A;G%=OnU8^F|}Z&iWcjM%Ogycshr4n4Qx
zKE~r(MJ=JqBesPqj~NElw39gD5kGdKwx^Lb+}hPY;^a)MT&Wec&mKxs35#oTm8_J{
zBeblLU*7AQw=YA3Xjuv0jyo5>RxG^<uSz@6ZAGOk-{(P9W+tt@>Q>SAILS7({*GVa
zK28P+<fOe!imHzrGnNipRBb8m5zeFR7E$souvWejeak5Lx|Qd-cdo#QtWDJSD^qd4
zUbK5IRfohKmWgf$orG2U&8;Xu=nD0~Bk#0vo*$9Ce%msNeJYwUHC9K~0SVToVtn~%
z_1coL#@Uc>QKf2qEuzqQj9Qi7#qTXO-5C<N-M4hbceX0))U?W#wCyXq!^UY7RUR(e
zb1S*mlI<ooobU9`zp10kTiJR1c6_>NPLSel5w}{p$d;U_Z_KY&1@>{@*n8N|SFiFq
zXwj}>E>Oyg?)H0?O5LYaY2BV<tqSYDz9ZC}rgtK?8n{B8alVBGUT(oyN=5Zr(b|t*
z)Pm3F@@$`_!XI-_w`+kvanm=iD{gQ7+Rj$nopi?O*@9nbV`aCzC+#uL<+vU-?t<9r
zXavN+a&D(Nn-G3Rd?IfC?I$gQG1JCTPAsML(}TIX>7{7WWHz%zPS0x*ny7O+5l3e-
z7illMH=W{U<i1(K^i&L?Ky0p!jUJ8X_;zvBuqhD*=hrq*<1P3JMPEzpp;l$|`dF*w
zNwZ@uQ=#hSQVI3PQ)a!o>GknbE(UvS$x6hdYrim@Q*l-&&-5`+hjZgd`JQ9<1}I(~
zPBvm{7rGV^Z1bsJyHzx|`?QV!%+)z^?S)oZr~ZjWj{%#bKl6RJOy(?;5*9?aN(`m>
zpW>uayp~hHLS~H^pW0A4zEu*>S2d$gYQwvhJyD`g9G_#=I&H2E*^-t(EiL_!XJQ&Y
zbDI5OT^jm${hY{<JARPckaO?Rsbximt-0q#n%y0?P0x!o@Hq4deB1LP4TRd-#fPM`
znN!#&V6x{$PVZ@95KOO#B>f-b{Iz8U-xbyBUC{XlTQ-QfxuxejqCDhzm%pc{=S9|n
zYR`)_rxz(wI8M&Q`wrd{KjHQ-_L%SKGjp3nQlv&kx$$Z}FH$78-5$1d>|aiOh6d5|
zBFB))gR0+O&x?GKSyAt@M{*R4<Ve{;grX5&iyQ;o1jBn0=aN8DzffmXg`M*r&J@?*
zP8qBAZUrr+=S2!e$8FDxL{uop&*Pk5=)C7ef>wH7<d|cozwz?~gpS^j3=OM)=J#7$
zGM@J73vvkR-p<qWB7KS*Kj&%2@cV7(Pi|S*lB8W|dvQe)7nwwo#XTs<+jGq;xe+xz
zFLI2>sc)w8&|%5fxK#(5WY15Z#zM)nS~s^*_Mo0GX+z%58blosfs*Tgimk}t_uBI%
zS-$6b1>JaK+@B`#_sD#FO*enNr(Gugwws<eY4e2t`Sj0Td)}l}XlD5pA2~M0IV=L4
zqV>GVF>FuKw}l;RqdodRQ)Cf5U7}CFOY)%RYWuBE7v`dq)ACWq{LmwmeVCZ%+TICJ
z^9Rcdz9YFLIY?9WF5=~1k5D$)9DnM0lVh0hH}NOtwLEP-Z*mGp@%X7{fg73S+A*xN
zrR`J4w_FebBKL3fyvZHu%Q!jWC>YVkQ}o4r{i|C=W6eF+pX_Fq_q@p|nd^Sn^Cssk
zlXxxFg)B~FyH(=D#5{Ma#K1y6)vr6z^Ckt>XzRnfmOat)CQDiZr<6BoYooq>gs5QD
zqQt&(OQ*D3(q>&PYFaOq%FiG5nG7PR#B<C&u_iqIuJ8-$M6c=Zmh@*ii97s;dDFk6
z(d{Wr>%(sPKx5z0-2MJQ3%9g3)SBPYZIox!VwHdoTR$uM4s|?V=^9grm0W6AZpm-;
z%3GO@0a=5z)4SH=OdT6!CIe=OrQm#0tRM_}oYidKp(5vV?}9wWVYrcX;S{NU=IztB
zk;;6e&CSD=exyBaUarhSTEsQko+0pe{Au<$YuA<%3##&ZLp;Ge?sIV%@0t0cHZsP;
z-M3O1SLia1;!K})b4O*IwAsnq(zeX(lrhW9TzZohoNz^$#68B4Pl)hZl5|?qZB}8s
ziu9D*%C06izF;;S*@P;uOt<GGzuyMQz1Z1IOZ3=Y<o9KIyUbc?+8lgcLss-uTi$~p
zBbK528ud@h&QN-j7V$}QH>Z_>iHzj8A)JWW;U-MzR*)TMj`qaoemnXWd(euw_mDQ_
zk01J+M&Wb4m+9?!@hnFmKvynPhgM))hCV@KZZ=byer1+nbS|-&rShj_bZPVGF754f
zDPOA=u0W#<hW$wCGQG+i!{`Qg)|8NXX&9EdroEj`A8duVcT43#KMdL-w^yZLW6q`*
z_|CO8tC7i=d2p3pI<E*MTJy?O?0+6k!+1q@w45B^IFErq*pImn@i@x6b8Xm~{ak^z
zvcQdho6a<7fqC4l!g~9P;_!E*yMIqwJiIu2?HPp^3Yxq--z(DMp~v$rTzNWux;%B`
zaqPT;7Lencp3<l$=B-%xfTK8n4rfg8nAo>fiPt1#2B9OzLA#AdIi#+kFF(FEpK=<E
zx>wn!o2lnGo|x(Z-(e?f6%QtJC^K{EP1^2NW=N!IlmbP+Ez{d&mQ|WIhs&9hQGbR0
zbN4Fy5XpUpzR<nOhoG27;d4Ef>Fs&(Z1*Z7I_J<iX8EdIKK<p<UE15}QoehYS^ImM
zZn{@lGG_BM*D$Y9_bU5xCG`0;yvp;{aY8&IPpvggN=mP3Z>P)H?rrYgW>asVh4k#+
zX5n?yhV46UotzX|6(?OneZR7fl3wRStGk@^Rk&;O=WgmcvIf2)pBi)ipf0Fl-G%y=
z&OXj{C8F0<#qRI)=|X)+pWf>Kf2;mUzjx2K;KfE=ygQ1NxuW_-CVG21Bbc#_k?~8M
au<#7#e$7$ph^D&vty+?~#S{>FRR0Hew^fJ$

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/c.tf
new file mode 100644
index 000000000..07ed32a1a
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/c.tf
@@ -0,0 +1,34 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path    = "/"
+    timeout = "4s"
+  }
+
+  readiness_check {
+    path    = "/"
+    timeout = "4s"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/nc.tf
new file mode 100644
index 000000000..e328895ab
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/nc.tf
@@ -0,0 +1,34 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  version_id = "v1-bad"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path    = "/"
+    timeout = "4s"
+  }
+
+  readiness_check {
+    path    = "/"
+    timeout = "30s"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..4e63b084702e21052fe3c18642e69effe5e23546
GIT binary patch
literal 67544
zcmeHQOK%&=5$<z<{0C#su`IuG*n1G<l0y>YkcB|VvQ{fc5*bQz_5uC%B=t?X(%m&P
zWWOoe4Z@xoiqns(>gsy;fB*BV`K|eldGX~lm><mAY|X7XHxFiIKATH=x;NMK?VTCS
zcl5i#yf!E14PAey-hCK<y`^`hm0c~oHgBn&_cQHm%nh}1N1sdcaU8`tee+09_g}`~
zkJ^rYOXFORBfq8VM|$Um-r{l3zvI4(_Sf{z)?7G!eecauey^{)Ti3rHXnr5*vmN`9
zSq<iD9RJlg>J|NFL!TA>=8pbyJ;Gx}u*IByqUR6lcRsdGXcihrdK~(BAj|`90y8`V
z6X(=Fa1r0$gZY`}VB0G>!}!r)Cb!OLQXsS;tgUHfT#s<t5`J{6z$)-{Pn5W&`Jd1g
z>&RUhC-nEVd1Zd25#7`O*Mu#sybXQl!YF=@_tesl)E_W6zy40u%GFe$p9h+4*b3Bd
z>SxgXhUU5&XM0Dqd`+|E_4&OyiyW7<j#eKD#_Ms;4<jsB1l5ai)L1vR50~4?`=Qsk
zHNMp9FwT8VYj;Hyv^M{y@vX)+vZaw@^;tgq#+=eTVrgJk&l`f&YJ}D`jo{k+LNEfv
zEPoH<cT0Wf@5{hUw+f73(T7)>oxzHr34AkLS0jG}_8(|PFjVho?l<)D_b%Oj>hnN7
zoztkmEwO)sDwp7VI_`cs^r%Pq6tq+6xAb%BD%9-^gaz=xf9`=p`nsR?2%h&7^#|UJ
zT@rV9GzMVhj@F%(Aj;AK?~~{mdmZSHxeh20)QRsdXeX#agSKyQK+F`JWoh2vC}n6L
z{i2t{K%09$479oLFld*8HDuuj;%<-;TCON?*nbfp!^+vm(Xf(p_*okNO66Ar$<Kf(
zq@?@t4!jz>g~;Q1JOcdhk|Z3+CO0GOAhkpKfgI@Xxg~l6zXPY?*=$D%6&!Ch?(L8@
z7>AHvg%e?PH{<Nn=#=LOeGP3wvc97+h&-1=3uWX6$XXcNBh7wA_<khl-;DQb!i3;J
z@Lh5zf@BMf)M)z`YI{=z%6bPa19jahtO^1Rmi!+bI?1Db-IsnI2m@B9heWm|yoiJi
zo(7J}`t1p=eb^6J|7K0)o}@HrX1DZC4n6B}rSUr5%5m{qmW(z8P4L+V!VKFupbvrr
zTb?BxB%QZ2CxZ5E`;%64@K|PrfGVM*LlY5Nyd$`PN53G7dqorp+s}#lM8C|VyfjM7
zgZyX0C~OAMXwSdcse}{et#|MeZU5TRss=q>k2}!PZl2EFhml@C5Pr}Pb`qajOU(?c
z!qrv4E1^H!k2C<=YcA}d@xw|8X%elX2hiaK$&}A&b=Xm{Cd2kKwnE8zd0W^v0$B*V
z6m|$mO|Ti@4l5Pb8nMf~E2cl8UErH%l!sfrGce6wkE?<;Lhu$)lgNGp+22nK!*E0G
zTU*OOe5{=9>YgxjK_8*qCH%Z8h9BW5SoeaZ!Mr1!9T!Jt8~!8V29|+&yJ$MU_cc@D
zB024?JxSe_9ogOoJ*vc-8Hf);-h+<?_Rm^65_=3j5#?SubaX{e8}pL>K_ipDz9jG3
z8(Nv~W;|nhjW0b9Bj19D2|J3c7t2!xN6$eH5+4`uds~7JI4|$y{<<sAtt>>AcbWI&
zYERRSHGUwwgzYiqcv#&%rt^D^<GJV75;#jOR_hh{G)DsVWo+gk%s(Mlu$GdxO2Dmr
z`5o(0{QsgK<w-}=KCmZ(JHosE)5w{z$BV84JH9K)<o53C3j#er&e{i4B_-&RuI>z-
z8gdeAD^_lCZ5vvH(eJ?K@ks5mPj&yV+1m{1xx_4BgGHaf$HO=df!JToAIx9O-_4)Q
zpUodL`to-eSs%Gr_Tw+uFCruVO#6B|Y(5h`UJy(evvx;^)Pfxzas}*I+*_<2{wY#o
zW{QKZ%K8Q7&H8>wl+GN7bieB{0*JAKY}ndUpSDlAxWj#_<geQ~g#XyrWp?}T(|6P9
zOtE8stzI_la@|8T#W{9pSS?u&!47V@cbX(M?ZfKM<=d|5g(}5~ax~nuF{E<8fmR7@
z%hp?QoZgYvP&<S-fVC5jFhX>6?%EniZmw;YZ;hAZvN>Y^t!*!Bje#0gfZBRU2)_>1
zR^mLh&^qcz<Rc0&RtrR&-M18zp9Z5Il@I@L9L<Zo*fnm}xZw-xQTaj@@z)-eKL@k4
zeP6efs#oZC4q;X4QTfpFdsIGlc8Na8v$apDT5=J3RKAWakM#y<*rxHXRDRW?@?VTT
z!5)>LZ&%Tj?8c$z+H9t6*R+R*=*4<O`<`8B^r(D>RvNF<kUq=G6i6FGI=}ro?9L@t
zNRP@-&5Q0)`RO_3Ev)}#R!2y@WRJ?%yMg=Mqw-y7q}-#z!d!H4kIHwUiO5VhUp!aZ
z<w#FAf7V78tj1__RJ`a>`7RFheUHl55Se>M<eOxq^{D(g2<`iBpcoQ2cKPef!V)<n
zN3v<HY1Qz^`?2%P=X+fKzBR&s*OBuAy&jiu;pf8WYmLi)N%@9|{)mmt5GbKOUXRa5
z{6Tt5G<?U$Rl~2x=eMu#=4&-QK3_Ocde%j+;ACOw-f@-A9-r^RMDBkzX_B+NFW2rT
z5lHw~&IRDw!8RX2Y&ba@Pb%ipy-Phl-^cCzQ+vGh_<SD|?J-cp8c<sg3E@4v_l9|%
z@4xe;@{!qc>eum;8Ue67+eneQ@$HU@hTc&>?tg#Oe{PgN{33^|v=56@Y-N4eDW6j%
zeYQNK?gVIxciY{xBOC-YgbaMHqQ09N<sE%R@0^8%T4!PPr9yXQj;Z4_Ib>#W@t2t4
z4>UuYr5XkqnI+yYSN9*S)wC7F%}wSgSJoU_W)h&sR@R6-*a(c|3QRtyI{t^L-|z2!
z0-MllC>L02uU$rftyJHtKELg;U8Q*2XILzHZaseV$CZp)LX~@L3svqj461n*6m<MV
zZA&9dxV0;Q#POL}zEUf4pDmQOP8L_}Dp^OLduUldzr58oZ(oK4(Xvjy8+$Hxtyp@~
z``JKe8I`V!p9j_H2;HbDU7;;bBG+v%J;Q%%D*+z9{(T$|(z7~CimZ?8GnNipRBkD6
z5zeFR7LoETuvWfKealGrx^?Nfb*{pQ%uUqzD^riYUc`GYRfohLO5|Ctgc({3IJe&X
zFxIaJ9(kuNv(L1QWUmp?2oBb!o_zU;_1c`VhHpq~RH;%Q$2QiDMCU$g)rA+kw^V#*
zNZ{<>()HkLMx5tz+V*wdq2siPEQbuxrp|jU-d;X}yz^VF%gFQ8yJ<a0@w!O)cyNrb
zR(<wq+t_<**JTGSx)sxf1Lwtk>sF;&_i@x=cSm0<&Ra`DLg#4`DWa}{MN}c@(_3Kw
z7F?#(Tdx(z{iNa<WaaCt>t%(d=8jI~!U;7vA)MzGx9fguUe|U$&^QTP<2jbA>-P`g
zvEyphI2B?$#wj2&mNP%C*Fx4aA{TLDaIS{jHrku_VLO}sKA*X0BaJKl97j2^l+yhQ
zOI6iN(WJHDGe=I(coE8|<F|;TGZ~9q&$^wRB5LHETETS6dXJ4OjbHKYBCMfpB0f%6
zK2KX)upo-OmfAwCy6N??R?EibMq#Ex)!%o8`r|2+;~8t5LRcR^<)X8vI<CY*`uYpQ
zITdGhBEO#kWjH^=l+O$E&xhjK!7dh4+0fUBptaAn+O;CtxAnDcWN5C;k*hDX%170{
zjQyHI?##fAx@O{2cigJ?-{pGmZ6ltRG?Nk<MAu3*e(iG{SBjT%>etV#5&cseDu>rf
z;@4HpxRl!PuBA_us3OOfwL0f39hW9hOG@8mnV6@%CCPsGt_pd)ezs)D2|&nt$T=11
zx#dfS&ADex+I=0mP0yIL@Yr>Sb=xy0Eri<Y#k;t(9aGpHFxfLE=l8TQ2&UIclJ*bb
ze{GrDcTSajSLFX-%?8mpSM+>Cl!pxP@~8OpjLBM1?HQBSdy&G0<M>Rx?cf8gC!7t&
z7V`(X=hY^W6seI>ek5DZm=w<KUUzFc?l0%=AwjgYA0CU1FJ+z0K^Wh;d7`b(C_*G;
z&zOwCVm#kFPMc{AOf*G<s*rtvb7FW;;w%$z>KEq3yrNxTL!T4#iGCSY|3~*xd$$7C
zdd8%Nx_#~$lZXoC$a?tsh0c4%Bxs~(Oxl&Q`%dQx2py%L@l%^KK5y>}atM0H<Zhbd
zzt;6s<;f2{V-hC}ya|j*Tf%nFn4CgpiQme;okF*@Ic~l9OxbO~H6fj|JRTRpHI4a{
zdbNnH70D>ox})<kd(PwqSz{#6@`UamNryt6xZ5w5wJqr_*YrJVn4ngx`|C^k6=!S5
zp8xVS=1iuZh0}8<r+n3Z^Zfm<J$F*-H#7f_j~=tw<~!@v;>gdQJ1JSrfbDaXDX`mb
zXm?&yCG}gnhc!c}A!WSB=3!WhP)^H9nXZRp@nFQsu6mx&leUl3;vR>Ict6D9qm<Lu
zR?nS;?gSe%Jm(kV9ed7&U&qsee}Y9SUV82%+t6Geszfuy%T!Z6y5~-Y*42Q{A!l|h
zXJp37C}{IrI>)1HMdh_3pF{TCNi9E4pL<o8CCwy$N72xABaBjIhiRKND$&Qu!g@?y
zE5Ye#y`qax7fTgg;@4Hroz#%^_qkNwQr9CL$5Y~Us*+y1=af6?S_3sy5E+bml(2SP
zk(Rn8nc0`3=4EcF3k^>dERkE%ZQYibg67{9+CvrTHGQr~GnSM7cE4fY^z~oeQkee}
zyXhnK4ZU2q2U@tIxxq8HB@62bT`^0*htDRwrSDM7^VL{q3h|Qg*{$gp8~V<lnTr9L
zgIwpS`e`9@04oeILp?*zDa8!Jptnoc-8DiPX&7$g*U-M|XW#BWt5n7#*W6rOX-BSy
z&CQij$Q5zAZdEO;?|4t~G;`No+bgQ{dP!@7*Ld36v*W#_{4Ml{lX0awuGnDWD9*N7
zH-A+6NgJKKE!URWoziESkxOfG#Y#9QOyWdZ@F(Q(UK4k^rn9cXb`@zU_bR)ZoCkx^
ze5Ntn(3pf*o)Z6lpXAxwH@bO_zVEH2zn5w4ENiA|W6-k3(hT+Y<t+%(Lm9fSQ3JK?
z2&FZ-?#dD>0~6^<Uqe<RMu+$($X4JTC!X}gHr#vq7JJYw?K&Z{iXO+l=QIjmYPC#j
z$F*iT0s*pe8Ow#hwhVnvGn&e@E29jfbBWR{l|v=H%QcVg(%w$z^0n&W3N*@KSfA%r
zrd1hZ7~Q-o#Pyc6N*PV)bv_3B5RggFve9!*qkd^6?d|ln!y1}@Dpwx-!zeN2+^>}V
zIh8VNS{wzpd2p3hIv){8*lXt_78ZQhnveL|86j3%J!1VF#z#aF%E=!Ov+_>IH+P;^
z-Wm^^GwkH{WcV~aCY?|Ev(}j<?J)0J#yQewSH4Snc1+t{$ghsSBAb_-7SV#T`24W6
z8OOX8OMTF~_#8`QEx`uoo`J?RcN(P6hxQx??KVD&kZPGzE|pg?blTp-sF{oP)3@4#
z8=#&CYA>OF8lqE?eKw6amfvYi#_{5*mm&>D-A|$MJog;8Cgxheci7`vMHtE$%8XoE
zlWX@=FeK7sO@X4mmTB!QXgAP(%X8Wo&K7*_((2N+`ze+nllp!4Q|yCW8ig;lTBfz*
zTC?3xfq1W7p7HXv-ZcH?(Oufx>0G}1DOmd3PdD99!6yytSd+nYKg9+4_*+_;psl>5
ze~6b9Kgmn;nrbq=C2YJ;^r(f}AvDM9ehP+2n5DGyktIHoQ{_t2WZFI|t)#u3z6*Cx
zMLX`<Jr$66x~D?cddM}5v%^zit9Hfs9%Kx0d?$9lF6pt@HM_G}JC{E<J$CCYXYK8l
zq#Nc514%Wf^zZis+tU%kuSv%F8{NM*-_i3s`X5ryKj`<qrJi%-QAg-!@&SBsa!KZE
iN-&nuGqO&Q6T>4|`ZedwAhz@J{~j@Wt}-C>Wc~+VKF+oP

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/c.tf
new file mode 100644
index 000000000..3e0fdb9e3
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/c.tf
@@ -0,0 +1,15 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  project = "gcp-project-12345"
+  version_id = "v1"
+  service    = "default"
+  runtime    = "nodejs"
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check { path = "/" }
+  readiness_check { path = "/" }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/nc.tf
new file mode 100644
index 000000000..6107c37ea
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/nc.tf
@@ -0,0 +1,15 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  project = "gcp-project-12345"
+  version_id = "v1"
+  service    = "default"
+  runtime    = "python27"
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check { path = "/" }
+  readiness_check { path = "/" }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/runtime/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..1a9131dc2c4e82cec0e79a9803f92a0db6ac3057
GIT binary patch
literal 52538
zcmeHQ-)|$g5$1D&{tv}I_k6Z<mjHP$g1qD*E&9;ILGbx}juQV+B%OOraQ}MS`8Xbs
z9PLUZm!#|*Az0MP+95eZ4rhiRXaD!#-_4)RpUht#UxWEz?#<fVnhUcv3-e&E=xSq@
z^zEG)%(wKr!JL^Bb57-7)xBH$>owggRQ6FgGhY#%*CTXR=7wn8(d){*x2?FKZ$8r1
z=CKW7t6l5Y)Xsa`@>?q3(>*tI7q@%-9{*m@zo&cF=F+R{P0&mEy)O4t*S{X9fA8tF
zw)IG_26JuOe{Ea6px><MwV>bJ(SMef9}D6w`t*se->Kh)(mJ7DXc_5t=<9(b555V{
za1BXZQ2mfaI=!v=5B0&(E7`;J)}SZ1UTbnVv?8h9)67^}KCMYUnku9Ud2MJUuBrbg
zRAL_aGvkE*e{WuzpQuF}dS8;XF!NUQozJ86K5mH8PgEZyH$MMP)y&nSKwl5k+qfC1
z@6^{A_bck_!uIx##`2PS%k%S%d7IcSp$@7aiO2W0&s)pO1#$J#wi@%s)!}P9xj(i{
zo8wbd2iy01n!5`cLHFk0)V_tCBWr3oW}nlu=jN39kvazU)x083EiAW|)Pkk?jd%o(
zIsG1|@22X|-<RQ;rV5E)(~D=C>%oG!33)SL7gj$)`dgY2%+)*U`whLqwM)~_y&kBh
z3u+a#CDu=j$|*jd+SPB)c+{=@9JNyEyYzMLEYx%ck^*$#F9-OLKks*IgwFd!^+7jd
zmBgnzY6GNlNAu2E5M{>!ual@5YaPZPYaNV0j81%aNh?8(G3e@s21HMxS*H38jZ$Xp
zqh8c<9By;X$Kf{D9mnlbyoN2jCG7?qq2-K%hW(ZF7-r5PjfR;#N1x^CuUvgKko^pv
z!b;lMPtes^EyNz5rz4>MuE@fHZE|CI2df>{5A48j%`H(A^c^$}_hxM^RA{_~UE5)6
zunb|niY7wqZfx)K#wqs^{u*e)vc97>%(v%Qhpvb!B(kLzvNr_F5wdc<D^nNS>8`#q
zR3E6du$*DnT|9bgrN-8-7r3Tz23{?#9Hz!}{%Si|S-c~epdR?;p(IN63=;QOZ1@UT
zMK|;+v3?FjZAo&$7{iRf*kX_Ak~FJGevTe1WAnmKfFFle@p{f)B>Q6A&VgbmWjzFF
z1X!$yf<Sk`a>gh4sPI|DJ9$;iiU3{6yM%0aEkcZ@rJWUQ7eNbRG>Hae4wmKNis(C!
zV<3;doCmid$z0M)M(&h+&Wp)MGz#XuNNF&yNM^&cTJ1TK^^s%)`*=J$kZ((b_L*pr
zIrQ#n#rSCFB6KYxC0OC1t=Q{@HBn;D3^YR!HASQmQGi;O0>{mMraoMH<LH{MR^|o$
z!7h>izMvTMIq9}nBk^H9$EU6b%O}KHp#x;TIGrjodJ39eBE7ust%*O-yu6Z!^A7sH
zthRC-nO<dH+u5FHBWn3zk0EZ2DW}8gt}$KTYZ;GSxAyMXY8l(l$=AxEjm;W_^(X9#
zpJ&VxXsghE$GntXu$w}fUe|#&5!w-ZOrNY~#u_ia3ZhxQB{SDc4gCe-Ug#y~T1o@)
zUi?D%@L1u|lPz&o{D#5&-Tck`X#Q!wH$Rx~vaK>id41h1^yl&?+`r?vnsDiXR>XYX
zJdh+Wi6<BI?rcZwIPoqkR%Aq$WKB$q<9trEHCa~h^4Ky*zu8lc+2tM6E&g|Xj|qG9
zu&P?`^yF!HUv~JMtDQBSW9&bKUcmnSpZrM7Zcnk+{ZXT|SRZ<XaaZQYhyb!h!h37L
z1-bPi&o^ihi_6nWxmrjNGtVW?0L@X`M{X^F8kT=;3o0fG5o>3q#h+m>)yJY?|2x%w
z#a#N5&}ex)>UcDuQq#t~tft*pU|#|8-;PI<QITGDJlYt~^45J#Dc2IybdKQ<c05|g
zqt!?MaRj&H(KM>6<I#K_*zst&E6G4UG7wJ=AJ*|`{>Xw2d5mZj^j^oKg_0P%%JYph
zrH)5)=Oi_6Vy_uP+3{$x{M!AU-g}k((T+#+c?C>@e_mjIoE{jljz{Zwv@041J`S|w
z(foNA_j#~b>Ux;x5Vh0s$Kz7Ti%#YH5H)tCLOhqOg)2h00~Zc-&$;;~dEZ6&)iG&&
zaw~P;%JHvb(u5bfL{5Q@NyE-nJ`M=G4p@tyPu_!$No#*5KJ)}SCe3N0{I$Ge(i|7v
zr{hEcJ0{IZVEj|Zq-nnVZvF_?e{BmY4wJU;S8qp8h=#oXtWFQ`xjjD<8=ud{Ss3Ki
zaj4U=n)k=L+hE-eBi-gA+YkjkUS2gs7gO`74P@;<rMzjpn;~P0J?H&nM|23r5YEeR
z&aC~TQSQ+tYG>pv&;fDhsAH`a&TGOM7$xss+Q}sJ@B{S_=c!USBfZ4^<+8kiT1_t}
zPU_M(T|$y=(Q~M=l^->aH@m!gT3OqUldUaW{WOmbUB_yHDLU;?aBOw9%*N(wY?l|z
z)ftDsnwxzM^)cS7RgODXV_UAaL$&GM(%LZ+ws32o*Gtngsd}YW_O$vaHLjs$wluD>
z)EUMWXf&>)R8};mRz4eA%Xm}W>}O1!GZt{3(o$K^>YcEhXB)Er)h4@He8!o%S<UL~
z?6*XX!B6*dew08DAm2lqtYziVVYOG$8d=G-J(G+60-f5ZFRr6j_A!Y%NnSBQNR-by
z#x`A@lhkuHZTswEaoW8^R<U^9J~x|KE#2PrtskqXt#8YrurxYKbPIH5ZZ<GY)9rj<
z7k^$BuwB|MvVZw`xsZ8ExHK>8mru1;wl8f<NTfe4mM&u(cqhcu<ylJevwPJ-Q0e_R
z>47f&T>?Z*?kG<&#y*~B!ctCKx4yJpgLX0eG@YvDoEjO@_a7tT%$e;jX;k8=OPrOS
z^X9s!o6KiKIq-agybMOtTWxdq7@}}yy6kbWcBdv`y<)dp=kCfI{fJ0NCiq+mwX*Q1
zVtZ2c8}InQ3MiRL9Qwn@ROE6sM0@f&oQ^QA>&>REN9ppZXXCr4kc8G8^Ep>$?vwyO
zuZ6R;;+&Oxno2J1IvBBd8}S{jtb#@1Cx(Q1Uzu~M&!GuzPw;PyYPUb9*50-llC=4*
z+nhT8_5CgF&rthz8&Jz)_qyAF$F~7<?1OH-`D0mof8FllEc5w%sAac|Va7$0<LlIv
zt+U^{fQ9ljvZ}&gnUh8JsbS4yvZTts-&1)?H}8jaw7JYQzw~W+)))I{mVYlke`#^!
zjyBgLVEh{6;we2Nyra!=W@hS{^YgvD*11+W4%qgY->%M%Hb?G+yuDbhFTmA~Hg~rA
zJ{wu{POisoXZf!#Q)hceo5$xK>=6}2gFD(>&pCJ9(dO7!;im;+505opsb^`&BN98>
zyra$Cti-3<t7u1?1EJQ@=HaLduhOC~;k^=#!L!8MJ<GbI&9xM!uDiYsIa6ET)<dF*
z%`!LF=PoL|+;gXQX?MhVIR3(`jyMnbp|AX%f{r-X+}VHK5kJ4tet=|ca<Q(tsBein
zcf|QFZ=Yfuv1I1X=a`A%_-LbCBx^^Ucf|Rd(R`BoS3W!&_W9cR9dXXmokC%0*@xK=
zJK}sp*#Z&c#{TB@W28HG7UitxBA;%5*0Dc3;yisXx!Zuqe)frU!aLFoR}`xapCiLs
zb8EdNXbm|jn}ZV{KXsTxsUyxsm!j;5bMT;KeDx_I&i$2E>o=^Vc(T(6n!nffgu9Mw
zjPKx#VWNFX91|J8S4Q4IHDdql+Ukv%JKUY&`BqISE)Ijebv%>lhIE#uhp})?Ji)%x
znzEyxJnr$Y$^PLJh`00|vUb0;XQ4OrzO=ktQ_i!Os%O3gqz_V#dlOR@Dn==Iwxu>R
z5+6N~Oelx=Jw3wrwNP5RpSt`?O2k*|pIJDZ9beib<=hhtLPyHuo@kI(NU2YLV}7ST
zaqQ6CUQlk9E1DCsYZT7nxVh)r3)=zN{P8RX$!8-rLfVLPH0$PgmwNJACwEKP(wC7s
z%d}jmNtuF4uhRn85?+fW2P(AXgY{gIn}x^iDe3RmSrH(qWvU$4=u^Kw^nDp>Z)f#1
zuMOJPIMh@5f4wZTQbU>1r|}PEs7f2fGTS$XIiG6G+AUP4$~*}RwY<CY#|J<CCCtM)
zkNa`lj>+_yBaJC*Pxw1kvd>Z{PpH&6kFP?d&lTZB>$ws}V^X{<X|XQj=1Q2kvhA!0
zbKtb=v(7`=w%1`6AwMVNyg3{v?+0^6mQ`MlQ|?ODmB{W16xtQ}%NN!T^fPCQEf~{+
z*qYP0-NsLjIp@AR&*z=>-=%lV=gjT4M#p^ec(nT@IzJB9eP!l*+MLj`l51$9R+&zv
z&N3|*YEpJznK_YX4G9-@S%%u%tW`|flGlcOU#Qkjmh`90`0w_=@U!*!=)N*@zWd6;
zhr_YaFEy@oEMIx|+)a!>A{s@?SpP(RFQxzd1NT&gd3rz2XYBrRo}5$eN*xs?{pEe_
z9JjK<)ls+IooV8z_$_$@?7<J_+?>+i*X9M4XY_t%zB2!y_fzvNy?<lhUz>l?@53ER
u_}?pf-O!Ha#UqA^X^vydd1RwzdFtc-UnAOpJ$vkMN|tk%p%@(cZ2k{MD3+}N

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/service/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/service/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/service/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/service/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/service/c.tf
new file mode 100644
index 000000000..ce0d8da46
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/service/c.tf
@@ -0,0 +1,32 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/service/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/service/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/service/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/service/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/service/nc.tf
new file mode 100644
index 000000000..823de9b73
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/service/nc.tf
@@ -0,0 +1,32 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "unauthorized-app"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path = "/"
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/service/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/service/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..19b4736098278a6a55c6abfc0eda7f7c8ad721a0
GIT binary patch
literal 66300
zcmeHQOK%&=5$^K>`47gNV_BB%J@~YjAjl<$B*-C#K*+LIOGgqJQc}EL=&vWKZ_1UP
zF3ynsCTTSYdpILbKdP$h)m7F1{m*aacjgE4;@hV)KbwVFnOk#V?#;|Rnk%|nn>jtb
zGo5))zw69vb7Icu`g`^6egEqfy(_J3YvHwdL+!j9X=iC}sEs@NT$xY(C@$#91Kq8^
zjlmtY9sP>Nx#&lJOV>~I&JDfA;~sx!_%7OC&^s%0Iq2(yGfVlszHV<_|GK03eWK5*
z??-0Und^T1*Zrtx^qVDpX7rmo`pdkB$BbZ$Ienq~kLq_WwoYgk8b^8@`o1H~18xE{
z+yfIA)IV?$-rl|WmF8gE%Q?gF(O@RGgVDr5Xh~RG(8`$ia9R<5bgRHB@U<pNT+#eb
z=!$hTTp1_y_l0?7exVVq>Hj%l3oCC)&xSAxpW~WZ`i1%f=Em3Gsam<33iN$Pv-Mkn
z`b~Wgx?j><XZ>vNh?eIxTV9_Z%z5Crq;<6VKrmkPbH49kIU}fE_M^tSv3(4=oxJaR
z4O`<=t#<v~7qoU~L_rJlZyMjMUn46TIaZ(LvuEa%<`GH*+j?FSq-H&|<}`x2`ARSX
z#4LaJ<9Abi=;wK0rdtKZuj#`p&CXy(&;-62uCty$0{i#0A{eT7H1`|&xUx&PAA8?X
zPZu;Qa7)NfP~{YyPkZT?LXUcsPhOHrzoqYESD|jFBP@Ui{&NQ$;@ACVkKlP<s6X&#
zNJ)IVqcH$0ceL)T29cKzSWcp6$U4v;a~)71s1wgFNfMNxLEAStAZ7~AGBs~-lsvSL
ze$mT*pv^t+2in}XAGCA98oKa3aX07)HCGfk?7xVQVdd=NXjsW9{49=t#qz6;^k={n
zTGG1z23`$mA^Lb4j{yI>A`J(+$xRPCXzkE`pa;4#H%Cw4ci=QUn^mu&g5%A4*$!QU
zaR}{II1xs7)6YJRPI->7*U%<3>pL2Q=yNHwkVkKTu7$BZ(ClY~?+1eZP5*sCm=GKY
zzH>?<XtuyeiMGE|+siCa))F)i)OD-yDhM=K^M4r7NgD0zzVv-Z7_c@yG_n=pMKo;i
zG;mb5Z%=6L!+*f`H(M%e($Zj=-O@WL^sL7f$Ln+}$Hi}1Gg=Zf!DsIYGwkDlJqQkL
zd6saHc;3#O2-dglPg+gEW1bZPs)UUWOGIe#j^F|w{emd&6;UL7KPToh{W6X6;wUW*
z@{fd3_zYmtUVQUY2`5Zj@8Bic|Fxo34SJgQ5@<@A$8-0tr`L~!AM^uB;!<m_nPF87
zZ58lJ*bnQT2H<;5g&iz@cnP6RqE++&I=m#E@{m@C9Ti(L>_1~Kl&qIGnSCSBg&?IM
zA)qzEXMk^5sqof_U*>H#`w8s=-#nu<+-k|dG&}EC1zUvREubdR{W|i$pJs;PlG?Yv
zmX7#XKHt@vFmp*Cq1-9_oMpq0a1^Y2!BS`563&i`BeM_xfp7!Qz_?#Dp5MEcsc?~$
z_7;w&KGYrA-v>J?$C~Mg4?^F=9t-@RrEDbLG5AcBdpV$^Yr0#Sm-G)7nf&!7?XI2C
z%6vPrGp5)0)P2|UE$lEsqR4u&JXLUX2zrq0ak1Q65q!XTS(3Z!E<d-j5Sf-T@A}mq
zXB}(&KzH$zG5L5{SsBy#y~gp_eQgb#wH9mjihi1+0lPXja}egA&@0$ViCZP$R<8bz
zbt(J*VjrbxN1J^>CW1R+cl}GxnIYrFR)HUXsL7=E?%E3iJwVR-2V*rQ*pfrr88$Wa
zB(_$p-f~G$W`D;mNu4$Q>L;2pq{BVgnXuDt=?d@Xur;?W>kEm+wQU`qR%j!D`h7n(
zfy-abAIx9O-_4)QpUoemHAw8m4dsZef>d0(Q5L-WAtQez=^c;9N20n*f(gUi%5CT-
zkmJxE;H~1`LcQ%zfqF616)aM=A~0{Z>V0By#`xgyS&IZfBo#Ek+WYZw(rAb~e2>-d
zbvygmC3Y>A?Ys2xGIMjLkjvleUK(Us+XvdjIpi>WldNq(vRdvPCqp;;uoiOuwoC3c
z<>Evsc5K`jV!2;Os{|foyC-p+dmy!;whx~_+aMfAgc#`5wbhaLt+e;OHeQa)vk3WH
z+ACHY10`(z(sqaszxK6O!uDffb(D|0N336{6^LlM=M;G#2cs5yk6qv}niqYsS=?-K
zW5=h(-V0TPUt8?`7|i12zHTYjuF&o5!>iI_?_uS)*n3EJi7`p@wQo|jWE`~EdmTX@
zx*MQj8^^z5`BjU(f6?#!wb=V~zlx^hVYGRw&t|jjlKxO1yI7BC*ZmM0E%u(F702r|
zq|cM`0pi9G&u_mEzjKZi(qivpv!7e+eSGG44ex)R)!`Er*<$atG#K8u*!v+gV!rFx
zE!N{&?7a(1#9t1x!c(<fj^`X^$=b+*Sszo5x)v?=-o=7@*JAHoc#Pj6@=fy2TI~He
zjJ7}RD28Mhq1<w<#^F`l&ML7V@5aZAER=lV7JEOAd48&+;{|%iIN+*b$dEyv@>h~=
zpC~e(Gm=90?_~_SKZ)jU(fIp`#(zn<goycw$7ktin6N0&7L_k6ZSxuz7opo}QTd3I
zs9(FywPjjVzNO1}uWyUWw@|d-u)<qZzJ<r|+ixaLV;;7F?`?NPLxk@+1AyxS+bjU_
z+@yGLV=))cU0PKBIF8+?_3_f8^7oB_5?+APc8Cw}*)AK#dA|G3lgdJ7f2muePxAla
zZMN|tW8>Sd@z;s=-yQ3p8rzTEko{HB$F4wV)qHp-52;E%`<qcy0yM?ac026|2LTNs
z@1859Z>L6iM_<u9=N_Tnf?w?@U#ZNIbbQ{1%q%SG5;OdnW@vL${U9T=#QXVb`lGdy
zwfw{8CUcZ4TMjkz2hd}!8Ubmr5g5r8m^`E!{rjoS?@B*`jqlZ$3rw|F&yQoP(ATQH
zZ+om)1>W}Q7lEEyYajh_m7<zZ<sR!omHYIAYM94duMHhFQQFhU8gA*jA7OkZl&_SE
z*9U(Z*1+OwTsdpxa}PCZ<8zNWYoVmcWoQsJYv2zf&c&}4N^hHMHh<iG8dNt&IE<Cj
z)z`u_a^3dSJ@x`^mB0Phwh!Y$dRFIA@$_MRhSFh;dM)`q!fBKZsw!QZz6RFv*PyQ%
z|6aD{Jh#rZ7m=@t%6@rj&6kUFPo-*~h{HT_?VuCCI=`v4<h#B$J@CkqHjkXC8NXg4
zju9NJPObR-aq6WxV~M>XZBfN)eKq3GxsOsc-^K4O)!Z2pIM+9Kt@n~~=Bb>veoc4S
zICbL5{ds$84fj&KJ%8MI<G0$Dk^9ZvO}m2>Zj0oP1IPGE)n4Ch8?vW#&2`Y?uztC4
zVAszS8V#&lJ;bQ);TTKRR@eHDP;;E#iF3t)D^wWg^H<>I7L3KzQb&s=YN$V{s0CTy
z`a0Z8g+Jzw&ecMm2G02Ad4<W==eD<6Z>KX%&(?Sj<=y)IeeBC|%qvcTSoP5es7lRQ
zopx_R)-&Q0aprH^Y0;Q_5f~pEN-1skU@A5{7fo6}J#*yr3jZDDj^#d)H#TZi==HpL
z(@7JMlV%0eV=;sRv8ih)Cc;;Iy*O&vl!$`URn6np7W{;wuf?`dswR4Qtd;Vl4Pz~1
zq3Y&R3H66lCPyunI7hHNe)7d&Z(6bv@#xww4Ch#!?b~wsNcx_{k@5-0?%7W~JM3(P
zR4sHZBG~3*tv0J@O8V4||9n1Hk;@@l4A>O?+2_qNnX*iBSP;!Bv6QC2g>j{DEvI~K
z%n~s^rJ=Hat0a6~m5e?q4ewI+M2-q^ypL7p?4;we1WIY?+dLEFl=n2@o!zcWLmxkk
z6OfSGkaFVDp=Cw-oM<HRA&<T11bbgIvWJEiKd-cF`a7b!R+RU7@+~)SMZaVF4Cgds
z$Lv+_%|W#0oZ=r)#cD~<uIbx?{zuIFu6<69n`n8FTI0a|&~jzlcl*lHZ9KQVySnEp
z)wPSaac7P9UH71imKQlL({{m5{vN91%X@O&$Np>0489Ah(mNw*z?KbSZm#M6hA0nt
z-uX}HX?c;QpxW{x?e0Yk7Y^eyp?sy~MgBmVlHaHK50Ayi7qiZ$XkeHPTI>8FL_)T_
z$Pg@s^S$HrnTEhbQ#7cm<wa_!;J)QWjzPtJR?;(_M%6x<Gc7NY=^WbloNTB$SyFt4
z^i^+F$$6)p0i;feQ|$7*xzw?F*YYA=n3UGz4}13oIRs_T<!O15F1?N2h53JV3+xYG
zk{^ci?pMS|W<4*tC7%rRRmtMc$whp)`@1as$~Wh|<wc^ZDNY@^`G53mI!xTtHP~m8
za$Z_#ep@a&Q|6v>KF(&uC)N@6$q+YoL(=^{>AkU8Z#w64pLvnF&%qgHA#z<2)KA6k
zB<Gn5c94ezKDeM=;Ft96!u&*cSQ+>I?k4s`PsnTSW^=l2o%HSA2J2eGF@7(ZlCkI9
zw2VnDr-%2D*@s<?wq;C8ZD!^y;W1-FeB-;_%i?&?mN6;0%Ybc+uc5Rqk^7XJR6W0T
zy~U}x<hV?f&Gm3B`xaqzrssK>w0)d@_ApF@?>_85HaTu>wTwyFOzb;dllG2p9Gwy?
zz2UbS#!trL#mxtbA5F`cWF1P|xGiJSx0(iQ4mpowIuA2UM`7RNocxWfD?p-OfAeC5
zYs}3m65Sy*cR}8hYpCRt_vBhLj?v|iEn`w}Fnw(iPg9mjIM2~g9>x{LO6$!wTOAh-
zld=0_t&0BrTP5M^s$^VBX?P#@o_(_fz&pzAFKqKfj#HldRO?>IC_)uV){Rjm57`o2
znUW>UxXwM6(>H8s+q=SDQ6YMmwTIos@!sSOxoZ1Yx8zsB57P93Y;nXix%PDKe8d>6
zjn4ri1I!Rb!I`9(ft-Q39eO;gVU(~`KK$V2;ojc5;6|>nm&)hd?mmZ9#v|9%3|whP
zuKUf%l~Krbb7jOpX!9J?;o6>2eb+0>(d9KBxAyFKuPAE^{b3heYT^oAhEbetv+Vw*
z^b<Ead0VbEb2_EZJR_IZ<cgJWL72p8v*1tIL!S4(&aa+QMOsR|id5s6Gp_miNMpF6
zF$u3crAUi+UVJZfG_J%AeOv!NPiyB%GmRUA);09Zrtb555TvI(bYG(KY2Fb^YjWL|
z8<Yno(v!aWtVE0sF;UPx!8;HEW%WY#p|9yFWDw$>wrNwkf8YB!3ZH5{Pix1uX0d0>
zwL9`upcUBWp-<45o5z%=T^XexolA7)3!>&%MD0uZoS4rvwmejwMt5;<$8-5oRd59-
zc`&SVQu4GaWAvk&SI?3@*a~q^l}dxYAGCeWt%{LBPZPDPgchc*Y`2%GLneKu!Btvm
zYegVYo0qzg2R`068R^v3Z>@+#i<e>XtHO<vuQz9Xs#0BE;LdvdOs2He?1%ZhxeRq-
z=vFYFk(WX$`qzLQpYaqo<B+#PR~B?+&YZ&@(@dRH#p~<T%lh)|ISkr$Jjy;54K>ev
zZa(EW7&Wi5rkk<*ur)E(0-k|~*UFNSG2|J!v?kZ)Rc1)UX_Nv*ea+L_xtBE1ean5^
z7|x@usN5MdGLJlT-@M8K&)ru)4Yhfd#~^uJYqoin5uLMbACqgCfVVZTGW4G2Rc7sP
zH{CR^veceQli+^RsCkvgq><0F=2aFb)z+AsSGk^7d3Q~k5Z|ArnDIDL`TNurzCfJR
zfipX%E85iHo6XO>i6cLW13$B^kP}BeA#eG5ePup5{mt9PId1W|yi|`JUZ*)l8*yzW
z<XSIDw?u?`XU?eB<(c`BV0+p__%+qP{2P6HLw`pl%=hLkMHc>pe(A0~&PQF6hWab{
p*FVx#ViCvlw;9Xm8NWoGC?3Joud!Yc9gbL9+0U>imjXgh=6}_2QbGU#

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/c.tf b/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/c.tf
new file mode 100644
index 000000000..1d4c8dea5
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/c.tf
@@ -0,0 +1,7 @@
+resource "google_app_engine_service_network_settings" "c" {
+  project = "gcp-project-12345"
+  service = "internalapp"
+  network_settings {
+    ingress_traffic_allowed = "INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/config.tf b/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/nc.tf b/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/nc.tf
new file mode 100644
index 000000000..525ffb2c7
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/nc.tf
@@ -0,0 +1,7 @@
+resource "google_app_engine_service_network_settings" "nc" {
+  project = "gcp-project-12345"
+  service = "public-app"
+  network_settings {
+    ingress_traffic_allowed = "INGRESS_TRAFFIC_ALLOWED_ALL"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/plan.json b/inputs/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..0330d4b016d779d33d3c0ab9c44d125ea5820206
GIT binary patch
literal 14180
zcmeHOZExE)5Wdd^_8$U$Ua~apI;`J{ts4pq9ncjhx*`y=CULVlwjq1nh9ZA`>+_Jl
zNxaY!DZeyn1OcWg@yO%7^K|;}-w*PI+>^cKRmizarIJfIk%g4<Ue3^)%LVREq>#rL
zSIB)ikR!BT8rX#!T>(~SX`A7`Jit6(N9LKy7;{W;oyn=g;skg8L~p*tA;h}Iz5<?8
zhxsMiQ^1S?<?)WgG+{aa6fl*%ZLIYs*rkrQZTswYbb<Yy;;P&_x~oD)4*!wEy2O|n
zt`cJ=cyi(BQ36Nu<URVtvUGPB@)sa0`2&4EU*O{S5qbw0XL)7uvHb!PK>8`|*e6F$
zFe7=AKi@+B!Cvb5wz1QEthl4g23CD2H3QwJjvu5~<v0?~N-mRsb8w{s9S+cPWK&ZP
z@O&y?$va>)$1k}{j?QqeNvr%l&N0(FtVa&U_3_YXvXutgFR<G*jkJ)qUvx^Z*WEN7
zw6kkJPd63Hw#8DTRA)=aP1?G1$1UpX7}pfK=yk+f%V+Xjev}vTRDQu#%1iuzB0u1I
zCf}j|M1I2cv%JEH@6qS@m-znzEuWQm_8jeNXkF7*Tl~8ESG}N*Gi5`uC?L7ii{C+u
zx1f~zjuCn@**8!3;Zu&_4<1JRfzH^~7S8h3mQh!v9rXG}ZKr3URn65SUA@3u7tUtT
zQ!KEiUuWWc%{Yt3SDCc+JDgz63x@^0Gd22l>0)0w%#r=HHB#xHXFqo9+b7VcTv@)W
z-n}2K2LDb!mZt-?wPXz67M<Qb|L*<$;LBA;V(ltlK7*J24L+RF@&4e+|39~fG~88G
zo#tgj-1g)+Ge%1B`|X&-R}5inEKneN4f6pdWR9mZo~r9iMEqpZZY_5kA#}$F>&63&
zi9h}6o>Cv4yHj?4v%Gr|$e8zy?XslWMVaC`%V+BJR1%j?g|RJHr_?j|$4pI%=B1tw
z3)t<mWnNITKze2h^N1EJ?Q@6c4zp@`=1QYX4ZqD;Bo7zGN!#0+TL^8a?q*e+Dk}=V
zyBxx*cw;lUgH7ZNtbbA(*|w=AC8DJXa>5grlhXWso}^MTneXKpfZ0oC;nVb0G23o5
z@<DQCFvY5+Q@d%^eC|EW&v?q6!*-2bekzT2As3m^kIkCP$?e*|?eL+ETk#cF@vfa(
zr1<XM$fRT<KG&!$ZSO-|ruLI>T!*-9Pu?WOqczq1zjm#+qiugzaoIXKp|};aJJJ5_
zi@`RL^BE$r?PXzy2uyXWtG%6(aGwaQ31ck|y&0>C_||-c^8~9PG;h(C@zB#CD_^wI
zqB&C=ta2u-ut|ZaA#HZ4PgMr%t5}mX#(P^k-)5^snjFwQXdCw!tKw#6LWioVp{h!y
zr>pIghqZHd>3WH*#u;+XUW2Vxr=78N%>pz1?dnmO)z?}_&7k&+AGd4i74v?$DYUlz
zV%*KFUE|;_IV<G&hQ-&OYF&$R`KDA-Db{g2s!zMxe$dvNcCDh%Rinasto694p1hrF
zDHUIB-b#01+g1L`j<fxEu6GxdSd~rgxBDEZTw0Mv-BqJ07^JS8NB^6bt-CH|ce8>z
zCA)W>R@bwA&B%W6_M}*zhFBVF|MT_s>*UasI@<R0&FeuAp1r1DUIedjpU$(#bCfCm
zQE}HcPx4Z|tIobjzuvaH<7lov+?&O{&e8gK^3ql5`)??Y<PhHnJVMRiA-)vg*8&gm
zjl?0o7I=)`Z}Iy;zL8&X9t<UiaRRIT$2cpVxXMATJ&C`|_7N>t=67Sh3TE}2Z=M|a
S6%W7DslWKB-}RD0SMm{eUMp?@

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_service_network_settings/service/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_service_network_settings/service/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_network_settings/service/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_service_network_settings/service/c.tf b/inputs/gcp/app_engine/app_engine_service_network_settings/service/c.tf
new file mode 100644
index 000000000..1c7645885
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_network_settings/service/c.tf
@@ -0,0 +1,7 @@
+resource "google_app_engine_service_network_settings" "c" {
+  project = "gcp-project-12345"
+  service = "app-internal-service"
+  network_settings {
+    ingress_traffic_allowed = "INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_network_settings/service/config.tf b/inputs/gcp/app_engine/app_engine_service_network_settings/service/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_network_settings/service/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_network_settings/service/nc.tf b/inputs/gcp/app_engine/app_engine_service_network_settings/service/nc.tf
new file mode 100644
index 000000000..019acd796
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_network_settings/service/nc.tf
@@ -0,0 +1,7 @@
+resource "google_app_engine_service_network_settings" "nc" {
+  project = "gcp-project-12345"
+  service = "internal-service"
+  network_settings {
+    ingress_traffic_allowed = "INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY"
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_network_settings/service/plan.json b/inputs/gcp/app_engine/app_engine_service_network_settings/service/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..4a45c08ecd81d5eddbb14cf4f9a1fe336873c514
GIT binary patch
literal 14330
zcmeHOZExE)5Wdd?`X2&)UNR?r8Mbf5))obd7U%*LT@eUbUfisXZP;Ghp~zp~`aEO~
z5-&1EDz=lff`Blzc*o<t@Q%mR|NniFd-8*9T|R}J%0y;zE{C#^Qa;KFdUH9$uVX3X
zSBxuUS9W9%?T-d_;YQB@t5{+fcI7_sJZ!)-l@V}^@tnx9qv8<1{Da>7l7^7#iuxJo
zoH)wQ(H;Y41Sn5;GfW+p_$Ppw$x&^tcfl%kylvyy?dSsQJH|6}^XRGy89Mrhj_ML)
zrg%z>8RN~F<3|Y^DU*-rlgiTlx{yzRoXH3D`F??i<A><&V4RherN{OQXaM=Ayknmd
zIRr+^Bp=^G{>54<eCt?gK2==Nd5x+roSK5~6DJSyYvv>pVx^QRzd58b10QzKa%A07
zcJO{8KgoMgG{;{`mlB=gw>q!#*Ek2J_n40oY_`XNv1F?awqIbiX%=ZAZNF&MUT?c;
zHfXVHKhHK5%C^O&MXAk}PMX~7PMx%9uOmDY*rK-)zgs?+m-0+r%M<wnPbvHO|FJy9
z^IU#I|FOKl^Ge=e#P8^H{67AFjh639ynBiEEv&A-S6lkp`WKy`4>EN_sVJbiw2QyN
ziz9GKea8^Jscf6K+wduS@COeX{DER@YYVsYRXd~3=y%a=Cp~X>wE7Wf2zSz4%Tjs@
ztnSS1BJ>>#VD&SPo%b1Kas48b+kVYs%z5UhpueV#-!1Fxs+l>~kTypu|MPZ~&3gMW
zEG$=-zgK_XjaR+Lr)SHvfoiv8R3D31dyn6HeASkCyUgSB<kNflIPb!@n~KBJyl_a{
zmK<cpP$_XioRa1lLl_$?6o_}j3_|HnUOYGR)U0t~^I0aon{GCOXpbMR8!s?szWICr
zwLUzlr>y*TdH*8NG4DI$x}?@co#M&N=l0^-sW7(X?9_T@3z^$VvAon1Wg&k7r_Us6
z-bl|>Vdl|NrG2jO^wJaLaHfJ^XRMMYC8fo-cQqRk?xA*7wx6mi3b(ne!?M_8UD<|J
zWErf-Qm)yyZZ{>e7-Qs>$1bm>cK~_1OI>Bon5PD2K$*!;vtXrcz46Hx$<@k~eJ-8b
z^?lCg@579a=iDiFvysbLrSUG5B6D3$SaT)0-W_p0a)?Q*dB$b3i*t({-`uTEO77xY
zjnmTB-bZS>fAZG0kJPs0T~dTvan1i1w|YC;_WMZ9a)kYxkJMJ3CF&!z_2qT@2(8J6
zntr>Rk#d&^tqx<)iS%}?SmMq65a$h6T4<&tmI=^ZiPbe)%~8h`gH>sSRXiyW6{O8a
zb*cPd4HxU4Mz{&K_*PqqQkQ_PLEF5znz_@ya;vZ0QtfGLyJT)H&Nf>wk@Yx1mfBme
zwd%ApxXxJs(`Q%n!g~O%r_`KlxA=0sJH1lgjW&hWwp$Fmnz<_){7%j)Jl@Ip`c|!!
zQ7PY+YAvO@c^}ocZEZJb>rLBc(f4XmVa?a|q^O=eF13`ZvY5Bh71(xJ9>|Wf{pRfO
zCODCvf9}SQ9H?CGk!$U>swott&YUNa+n3+Fs(0UK-F8Yo@G7sa<_GJse((Ruu{;a0
zJl1~i|CJNDZ8s0Dvvh;*{eQ*3yf|OsZqEO=XEjs&r>;ZWJUvSFzKVU7em}OlgU0NC
zxHe0BmDTkT=s8YtdREwz0lr#zgf9sO_<n)kFx<zN8w2?TH{HAL??8T*KQTVkBE}K?
uvTKCX<sqtEs&CYqZ^wNM%$YgTSK2JUOXpdW-xl%fq3S!7>h_o%x{$BXibiPw

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/c.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/c.tf
new file mode 100644
index 000000000..19c2abb1d
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/c.tf
@@ -0,0 +1,9 @@
+resource "google_app_engine_service_split_traffic" "c" {
+  project = "gcp-project-12345"
+  service         = "hardhat-main-api"
+  migrate_traffic = false
+  split {
+    shard_by = "IP"
+    allocations = { "v1" = 0.5, "v2" = 0.5 }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/config.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/nc.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/nc.tf
new file mode 100644
index 000000000..97c55147a
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/nc.tf
@@ -0,0 +1,9 @@
+resource "google_app_engine_service_split_traffic" "nc" {
+  project = "gcp-project-12345"
+  service         = "hardhat-main-api"
+  migrate_traffic = true
+  split {
+    shard_by = "IP"
+    allocations = { "v1" = 0.5, "v2" = 0.5 }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/plan.json b/inputs/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..cc0aa2b3d2b7a6d6baa87e79a1eaeec7b7c3eba2
GIT binary patch
literal 17728
zcmeHP+in{-5an}#{zI_Owdy!Y(c};M)`vbN5Ck{AM2Rd3lIpf7{OfJcS^8jiN8A-j
zT@p8hV2>z~oZ;L!9M0<BfBtsgxo7VA<EwHvZsAt$&Rx2Vo49*-jn>*t@#)-E?k)ON
z?u8q<3&8Kq*iGGgg|V7tXoeT=CFXe@m}lu`m}8FDwY#dRxWp&FqqTmdp-Xi`{R(t0
zYRc~buP|nYQJ(JbnD$uCzrdK4`_RJmzOzd8w{UoN+q=U0uJBsbc(kg@-PZKq)>Kc>
zXNlJYedhRPTJvK98Yz=|v`Hn~<kz%b^#<RN`#1HsBlNIRvXt0%1=*8x;u_nO#U&`9
zG}7nWxW7PQGv8s?m`)GZa@V3Kheu2Bc~Q%NoLWH&c2-K3GFw9~D{x>0$ewNM7~%Vc
z`@ww#MQi-0L}`6XeAebt`Wn}m=_Bw_c3~SlH`Z(Qz_u%_HqHv|NZY1HO|d?5f;^ej
z9BQ=ITkB1Yjk@0TGIqAUb_Fg{MxQXl2Vjuzx<za0&dj%G@M#zDN3R0@s1JkvyfT(4
zjFj#QmP5D!X3B)Nd<MA0yHx24FY(FpJ+3%UrSTS~c`!R#ZF;sDUJLM<>-9T_JltV$
zG`Q{|H}UyAxSObNE~MUbuk$;faJ2W#+?gLTHQVB&9!SR~?l<@vQTwy|1@HHv^&xBY
zICEuHtuOS=+=Vw-mtV=e-p6N2w4`#^Tkjk=xsy&Ib$X`5`MjrSt9jCwe&&rHCrUX+
zyJK}B%{!echMU8artT5nUKE$dr4q++UrW<_*>_wV$LN<Qw-UvPZ(UfTI7V0{iYrlE
z*Dic3cIVdE62)zwxbosKaWrrAaiX}PSTBsROTE>m3VTyG=QlyD#j_OiZB4fEeJ~~+
z-Zf7Z9qx_|_l*U4D*KWdylN}A7PIEBE3&IPdgV{G!}=rpqaHDT)y<=XHBw_NBz9`L
z&$q>81jdmOTZN3n^<%zYIbNOD<6=Ip@CGYnb~J@ET4h`unww8NT^`ZzT}@_RSsdkd
z4wXMVRKyvlzmk%Ll=`vrgvX3551$vbyOZVEuJ$n^$nO5Ri-K66p?MCG?~CPH+sjOF
zBAvU>_*=L?@ITM%OzYb)o}cs1xKG0l(=<SmO&c{1##fq4FkaH_9m(I9cJsPk-l;o6
zSA%#n6`D28D;6D)bYpd3=nN3nx<0)bmK3FZiW~ZvyygEdf{$BuiQ#1(thy;NeC|Gb
zs!9NQ^LA}ciQpUk&3jiOcwcvrf0G~H6Z@o5BKV>B!g8%dZ{kR7^cI^DDiORm8wYn~
zQ_{SEaHfrl)qx=k3uEklYJC(VBUUG~=JggQdtX=Bu2>F7`pWFFl2%om?U`b-0^N$;
zm=WUbc2+y5;*<5-tZ|+ly#h5yYGG^VtxKuWZt7h}(BD$uBfIc$+d6W1w0(YT+xG++
z!0T4EWRCrb>IyUcS=SWv)=<w&sD3f*e>Aoa#@%b=%`Kerovc#lt*3wHLv`LZPd4NO
zG^2%m*%#Z-w&k6>_1ni^Ej{|~3h~o&B6O-e1t)gjJe`^k-+H~f_g_QSx}RQHD^$CE
z4)-<i;k{k`b7A{d&Ev_@us-bFII^$TuFrElnw^)YM_E|AZvU_njPdZ5%g-;^Rqe;)
zywT&R`y)}BDnH6;_tR7{dK!y4O#{BBn+ow*aNnB?%_I1wYmr2U;C7rEbF-n*f{Jze
zPNF4J_4gk<<qz$Bx*v$KMe$xR);85&P_ip=YWVge&6kO*f^oZ-cG3O{sncr2Q+(Dd
zheMK*g)vgwPcJM+wM(2TPCR$H9<7<dzbkR7<p_D3V=qr9P90iZcokiaSlw$X{rvuY
zhg_L%$1mJDp0NHA&%>YNIUqiX|I+=6_iymb^=tPN{=dTO-Bym2aW8)#V}=~wC905{
pU;0oS&^@DiuSCr3$$Dc?L0@nGYYqH82LHPkyoqgU#>k-u_aDZ&3RM6A

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/service/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_service_split_traffic/service/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/service/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/service/c.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/service/c.tf
new file mode 100644
index 000000000..dd31c7977
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/service/c.tf
@@ -0,0 +1,11 @@
+resource "google_app_engine_service_split_traffic" "c" {
+  project = "gcp-project-12345"
+  service = "hardhat-main-api"
+  split {
+    shard_by = "IP"
+    allocations = {
+      "v1" = 0.5
+      "v2" = 0.5
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/service/config.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/service/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/service/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/service/nc.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/service/nc.tf
new file mode 100644
index 000000000..e9ecfdc09
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/service/nc.tf
@@ -0,0 +1,10 @@
+resource "google_app_engine_service_split_traffic" "nc" {
+  project = "gcp-project-12345"
+  service = "generic-api"
+  split {
+    shard_by = "IP"
+    allocations = {
+      "v1" = 1.0
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/service/plan.json b/inputs/gcp/app_engine/app_engine_service_split_traffic/service/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..74ef0e20ad37ac5f60ea28753ac20bdb997fa653
GIT binary patch
literal 16880
zcmeHPO>-kP5bZNn{D-YM6O&|F3it=yIB;Ui<qG*)gJZjF6QHR4b>O{G9y23rW+Zv+
zY}hH+rY(=U)#`4wTCJY_=kLGlbNkHRJbwzivz2Y^!LDp)GkdgKw6-?KuS+ZJJM=5;
z!X|bJ_=ShND|>H%D=J+SF6=GnybI7-+X6I}_}tn}$;B0Z`3<e@GY?I!EABVob5(Nw
z0C)qO1+X07VVpWH>92sZvFqAc?;EpJe;;;J_j?zZ-wi&SavaU7u=|q#`;zM!`mFJp
zq0bUe=A}Gl;E_6cM4Mc)O?l1BS?}<K(!VR8PSC^GlFy0XE}(l#PEuo=y0`)d)J8hJ
zo&5<8D|*AuF`XaI<)Ow;j*Qlj^QzPVCAEPTe5%web+(0GHjuyskUi_GV}j=^`_evu
zqb>eYqg;J!{8pDz`W&~Q^a0~hci}a7?yX+m4*Yh3*~YCxAJcEsqUM+%B|(|YN(og~
z>sITsT)T@zE;UvG8B#;Pfc`b;%X8hMwYD?w=@~rQCA`sB0dFLVeX#J>rADM~H&{1>
zJB&<?a3!AsuJJ8Zx8j52Y2CZA;{25GeVFFId~CJp*B1D!AZO0k?HlrM!;Ddl^$5L5
z&ga3sM16B1t)4rb+xIj^eaFnD{FG_g{&=(l+1Si}hNls?-`fxPeh9BmS=iIenH8nI
z&@*!n-eF#DCh`O+Gf9=MTfIw+$$fMVt<x_J=kZ?STFukG>@yF0nq+ZtW5n7*ns+)?
z1h<4IP2D3ty%;V}N@EnqeJ#!IwZ1>CD2`_zo<=v=8?MLL?Z141tRWRLuBu`;eoNWi
z+eVA^^lkY1eT=Cji8@S`?if?;pMT;amb%pI-}A7K6H|4q*YJo<?tN=2;9Hydw;4Pw
zPd3bbRhhr{K~K@Whn*@`>yOk9jm&sPddX~Bv6ttHne)dLXB7>*a%aqL`_USt9Wk5K
z%xZ)!QaC>3=(Kc~`-<E5rjaM=0_XqR=iIyUtvWq7bM-z~YIBBnm?0yb6v<Th$II=V
zE~n>qt}4f_jEeFsL*?=~&Ja1gIO~;;d`O)iJ7?F7_moGAvq_&{zdd}8&flB-5&PQ5
zh##A~XCDW#9z%47$i2l%t?pxH$n-7kSNvPq@A#YNbLQo}6wk7}YvDa%nq|F?b(m%W
z(rg;mG#FipmSDW5>-&+rxoqZGoxbl%55#-TIK4G3h<G8YX<l)(0ckhZ2D(lFVXJGi
zn{G`}+o!lIkI5na|Kj(!S&tFCRtM`}#t1&`R3X{Dd;~vC9`|+Z6<z*W8tH@0xc$&P
zZJYn^<3i8JxLT43!Ddu6#?_J$<<fP&4aX|NZi8u9u`yL_{5!_gZF&j+{+eu{%WsFR
zuKDZKJ4G>GVf8L+Lho@pc6E34ir#Sit=*cHrmAwRQ;IpOH!E6WFr>fzOmj{}B<q=3
z1H3qTg=UV{!mFJ(A!8MDRS!CW{f-qdS{DxPuZ|oU?VsxE>wAX0+-<F%FlYUV>jISi
zD64LHlc)CyRN)u)Kf-N;@=whg-#l6xL%xz#+q`*n??9;T+4(Q}wEimME`OlWe3%;_
zGcM+hjot}J@v}Y;YR5^U|3>80av0)1MKU<dmPDm5_Q;WtX!|fmYs1WHf8?s7$KCIQ
zcQ+p|wOzmMapMdrzh)$r%A5M<u4CZ~ww-r})nJUx6n1zuxn^~kjPtOkQTG}ZhiSG;
zJ@vnD6Jw{bmXl@y^gtg=23;~1JT#*&I)X1<AtOEn_an8KjJvP}73;K}#l~1|jMaDt
z+8woqYnWsFlI&10)=#OwAU)+6p)niNrK>dWF4^|MdM^JWX+P|voVO?YRC8_0r!z)P
zzC_+wo`zme)YRp}!n0^f#J9bw9?GrL2Y4-={x9tu?}UDhw?NME4g=pEerrGC`?q*Y
z^c`CK`;Gmym$PCN#`pOb$f;bRQnUJ>3BpxNE-vTD?8%x;$3a_f_jWnoA9wHRvmUCd
Jtf7RS>|d($x^@5n

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/c.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/c.tf
new file mode 100644
index 000000000..af03f26d5
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/c.tf
@@ -0,0 +1,11 @@
+resource "google_app_engine_service_split_traffic" "c" {
+    project = "gcp-project-12345"
+  service = "liveapp"
+  split {
+    shard_by = "IP"
+    allocations = {
+      "v1" = 0.8
+      "v2" = 0.2
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/config.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/nc.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/nc.tf
new file mode 100644
index 000000000..4f7afd444
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/nc.tf
@@ -0,0 +1,11 @@
+resource "google_app_engine_service_split_traffic" "nc" {
+    project = "gcp-project-12345"
+  service = "liveapp"
+  split {
+    shard_by = "IP"
+    allocations = {
+      "v1" = 0.0
+      "v2" = 1.0
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/plan.json b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/allocations/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..e0f2279665c55dee5237dd61401ad6d7a724ae62
GIT binary patch
literal 17086
zcmeHP&2Aev5T0{@zC*C*M)gk{G<k#Gdgv*EuyAA9Q6o!&q`EB%zk1v6TY9kE(Q=oh
zR&rb~1bfUCIULR(hr?O_`_JF<jl7cAkDo$rWF;H9lPlRtDfco%Yb$d+T}mPE(XWtm
znaBm;w`T0F>b=2O#nOf0TrPp<hZa0*SpdfppP5`&R9xZ7?`UlwX=qYiQ@;V7tBUeF
zz-x?IV3eb~eT+Yr_*WRSkx$-S9~-OG{uXv)x4jFj?;4*?HIJ^UklTv>+luNEeb)Gt
z=(EH(^NJrOXrxT;(I%B_lV9^{)jNDc?%!13PSC?j$x>q51!PaoDc9JhEUrKSrIC(r
zCx3y$8sD&MOs9uyx%24B;n5m=UR5$6r#6s+#Y)LiW?RT*0}f08+0(a<3BF&+ck&q&
zZSk8DrS+}x%;!@28n?jo8S_zg?KXI3tk>#+Z5LQ=oE6%UwoQ$iV}0ZVc~Vv!s<qZx
z>$0-lMIx0tR{<VULcan3C*W7lb&J+o-k5LSz@uHj8-3s6jTB=aER0?1jI>O8QD@7k
zlGIs=U9H?<j`K=7-oi9*Wk+k9UTlHS3S6Zu-7cZtY?wLfx$Yq)<?0#i>BnSWq_{$m
zI?jE~?Q)!hEq{LujqH2=kg3NOFZF=lVgpZH%CGP%O6^bb^MSNJWUX|Xxw4|t7y4oD
zxI3)NtwilUh3l!@b+)?1oZK~?ebP$~<=>v8t>#Hz^)qkuG)d#)=7`mWH1Bk(cx?$!
znz~24yofE2OJmH&eJxGz)xO7=tv(|wPx{~(voW6XW42V!*3V%-UgJzDQ9}rO><$td
zug}L=O*!GiRPK(k+WxsJE)w#&?*E-P`Z%##m%X;n*reWSQ-PCFGmBRuqT-2(8MHco
z__5VfbnlI)iUIp0z(XTGp1qzjCs*uc%VO62b;WN*L$BP~wOfDG2B}BPNj0-2?HZ|L
zEadFebeBPk+xMoCC-nk(h1p{UU$eG)DsN`|Emhj)3U9DN<~vh3Q;$DhhVXQmLAP_&
znR?CC9F`FrDyodrRh5W^l<=`Le>Qp?GUGRVrqAv~mScVGV?>M1y|RyjSpT4ShREQ>
za?STBCGv$!`GTL7{DI$j9%f$MW${GJ`x)LX#`(5-^}}TOj%$Z$8lY=S8#Qf>r4*OK
zcuD)akGt(`W@??hZz>POyU;kfH8qIi+OVcc<9YbvG-=lI>Wa;^m%>;b=)&1fXGm|l
zB}HkU;(k3Q6Z!v(*5g(^#_MVwteF|(^|UjD@@|aR9Vfc|opLJ#pCVo#D%;zP)ep_`
zhW3*X=j`(_PPZKK+s!CzjMJ4jefHNL`{?KpOdAy&qs7M4W1Jq6OZ)TZqysr|x<6)W
zPGyXLSV7FX)LWdkUG1M=RouS6>F&>JSFN=4F~ywyn^m<jBUFC-dFq_1Ox9Gh4ta6(
zDp6kox(0>qz9O_6@*ZWZq^@gHC(z&2c;?V^pGr>QQ{UPs9SZlYBZo)(r$pbrOXT@x
zUX^2x{nhl&<j<<|m-m4BPJ`ARw)-C)8-nVensvr`xO5Knm8=}+y`_5(Lu(VA|DsRp
zuVn7>2RfUDA&+4D**4>1|Gk71KWlMmJB}0fKIPP_e(81D&R)B;^)P!-ZLrY4A9D5J
zagnRV)7SRTpROi6N5ew1wC~HI-l6BYR%`KvPPfBKFwU+IuV~lR9meCl(bK3~k($CZ
z-KCuR-|&gi(^$<((*T}zzLxyE@>t=^i_2p2^~xQE8rg(SUSni7MrOQ0?TS&y$V{zC
zVP6g?#$zk4J{Yshrg`<g8TI>SWR|wGDULqqM`h<pdu<=)y#3x{jonx6INKg0GRu+I
zk|&|(6Ona!f%a82IbwCMuGDh=`VLtT%_CgM8QyYzi+7^W@U8~mguawt@b^2s1$&9s
zd;GkW4|~}!dNTfZf(5cOSEv}R|Ib2uJ(crDoS8jY8|o+s^>**d^KE$dUk6yJRoDEG
HLl5#F_&>lr

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/c.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/c.tf
new file mode 100644
index 000000000..8e70c93e0
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/c.tf
@@ -0,0 +1,11 @@
+resource "google_app_engine_service_split_traffic" "c" {
+  project = "gcp-project-12345"
+  service = "liveapp"
+  split {
+    shard_by = "IP"
+    allocations = {
+      "v1" = 0.8
+      "v2" = 0.2
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/config.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/nc.tf b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/nc.tf
new file mode 100644
index 000000000..ed7ca696f
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/nc.tf
@@ -0,0 +1,11 @@
+resource "google_app_engine_service_split_traffic" "nc" {
+  project = "gcp-project-12345"
+  service = "liveapp"
+  split {
+    shard_by = "RANDOM"
+    allocations = {
+      "v1" = 0.5
+      "v2" = 0.5
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/plan.json b/inputs/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..0783a0ffe38f9e3117e9bf577fbb6c7983912935
GIT binary patch
literal 17134
zcmeHPOK;;g5T0{^{)a;6uA5|=?c-LUmmc~+(NhCMNH>pl>)3|vrY(y6^|s$9W*})K
zN+cyaNmnp7T*{o`a9$h^NB;MpzvV;uKt6i>WO5^G*~*<<%3gB0muvKPvcS`oWb!4(
zWpXMrIYaxgf!!CQw}4eFT^LT~HSnCb;MvF$I9B*v%T+<eC7%3_-tLixI@KlhThO^K
zD8EB{1(+qE9Nq0ORaoL*17<64D|21cR;lA{+l}3h&al2Ke740rx~fcW3;J&hs&kCl
z;FDv_3g0XWe&nE$GPy^eRI*QgEs9m|@eR3uQ+zwa2rDH^iS1{QJvpabW1q6P1O=2v
zJifjB1qw@i<E}BD9<JrCLQe{hHsJHRkO4Whg%m7SN|rL)K`vWxV1||>tJX2Y_iOn?
z-hrYW{!*f}z73vLxfH*~9WcGae3V_g4W1b5wR&Lt8CDx+g%;BGsZk58kDMS+@`6L9
z);eol6}G#Kq*CX~z(Y#tSKxmO{OY-G(c8!?^X)5mv@>|4Pg}f^V(e=(W0yK3Et6i<
z*>bETbyi|mD|eW~ypqD(HqKjFXzkOBE%8}{tCXeNCDfaZGe<esJ*1>uJ%K%a9_@=1
zm#?Lcb6<129Oq!Kx<C3L`<_1}>aoR3J)pPP!V~B63;c>w`;GiCkk*H!mCh4amKFL!
zKg=C>k9E0~sNKhKJ(j!9R#%vlyQZ^Gddac;+e@_7H0i5;ra{l6G%jq8P+f@gPREMZ
zR`8^;d&K(}v88coirKiY#p%7;_Y||0XJq9`UpvKYjHl``Tl2Kv$Hl(yn=u>bh>0G2
zGlcFWK6riZkJ)~dujD)VTE3TW2htq2H!4NiPO+PELfe;VvuV=THK#$(qiif}j_y(I
zGuC0O&1N_$)w6mzA}pSum{BY9i5IP_>E0`k6%+PHghL}hp2eOrN0&9SXCZ5TUh!O3
z(<^tD?baW)Kk5;4RQ2phyGAOEZ8<wN-DT9m_P<c?pCQk1{g~0$EUuo?>o)+FD(!QH
zH&`L_pD~;%;SZNFJYJ^IWgW`Qy=HEPWeCUGvBGp!C1P7j_|TcaW;8io2Cx}L4$b`8
zoyc;mukVi<(=&bby|RyjQ2(HK#>nV}a;@r7a^w$J@*DoG<q!N#^Dv9zZi^>m-q-N1
zG0eA>s~;!pcUU`&(*Rvt9MrrumQq~WhD*A-`?%ZBdgj*2`=;<fyc-RZTU~<)*M>Dt
z8ZW~a$4Rr4SIn6@R0q0nw$tg;n{G)_+Q+zW56Mja|DyG<RZsD{+7fGMrg%N>457T6
z;&sP~ZhxoT^0iMBuaB4gZN}?Ev%bE4#m7PW+#jzG&+@kKgq8yB&jTYM9Y4kGV^r20
z)*j<DKqVUoHJ{>koc-Ks;v$F_%4cogA00@E+p93vM=>5^g)!?^Z*lr|wSm>D<96O^
zG{9<Dt;DQi3dsf3t8POeRNl?JbxPGHYpz+RygYanX;lKc25sAYg>P5ny~<Q+UDmA5
zpubbyj_Q(Yo7R!SqvolxYTr5Xe%F;M$Q1iisxx5vv#1Q_y`aAHpmmAu{zqYbt@@{W
z9da5jokM*kE6aJ0>E6@O+C}HT=+pWuoxA*j&SqPmN3i2;pYd_^y@eP*YjJ5mj1%^L
z<=CqpBf8WT57QjQa*WeoIhV87E^QrWRXU@#)%zk>FCLZ|R`}4idKPsx<0%^Eo2`9c
z_Ko&EPqkW$&v(ilSAt=7oqi8yS2c{sY0&ei6Gp83D5w56fI{>%bmlk>cux6vs|`c*
z^G$qDTV2zn$G)o;lD}_anIf|$Px|+|DKgU<q6{bA`nz!<{>bt?)IV7`ddMj<W6tI2
zBeV0!jJ1`euWuu>^Qb-7hgF}a?fVL?ZL0n%ytdCNG8=y5p{vq%7_ZZyUrvP9<u}_`
zQRj%&!SY7P`Gz}qO3f>r$qC+yeS>$XPw;LB-<*CeKjHsh;H}v+`K<VRDnB=}VT}0r
wYX(bXYc5eyTK+CWd%cxA18`=JWbLS<z&F~xThF)W-LDj|lB=u<B8ML2KkHM*1ONa4

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/.terraform.lock.hcl
new file mode 100644
index 000000000..5698484ba
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.16.0"
+  hashes = [
+    "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=",
+    "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443",
+    "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a",
+    "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907",
+    "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a",
+    "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71",
+    "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f",
+    "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773",
+    "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c",
+    "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb",
+    "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf",
+    "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/c.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/c.tf
new file mode 100644
index 000000000..64d2de356
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/c.tf
@@ -0,0 +1,16 @@
+resource "google_app_engine_standard_app_version" "c" {
+  project = "gcp-project-12345"
+  version_id = "v1"
+  service    = "default"
+  runtime    = "nodejs20"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/appengine-static-content/hello-world.zip"
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/config.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/nc.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/nc.tf
new file mode 100644
index 000000000..6bfac07e5
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/nc.tf
@@ -0,0 +1,16 @@
+resource "google_app_engine_standard_app_version" "nc" {
+  project = "gcp-project-12345"
+  version_id = "v1"
+  service    = "default"
+  runtime    = "nodejs20"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/malicious-bucket/exploit.zip"
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/plan.json b/inputs/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..465735a27d1e2dc1297d810b82a1b7c5fc665a6e
GIT binary patch
literal 32706
zcmeHQ-BKGj6xMZT`VN`BE|8Ek?c_On)l9|%CJ?7!dyGTcX7cK7zfa<HSI6>N(yojF
z4TFWu>PR{||2oqC`_DJ?qxr$Sxc_O)rCFGjxiM#EZ6@Z<d_?Wm%<%2pH0B+iYs@Qi
zY)(=Bq}s0S(<`(UD18uKnb&~xa{$iLTm!}&KOfD79mN^G`GVT*{TTdFx1(QSoC`bh
z8<ZDlbB$JR+~GFewuHYxo0XY%`g-rpQl8gkKXm<cgZW+HXJz}5SvBU$j{nMzdV*(`
z_?h6DIsP-V_?TdfYm1!=e6B2h<T-z}jxh_pMtU5&-eBd4H^CX}T!}OE&$UR0w>E!a
z4lTSfXP7=3&g7;unj8!*f%OGAV`lNR!un{aTve_YS89d%AEP86bvfhM^3;j>gc051
zbB5I-=Pk{NM+NC~yal9B=#MKG=D(MUb2Sy{dV|@<aiDIg>!kY-P4ipg%W>-5^6hov
zD5Wp<@dX%PSPZN!X2~^EI|p*n)qOwj&4=th&H;^baS9xd4V(N&xkaiWbkYv#jZ$fX
zdCl?3XB>SkKw%DVmv)AH-j~dRnO$XLp;G!1Ci!HJF*w+9QgB-jY0_~U6l$lL#f(r&
z{tD_o8uK?`FGrcJhCR;gHPkLPCZG*!u6DhK@sRFI*Bj7Yt0^Z|XI|gqu7UJf<7bIy
z-a(q3SURO_b6VuslW)TL)K=u!6Ffx;(baiJ76L62^1zXOk~4MmNf}ChA=Mt4ulQWy
z?+Zv>S<$YAqi2#@{~l!x?1K7X5R|+z<jXpTXKJz~uuBPgSW<!d(@}tvRSibyte6*|
z0->m5^BHv1JUYzZLE2OQu7LS7bMDE%VO-wWwLAx|C^=|p`?^M??9g7W(a*W%f6k$`
z;`61q*ri{9k!w5dakV??X8~$2t8JYn`573Q{?AeL0jB8r2*0#5<-bSpx=!ISy$N_s
zyQGc$zX3$2BW6~+Yi=QboSK*5kzD)1hwnU?nWf)NKXNEl`Lrr?p<P5fh@Ky%RPIdH
zkSVm|>8IV|^Adl%K8B8)T8y?8xo&MG620o7P<`KTf<EZ2Ie+~Qw3CmCJ5VC6+%tSS
zzxWn4YHR1AlXj_dU2o*+6n*<WafN7kP#@9uCMG#=Cm&-X1i}g1%BSHwR15xv8RoBO
z`uJw@Y%UEajW=}byfGZ2-M8<VFv>y;hh8<~nXRnK)en!)rYSAQW2Anpv`_PxDYeT-
zQ|Himsao{8#Z&WeR3oai)6!^ObOUL>MpOkG;nKx5YeaPuJKY%KP@Slu*NCddNMF5V
zM3p;1v{$D1rPq0j=)yV5srdu;&>9i4kLFKE5k^qyRn^F;zfy;2LC08I{wy|Yq`4Y7
z&B0`ioNiJRzj2ZG8aWMPXZyE0GFv03o49Ihyst)11v9a}v^-xUr-F%4S#uvs<v!%a
z`t%yr$SE<B8;8!fU~A-**>7ccz+x=Wel7}ghu=o)3)&oh#w&OA+<G(HvyGC6#@8RM
z+D}AwcRY4z{FOGx!{x8inoiAEZ9uDsl%LvoH05GU{j?*JpESh1WtV&2PmR(>m+al`
z;xk(;F83!^RyK&CFxP;4-+8$KoZ%&A$UUhP%*ZTD#(oLAR2D5UH+J^y{$sr3Ta0mh
zA*-*;60zJ8G2CIZ?3?wzvS3TbY7aB})wd+{8tkfvt&?4?()x^*+R|$Ssmnap@v>Tn
z(e*xJvHQU2_}QvuW37$d85t)#wM<rO*_f)>i;`#R?2r;!s5-_eJxQ*1ZuY5$TOxMq
zVrT6s92xttY*Ts{<7SzT8zZIX+s)e@o>f}Pm)5?mNO@g$EpDD#nPUf(^!F8?xfb~2
zvy#Wm4;`xY#y`<j#%4{^oto~Riv^U1rF5Gu9F3$E$J60yxtz2sBu73U0yELwd2Dw&
za|(NczOBS7av_hGUs}#8>BgpV=jor~kW&WkM3S5`%Y|JgZX2&_y73`*w#q-Z;51I^
zsa;=(ZJvgxdMp&L))HCQs~*!B3Dv6}3u7f!^Mv(S`gzF5;JucT!hKvGwnMf_?tb2<
zygiK51y5}^E9SI-#3v5rzLmP46_SANyRK!DYlW0L%fPWcK2Lq0XBO&y)^^J7`%l02
z=xZ7JUw0SpDePxG?Ae2`9T38M=)31)?e<wxA-r_ItNT`6Y;^yw`&K1yQ4zba?pt+f
zPXAr^t=w&SZKRhwQ0cd!)P1Y=j#y1&x?V23tL|HAT<@yq=8Fs5=VAe+*@<=EO6WtE
zk0BoE=TztJE!BOix^I;euV=<k)ni(2?5bBiwhKf2e=3&7(qlP%aQOKRhqQ0ijnL>-
z<BkNq9A;8oA;!&nmgUq;Uld+E=<d!+7gAqap+^6W1u-q!mcAa=km7b!87<{apS%NB
z!{e!(@owSou7J!z%CPmgZMTv6s`V`u@=g)n`(1BU6G~#4bLy|#-oe;B1=!{7iM{zp
z-W!m|d(tOQQt<X5cbZhzRr25Rc1OnFi;~gijYnEbSt7?&V2?9GfhHv*fy}CN@3!%8
z>@U+}+q0uQ$&+;N6_WRfIGypd-x(m72<r*?Z)!OXv=2$QHS00vjX_&58tS(C_-D4H
zr*Sx7b1!ThxH3wy^!hnT&eM$j?gJS`-kJ|<olh}N5Bj@A!&W736=H7j@3ScdU%K38
zRqE$-U7wOlvDGy!smEbL=&?QDwcmOBk-GiOTb~Wv@2t0<+}a2AyFIqN8K<;L<pxUV
z-ET*W89{8%Y1lrTTvOq3DTn5s3LGgP_GT3sg_N5<S4?iIw3c#LM5TINf~mZ+dR_5&
zi_^`+-qiN6xqTWJ!|c*B(5iPuyr$_uy%JKd-j!ftdzr@r)w>dm##(jqyp+|ua&M=t
z-qkQ!7pJwKgLl>EgN3!KFZ(nnw>P7>=-CZ+EF|{KcOIUaw|FbUOXP;~O^a{LZ}|HS
z-k*1Be!=H!^Q-xNW1ouN8qX_T<BmvqGpB<Y&MI=N%bw+2Pyf@rdxd+2+*y&E3fin2
IV(7d155DI*{r~^~

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/c.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/c.tf
new file mode 100644
index 000000000..2acf651aa
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/c.tf
@@ -0,0 +1,16 @@
+resource "google_app_engine_standard_app_version" "c" {
+  version_id = "v1"
+  project = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs20"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/appengine-static-content/hello-world.zip"
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/config.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/nc.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/nc.tf
new file mode 100644
index 000000000..badb7504f
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/nc.tf
@@ -0,0 +1,16 @@
+resource "google_app_engine_standard_app_version" "nc" {
+  version_id = "v1"
+  project = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs20"
+
+  entrypoint {
+    shell = "bash ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/appengine-static-content/hello-world.zip"
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/plan.json b/inputs/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..eecaf865ae1004ae82dc1ae5a9596ba22781e6a9
GIT binary patch
literal 32778
zcmeHQ+j1f|5Y=<4@(-?gj<MIf*$00|p0eelY<yWZ7%0HbWy`;w<Q&PpGt&%%q|sn7
zDhkBFs3o=fu9oJ%f4`fb%}?g!^;MXAGcybGXs*r549&B-!`0G^@$1wS<`VZ6=7SlS
z3zWa8x+{D40(AvS8-x$$BjEhn0B3F{fHB4E&fMBwT;rD~TrFSwQ15lw`vv+rvps)A
zd5by|)N=i9u2Zc`_%qa5m{FyzFSSw1{km+2uJ0}|zFWK&wjCK&VIFM%A8fCOxMz;n
z5cf>+&)DK)h(4|?c5d;xu=tVt>a#V#DD)iZe(380Gf%t;&Unq4xJLV&i*R@=^Ebv&
z!b>^A@ZNAFkCooUU}z4k&%haDi>C$VM?>YTa=tiI3ygn&l6+L<jDh8;GxHTaTH<qz
z*&^r7%~_2K!pFD-q_1d?GuO<2=ZbSR73k{%qxIuJT~l9^?we?uzY<@LQ>T`1CxN|`
zw%EoKFg~*wSXs=HYeseq<f4bycD|Ua=r(QujdF1W9H)j&{-fL?)et&qhxA6NG{m^3
z_~bo~zGk2>hqrq>Lf&7O%z~M1WnrOG`VuDjWQsmG*nU!QQww3zaT643r?JJ1P)hs^
z>NX1V4`9!ej8?-=GkOiRij5&?gPN<HuWme~+tSwsXs^_iL#s0<ued89eO7qQanB{B
z*_owN$~LD(1~vI6oKI~<jy=O&ln_;&cWNQfA|Vf)+B-Q?N1v3T<QG!ysreJ13w*zY
z)Rh^nS~z+nq1P{7*1$HXSDm25^&wu?IXqL7&4FD?(EXAM)Sr$5oUAI)LubXDfC_}7
z2Id>+s5m&xKSSD6|1N;}YjabRf8Dseuyc6>Tv2k+(yr?ok+NM|nV_8;%l{lhX~oA&
zZ?Q|CfRTyqcUtXE`k8^+`_;D2lKcjYjDBzweSi^KKE<1Mru=&fuj>LH)29ZHX`8f>
z{|i8LI$~_KyXF@1$AviukHp#!b@<MM8C&{Y_anPfRh?F4EVPSg2hsDRl!_h63NnRu
zJpHsKKJW3}wb8ZT)MB))$aO0#k?2)-g<ALhhG>J{n)BD6K|Ar7cm^fX%Du*?^NW|b
zqPBJ(I%$_W*R@8T4$-$SfipzQgZhZJH!;a^JNf7nArMa3RK5@2AzSb#rklT_>EpYJ
zv$-^!Fy7F$<NC0VcHgc?!YB(Z9D3D^XO^-mRzDn`P1Cm=_mTR((mu>%rqu2~nmUEf
z3)P~>7Eg`CQI4q6P79-X(G8^i98nc)G?y-}nIo#}*r~=4yXr&@Jx5eEM%u1(M70e&
z+yBd!HE|TDLo{|ti#np}*1Nu<jT}+c_$se+M76|4^_z>x=ZI<*CqCbG#5PA%*RfXE
zIAD&b3TAwLY`H&2R0R`FWzLD{D<>i@2B_yK+kM1HY<xOCHk>1>%!=!GWy~+4+ICkn
zchosg>kHZ(^-Nf<_PP0H7HAngZ)&;S1KCZac6*$*Yh0E#$J^z#(wYv<V=Z3u3HBv#
zwW!gQi#@f|j!1se5Z9btPI@~vN*!IYb+@|DEHb~GAYWNoAlHRC2wW47%NgJZ?=eEI
zRfS+iM#=hp#e@mFuk2c4E_GJz?qk2{Ek-}SklEK|A2HrOV!Pc&**5B3Wyc<047YAc
z=sDPS-E5s~s}<I!uhf=S3rJn&x2DT>?MBy4vDnnvt-HWz`YhIdW32^pMN(z0_LHsJ
zZ%kF}Mae&Pc1R!DsXE3fEeVy!W~FMleZ)>(?5y0KBYp3dg-Y)tZT4x}7%4s9YCdoG
zY}3AcY3<vJl-Fg|;^uCasrdu%8FrJ%uGcUrewbEr%DmAqe67z%`kh|=*sNi?Q;+jl
zETAwfh1+b+(MVcx+%+DS<4L<ha_8eAFhkw#({{TyN3bX8+e*A57V;rjCDqte>^SSY
zJ7o7keUD=-?0(|5{<@|bA98!H>iZd-6%o3dx30t1cS$&?VRAX^u`qmT`F=RDmoN#f
z$C>q*#t5%d>9O#Al84~E_9cazR;6TinyGw~<ZkDE%EtZJb@1L+vwU_DNPHr%XOXt^
zdRFWX+QYPPcDa`!uV;z&2rJvQM;I(}co`AN>sfuB^3rS{_|Da_Six-;);3%<t!LfX
z$Vj@q1!1!oZl!aDFt2Cv#EO)sujKWtcHYVBStWk*dRB>xrf;-rC4(%lXQepFu$whk
zwccDDHaw=I=Q*!uX^b>q_mR=lw}p|{v%>kKzbu=)p4H4*?$>(0b6(F%c_wg<y|hu@
z=Ko^%LkYxV@#Nn|kHyIL{m*;Yr}eCAght0VxK_Zk8yQc0fDg}enPoRkTaG}}ic1wz
zTV3I+`V$U(YLqqgo~P=Q1bolsq8-kYL3w7ZhR5AH=}zsh&VY<T%4V+Hv<gYTKR?w%
zo<YKM!hL63@ZEKNRNzSYw!8nN7gEOT29&x|ZsYAC@?r0OJZC_2acF+so%ze|M&w>n
znODh+i}SP7+ew0%xc*3ODf{r%1$LSq3N$I(_A>R;V%f6ODw03xo<k(hA8|V4eLrJB
zFwv|h<loRT4YaGE)17r6<NBa27!7sPb^6GUw3LPe*4M()z?EK#rPt0$vd<><$zIZn
zxH<1uJDy_dr|ySXsM2Fy`ptsRssC*@rEXQOH(8bP|E5x}Hth}*LXYLXuicKjo_W5z
zaqB%}yB+oB9bMgIk{|WEClthuIHXo6H&8-vf0~+44}4n=!}k8<plUgCY(AGy&gwdj
z)=$2!MpUxbr7;$EoxLu9eEG@g_xxlx!BsbVRiH?j2HI8jy6h=;KAKiAzp300uPb%V
zqaJNHx{Irwy)KyrUu#e9moj@@?kTs~>k9J&gnp#-)8@zEb+u`XX02M6eVUWY%u^Rt
zd&EkHqt?PcJMqGN#<LsG@x(novGJ4n4c|ZFIeZuReu-Z`o8Q;gujs|`yuJxmSmX(x
j4rcQXcQ?CiS@r?7-_5gHxQ56TPC412++9u#y_o+2%$rDa

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/.terraform.lock.hcl
new file mode 100644
index 000000000..5698484ba
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.16.0"
+  hashes = [
+    "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=",
+    "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443",
+    "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a",
+    "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907",
+    "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a",
+    "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71",
+    "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f",
+    "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773",
+    "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c",
+    "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb",
+    "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf",
+    "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/c.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/c.tf
new file mode 100644
index 000000000..18d2f5637
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/c.tf
@@ -0,0 +1,14 @@
+resource "google_app_engine_standard_app_version" "c" {
+  project        = "gcp-project-12345"
+  version_id     = "v1"
+  service        = "prod-web"
+  runtime        = "nodejs20"
+  instance_class = "F1"
+
+  entrypoint { shell = "node ./app.js" }
+
+
+  deployment {
+    zip { source_url = "https://storage.googleapis.com/appengine-static-content/hello-world.zip" }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/config.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/nc.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/nc.tf
new file mode 100644
index 000000000..f10b3581e
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/nc.tf
@@ -0,0 +1,14 @@
+resource "google_app_engine_standard_app_version" "nc" {
+  project        = "gcp-project-12345"
+  version_id     = "v1"
+  service        = "dev-test"
+  runtime        = "nodejs20"
+  instance_class = "F2"
+
+  entrypoint { shell = "node ./app.js" }
+
+  
+  deployment {
+    zip { source_url = "https://storage.googleapis.com/appengine-static-content/hello-world.zip" }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/plan.json b/inputs/gcp/app_engine/app_engine_standard_app_version/instance_class/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..9e2ebc12504789ef7563e97f7975ee35da417155
GIT binary patch
literal 33486
zcmeHQ+fpMp5Y=<4@(<KJ2g4F}ANYWLL7qZUF7E4HuwBNG%ND<$q>n`JNIe%z8fn(X
zDhlMmqn6a_yIRtJ|9(?HtDn@t+fSwL)IzP)qq<aUHB~R_mY$x}jQ%@Ul{%yMD)m84
z)CrZph`MY2_KNB<ls*U_)UO2RV+)+6dLS5c`ngp%x)+!9pJ#e{dh3JR>$>+V>gPiD
z{E^BVs`Eg#OuyUf*mVJaL3LK@+G^|E8703j%YNwc?TW^CLq99s4v(r*_qzZ0y4O>B
zXGuR(dS_1G%rrix)W@~P&JF!tY5eee?rcqH6mpJaKjd>oGY`Bm&hU(xxTN+m7vb>M
z>TeoD4KL*g!+V2~JX*bp!O)Vhz97z+X*{iHek4@PD&`9_wW9G)s01I`oH5Znb)-I1
zkDlo7jAjd*w^T<C6@-uRi6DKZ_Aqnp{C6xkS5kp|u4uG=94KqbXV85cP2<17m*Ld8
z=G%wBUUFM#<C!qN&=^>2%z|sK^%%fK_iyc-tBdG1t_T|B;x*woHEi%7<QAv~&_O$(
zH%O%^jcZPS@s6Rd1yPv6+npXE-ghN4V`fuXX{eCCfC)aCQy&a$KPlMNLYQ>yf&%R{
z)0kmOiJw8)My38C*vllNm9W!{UP868F(ul7=Bnpw7!S#|<a0%|S8K|t)|n4)xT{F|
ztm$V-@0^h|JJNIt*=DrJ#F1~z`OsG2*duxi62jJbhZ+Jb67ayGeiI`#^a&XXegV}U
zsz2%Piay_v)a4nqEgU(L(C1e#YhV-9i$PH0`VcSc44$FMmV{kM(Cv~6(4U3^jI64t
zhsKIIASz&rny4>CN7c?@{)MDH^zVu=f2pn<`8SNqD?OK2geyo6SlX_xVJVxU6}DQ9
z4!fpNK!0)zmHLgmicnjJxvU~+Gr|lc46s!D3Gw=YE#GH?`JgeA)_wqmE{LD<>T_eO
zej$upf9F|v8Q0YEA^pOV<!=vZ22RK)J8kjF7}J}|iXa*-G}HEj<VSGei8>xI(=L4D
zBh562G(FX!bn9{hkHui^M(dheqPlphU6b5`uK-{0iT>WvXVc2io<mc@egkK(zjN78
zsIGrGr8eLZnwY@LApU(JT7)HiNq>#+{X|c&2uu_J)C;|CS_4;y==9e>dl=RYbRO(`
zU=rgtGT0{yv6)BSgMU)Igab9qCz5pXO~u)D5>6Oz$l7sz*hbrO?2#an11k!iJ7T7_
ztcvx<ch9QHEysPNzOS?o^UBAG*v?7kh1wJQ7PF1RQHk2ZP79-X)(s_U%b4gcP3*Kp
zZJQXf<CH^nqJ&<ewh|+K&n0Txhn>ye70VhpiqjzyyP(Aqwe_)Qo0vlcep{lp%{&m<
z->&BpwQa{tCE~IiVJlJFc6_=2HL<&Ty_~U!_3{^r*<#fYYZ0Md7PnGS-4eA0Hjouk
zqPA&Qg>q+=l&Ecq+Oi}&7?AyxFC(BtZR`2rPr28kbIWlbE4P2%+dVJ0j*R<aE!xfK
z#fqYd(j%L-j?lODuiwiVCmOst7Cbce3v1@b<>w+#Co~_It>bOUzpWgaGS+54?bKY2
z)o!dWW0kv~8o7=v(YnbXfL-gC+vK}eSCNl-`<BTcmzMx8xuX$cJuCz>Jj$GLXTZ*t
zB@E1^&JG?wzMMWA*pDxG_GOtPj+`TYJZzMGqaG{EcmLwVt|cMoVAFHEb+V~eSew35
zn_I0&>LO1!UDoa}x*j9mI|fG6XXED0!ZpxyWZ$NY-{$dfOdfcyEL*ljIe(TTjp^gG
zxw2{{+#K1oUGdnVS+wcnuz;8@YZlQ_J0p2`wrs9=tMr>$gUHgh=CR{vuD;Umf_B{S
z&fqW&v6~in$_Q#0zMAuqem7hmdpJxl%W>|DbrpuCaC@*lKNS`tcGidGsKTn?-2Yez
z>9Sk%Sr2w}Dt4UiE)w43;O^Fpg`FpI>#q^)2$9)6=I)v>Hc{xlWLMKP_hQ7xl6EiN
zQ?!lL2AiIT?xHB#rVYcXv`zSa%w6y@b4lU0bt#^mc59(aa`#)Bkhl3yqw&exe{btq
zeq-LQy$NMSi+QYB+LlSI6_V@xo89!M$J{YdR<xQF?em|0?coE#e#c(ND=S*L&Z}v+
z5A1p9`@An!aG!<MhaY@bR<yb>v>hv2;X4y{!Pm%nZcJIx>Y`}-|6MCuLw6XI6)ogs
zra1Sd%L}$=5ua^qzN~1aIPY<orD$7*#=8oS7d7XYPXWaK_w%50gCs0|E-^;NL|++-
zrBpG-*tL|hqSZH>^><SLl@+b}{PY@2?k88%lohQsrwbQt<5F4s)4urfVG)m1+9upW
z*#$3in^v^!7>%4YtW{w53^JkaDUSsw!19iozW6+Qy7n$28&Y3g<}&xT2A>*rO}X#M
zz7@fDXF9B9+;4%?X(hb0HxSq}z+>RDo$I<hFl3yT8#?$tl?hR=?`$)^hpvz^94>$C
z4nXb&moYm6xh|KRcza5DtGD0pOpsh0ng@5Q{?g}lnAnB8moLsfNxw?Pn2GBT*XA-u
zjwr)U(?f>FB|Mg{+Y0iuShsAn3h%!#cPjB+Dn@6#@B0!M6YY9}zYQ(ZK)V<e4T|f7
zv|xNko_;?Ux15FpnyX=H;Bqh7((C7>T=zb3FXHBWSnYU<!8u`!ul9QvhRu=RoS2&(
z`fNzXk1V^aNco<8W(&aGnKi~(efEBhiwXC>gb*)9VwIo$W}P{)zVTt)al2Xf<Bhwy
zuWj6MckenIgZ|Ae5OE_8sTC?2pq)0~is#b<-<HF$jrj0(WZ*KFbGdK+rccH$<AzJt
zH(k-B;&C#j;>zN2`s2+{JHO`}`WRQkY;}ghWg2J~#p9$bj4<8EGa$?2aY~FdpW~=@
z_dQPJe)?E*5@WvBovg<eK=C-`nIhwPUi<2CHuFx$rTpS?N@;-Slpbf_e70K@uH2VW
ztv>0-L<b*f1&h}ra69LT`a~zCAJdJFxD)hL{Z5}x>7K`r^mIlygnm+gG}bNQ!D46I
p1Ffv_Ewu(_dp@4AQ_(W-0PBAnXX#+=7%SU+@<e^E05J5b{s(Hxjrjlo

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/.terraform.lock.hcl
new file mode 100644
index 000000000..5698484ba
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.16.0"
+  hashes = [
+    "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=",
+    "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443",
+    "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a",
+    "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907",
+    "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a",
+    "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71",
+    "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f",
+    "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773",
+    "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c",
+    "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb",
+    "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf",
+    "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/c.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/c.tf
new file mode 100644
index 000000000..64d2de356
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/c.tf
@@ -0,0 +1,16 @@
+resource "google_app_engine_standard_app_version" "c" {
+  project = "gcp-project-12345"
+  version_id = "v1"
+  service    = "default"
+  runtime    = "nodejs20"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/appengine-static-content/hello-world.zip"
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/config.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/nc.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/nc.tf
new file mode 100644
index 000000000..369322699
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/nc.tf
@@ -0,0 +1,16 @@
+resource "google_app_engine_standard_app_version" "nc" {
+  project = "gcp-project-12345"
+  version_id = "v1"
+  service    = "default"
+  runtime    = "nodejs10"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/appengine-static-content/hello-world.zip"
+    }
+  }
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/plan.json b/inputs/gcp/app_engine/app_engine_standard_app_version/runtime/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..85a4275f5f60526c27d8375e6d558bc49432f7b4
GIT binary patch
literal 32778
zcmeHQ+iv4F5an}${zIVW#<?_Ip!*$tY7iK?ueXkEI8J(5<k#DtLuOXeNR~;8a_oc%
zVn(qzB!_dKq4eLs-^`EZ2XpZHQ<yt5H%s$iF3rk}&9k}1)uWl<zcW*q&$zEJCuU?$
z(f*|RuI$}Q^c5&w5Khd`fb&ZWoQ0VJ#tc8V=ElzA690L^)#K|N>a#9qzr;M}cIFRg
zZ_sCoUT)s)eX4y4e~vy&b6pwhytYcYU$@=R_1y*5cY~j$9Y<DGn0q__dpqkf?pfex
zjC*GIW@7O%#vE4`J2&`TTKvd;_1zj_6?%{KJoI&eohRM|XT0W4Tw;9gML4{b`5S8}
z;iX(*_-we6hstbXFth;H=irQq#nTe|qoHzFxnJC=CDuPeOFpV{#>n#2k@<odJ>qkM
z-6H2L%u$UB!q@l+NMA4>cdniPjuq!>D$v&jR_n)sx~IM--M7&+|4V#1PMul4od(WQ
z#^M-H!1&x^U}Z5&uDP~rAQ#=gj&p7<qQ|%bG|I(m;5apG@*m|EsfN%=JES*Cr7_ku
z!zb@?^fd>CIlSH374rVNWERY9Y6}aM(w8vFCo{~!!S<7a>qZEZj_aUMJ54NRgi_*n
zP>)fVe*k-tWVIT0n$>HlRcwqw8`NCoe)Z!aJ(j*MKzpU899x|^eZ^e?>9fMm0{47|
zG&{0%O4;VL$fzdYg!8Gb$gxMbixQ%$^A0TpS|sFwLwhGz>gba)l>9=fJv4vfbBVui
zAa!L&s}_!4N$B;9mo=~n>P0UoadU{5bq>$eWD8)I5_Gqu0`;e(04J*o%+Oge2cQC>
zsFC>!Ix6-K^Usj>)W1t${?c64<X=B7FYI1k0auh9w6yEGMx<=tQKlH@%JM(gP+IZv
z(p&7(Ctzf1=bcu&lYZu)_F=WHvn0O)BiG+Kiax+KMn1$Z?M(Uh5MI|QJf^c2k7<*%
zk?#vYbUI>UwY%mP^2ez;29Lzr4|Vv?gPB<RZTgXYsj5z^vKHD!w1epRQA)+GWCfW*
zJDz^pBR=o&w;QAHys5=#TaoKlRwB`>?hCc<`;9RMy*1~rKZADSG4Tvaq?LP#Pv;ju
z;)>eZdFZ5F>RdM(c{)Vjz69<NEf4A=+TO$@*X`t^PlP}?VO{$^e1~koADDjril&cm
zCeG&4aKd;)_l}#xF4}$DUJ0Wtv~cKEGoD$>s#yK7e>Tm~a@<Gi`%3#TkC{??_-N`3
zIxkd<ezbUM9FB5Cm3CSf&5Ldz?dOQ9V57Ztam^f2ZDOYyL+q;)HS`=&)fnlz&Joov
z>}>unTh_!;oDR|0B`xNNs*gR}#2lmJIilLc%g2qVp5%zCts2S^RmT;qrpOW1wE3E$
zt1)s!HAhrSot7i2tntVZ)uH9Mj|JKtNpJUx>V0%fmRaI@B`mXjZogRtT1L;?=GX0k
zY$sB?IZoR*E?Xe?_;z)ztZxaeV=Z3m33jD!wW!gQi#>JIj>uoq5OdD1CcT>)rH^ho
zy36jfip;Mj$XDtY@c&qYz?^to%>Y+;hZQnc6@nRACHoH*6DI7Ts%we4)K#_HkNu{v
zqV?ko*?rv(5#t>qw%c!&U8~+!b?nEB;npn)y$74F+pUvLy~4)ymD)0D0jbOS)^ydb
z{pfldvDj^3G<_B8u+^&tYDH32tqxPI>Z+WFs!|nuQR+{f9Wq39>QGgw8txF)sN~M-
z=^VjQzbaIE7ip_c2{B#ODI=KGdfxukrbER<wQnm@Ubj_?o2OZ3<`4YNahgO<y@pBg
z{j`!(MmfXq)!dKtC%uNTS;KUvUgt-#fWoj8ZnL#VBWcC))Oc8pC+!NUosWmW3Uzl*
z+nw6HhCM;wR^k=0koUnVsm7*a*IC!Aa{8ct#xWN5FmYRdT~mz@xieSw^9;_42tCbP
z*I~_560wn_{fqWwJ*M@{rt7}v8?qj2!*D7+7Jg20AH3J0q;OkSN_MB+4p}F;yKPv?
z+ub;I@ZPdnKBovIK9TcTr0tx~iakNQpPu?Q&obnEmS~T#wp)9I!6Jv35s{qF8tN%8
z?e>B1UVRiRxXZ%YgsYs-T8E*W&l>WKfY^(>k<W@b6Oi*+CFkUPR*8$Yzv{8ToX>JK
z9WDZT9`t+~!EQfmu4=u>EJCA0G81WYK1(ps-40RF6J{rd?)19q`q+F&&S%9x@m1Ga
z$L>MSXXSiWOdOw;L^+?;E#aHr=6qHYC(ZwaVkwm#i{XRauY1^~d{#9=qj!zD0zSKu
z@x*)7$MCt#a+;>AMnF91YR07ssjIKhUi}RRK0V5w`pi@HO#;5p<)R(VCxh~tu^Jvv
z>!f>Xe{~0B4brw-k1uQLl<4>8w_3<MNcfy^-`y5`_sx$A9BJS7^q<T^T5X|{zr!)q
zd<I*Ux5uc5z5V{40nNps^>w%AFMAr1XGvvWr7kYc&rYAC670s!M|w*;gs(2J)67ty
zN!xXnX_yhqksakp{iJ&jk-UGz>5TXNjsd|$yPlA5L)$daE~27mGS|2{XbVQ5ZEDj;
zeq_Wn9MH^#rGYE66ict0lbCg(mznxq2{MbgJ@3~$o?_}x-4C%)WyZSo+XbJe{&(4w
zdQ`byXI0Ag>sp;{+8!o^9?Q28Y<J!DNZt0<t<Q{Ych&1pboG--e$?;YP!PA`kY1tO
zKncD1ZE8L<@Eth}+q+YPs^!Q>^SOL#R+~7=UYEv+yAI=mb{MRglQ)3z`P%2bELS~7
zni*=S+3R9t@@?MiCVSD(UKJ?Prh#_Ri+1DY5N|`Leu9SJG7ZmVuS@W`zTGy(WUtHZ
z#cp_At~$}js?`+aYvt;G<jLl9H2U$opXZUiuDE>;=@m*9DZQ?)dA4iSy6n?)FDp-7
zRP6zo42ene-HE5>6W-l;j5qG_jg4pKH~f8u_wb#XU-8NBe{W=G=*97QeN$vu<PDz=
gW_z`fqil{W=YYEJCTB5+$PA}E*`Tb(A%<Se|L~zmi2wiq

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/service/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_standard_app_version/service/.terraform.lock.hcl
new file mode 100644
index 000000000..dc6bd4f38
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/service/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.15.0"
+  hashes = [
+    "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=",
+    "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0",
+    "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501",
+    "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7",
+    "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8",
+    "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984",
+    "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870",
+    "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b",
+    "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc",
+    "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a",
+    "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6",
+    "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/service/c.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/service/c.tf
new file mode 100644
index 000000000..ce7f465ea
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/service/c.tf
@@ -0,0 +1,36 @@
+resource "google_service_account" "custom_service_account" {
+  account_id   = "my-account-c"
+  display_name = "Custom Service Account"
+  project      = "appeng-flex"
+}
+
+resource "google_storage_bucket" "bucket" {
+  name     = "hardhat-standard-static-content"
+  location = "US"
+  project  = "appeng-flex"
+}
+
+resource "google_storage_bucket_object" "object" {
+  name   = "hello-world.zip"
+  bucket = google_storage_bucket.bucket.name
+  source = "./test-fixtures/hello-world.zip"
+}
+
+resource "google_app_engine_standard_app_version" "c" {
+  version_id = "v1"
+  project    = "appeng-flex"
+  service    = "default" 
+  runtime    = "nodejs20"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com{google_storage_bucket.bucket.name}/${google_storage_bucket_object.object.name}"
+    }
+  }
+  
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/service/config.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/service/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/service/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/service/nc.tf b/inputs/gcp/app_engine/app_engine_standard_app_version/service/nc.tf
new file mode 100644
index 000000000..c27293e20
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_standard_app_version/service/nc.tf
@@ -0,0 +1,18 @@
+resource "google_app_engine_standard_app_version" "nc" {
+  project = "gcp-project-12345"
+  version_id = "v1"
+  service    = "unauthorized-app-name"
+  runtime    = "nodejs10"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.object.name}"
+    }
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_standard_app_version/service/plan.json b/inputs/gcp/app_engine/app_engine_standard_app_version/service/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..3bf62f2b351f804f575ab21bed38fefb6d510909
GIT binary patch
literal 64470
zcmeHQOLN=E5ym-H`41|bBl@x4t&~qmZO%DlcQ0|NSe9hVTvMV#QL?=*|MevOq1m1X
z2f#cUASt0-Cd3CCGd(^1?w<es_iOd%>QB|l_FrASuU6H%x~|?<n`&M?RPX5BUA3T3
zZ>qX_O~0$F7uBqKN!P!4_imbBujyWa(goo~^#j5AF#zYbS`v&K`uDE7Y)0{xKDnoN
zciS<zqc)>o(>Pbn$gk;oN%t)2E*^LI9{XOvU(r45>cV=~8)ugCd;i)E-T!q>^Sh*f
z>*hH!tGc>s#(&j}dQQK&rGIn!%?*9CXz($oF>V^{T+-{h!H@jTU9B0-!e1kQ9RB;7
zRvvg0oZ&rI;w?QNYmp9bQ+=U17<ig9Odkzqa&3(!2Sc}n^%d=mMT4g`t&a~CtBUo)
zO08-BGrD3Q**jy_?5Stf2O7~Gy)J0Au=8%KXATvl&+(2ReW2%I<-+^#xwmtDD)8Ue
zG~2ix=-=tT2i=Eg8lM7Ryi;$QeY;E?r92DIxF?LS8Vqb2%wpGEG;_c%y4pVHO?8(2
zjB|npzIZ`6)`pG!2fhWW0d&v~=nY(HPV>5<SNw+QYef{sczfT>5WjahvtXw0S~pO^
zeE}2u<c7w;u;aL3+Y{2bV;dAmr$vJqp_Kd;^q)~ze-P|jmD&2Rb!P8FwXrcL+JNLT
z>s7Xg{Ac;^Yoa|PDd&yMTyAlP@38y8?I1N~4nLEf4(Ws)`qlZCrJK2TUY!%{i|Ql6
z*$^c6o$%dn#52M1mJQ{eR-c-uFNvCG-&fVva{Sq(zW)}b5%fVlD}s_YhJ1d<ya3Yd
zmaq#hdRUwRGL$KR`BhCLWKHITsNfmVBIM4j`kkn=K03@l5XXlMUK8fu(k_5>5FS{z
z)9Yp}&k0xH9?-U3d874|B|Yc7;R%?78GSwn7v1!pFtTjMtt;U{KP#e{VI?kWlfM&2
zF23(5(UMs2KP9P$_5MtBn=9AXTiLK^q`JRDuqR$t&(+|w<+5mKcGrF^rB|0eWiHT%
zp#Q+)182&`lnWg*xo9MnEn9s%t@|EGx_iPfYoz}E@}DrHc|dcAo|8X|4RJ$QA+R#<
z==DAQ&6q01KJ;m5hTs<)f~^D9wOr@)4A`3NZFnGmLp~-RXa_?_=XC_%xubW`J=nj1
zT?c)Gp9XG}qA7e!q%-J7*wwHcfJw}oIeUzMqfeuF9G1^yf1Ffh)|O8vU#mQA(T9_^
zH~hQv#&C!l>)11aj|jRMv;cTx4X?_Ta>u8Q4b8`6xPC0RPqX*IwTJfw-;m5pm7-70
z8=Qxu$sY_oEsf?yHi)I;$2i1Gq@!I<{@`3W0jp}#$Mp5F7-=JWB=&l^{@@Q}>uiXQ
z?#QBhM*mX$!yF+)oD*8mraEozW_^g`pYjPudQP{t9bzZ&QBI!WIQlt6JzHa!z~Y`f
z!#S9oJj3Cg!;yu3d4{iuzugiSbp6Js<Rg1Y`82Nr`845K?0#C4ZOLBFb}#XZBli+x
zeyk0CXuN(4iVq^M<&-`}eCV|Ko-;&pb*64_uy{4yJecl#CJ*v1wYr}mL&c6XOdjNX
zd+hjgXC{k9-(t!0dAhswBr&?;-<>yxL)2`?p2_4vhJ+Y45*VXn@6&^<sbd_vC%JpB
z>7$oSGtu5sBKql1n>@;89%VaY!_@?@DSr*RzWob$j8fM~BvVcIa-Id}>Mkgo5qU%S
z3^@nO?YEcoT==*@Q_LUUFNxumW@B&`Fvft~Rd~Qmoklrqj8(GDBp*W~#~5&-qrGjg
z;_t1Wt!$Z->X$~Zm+a@0>hI3l<*%EaWy5(UZM5+>8YgT+KN|}f{HP{CeyhuGT>66b
zhD_J|vBDm`rtCRbIKqM4C%Ra9O}`G)`TpnP`YmKOVGQSEtUF67MpDZTkCoW+`}ho>
zI2|zd`DylET+G?^(|6@!r>@l4k>#$Lq>tU_Saw!=I<(`L_OFt&;56%r*k5tc$P;Au
zF;6MUD+a&T$+L0wM3#A|;*r`K$wWk5i$+zFn*|Gv1AZ~Y!LWN#vBVXX@P48`f^k)<
zDIoI}8K%gkl$=ILcSx+|_Z3OwP{L2;YI1H*=_!zeb~T;&!=WcgwJO&uvTR2k9_mN)
zGXG<Fu#8o%H9Zl$g7fu}M}AKA2aKmVjfg9}usWK08=eV`5S1D(<dQwX6}?=6##$$E
zs#$x68c3`wqPnPHM7<kl_6xs-)(G87a+yo!1ATc;REs=orl)egu}kx%I}3SwytBU0
zypjJ0y0NR8OK^ZXKj7G<lDhhhwC+?nW@sKzujrpvrKPOC=!)=V<>v$B&ubjb6<pyz
z4X=XEg8eXWsQ$}$K3YmsyL<;vfIPsClUmXey7ILxUpCi7U%!$i_s{Ad^!hJ)&0m#W
zSum%WOtPnLc6EED#$nh%DWfnPM)LW5x+<aB<JI|MwXZTQMqi_N4Dx<x>8vS7$Kd-b
z(pF$=KtqJK0`9CWU1B+YKE1oS1X_B`C&I;fW1V0IM%zr`fyeDLaxI`4=^Vx$O4R@k
z$%Ew1D}5%uhFgZ0<M$`+vp<dN%VY1szAO&dX57n1{6uVXOQ(%eOMt6j!Hw8MbV(Kf
zZ0yyROKEx~{AaP30v#G`{;EAASOVzxgB}6sMWW;HGIRM%5>ChCXez|n<{QR~W8^Zg
zZAdnkt^u9_nu0fQPM*$7%1OlzLLRo*@K|;B8A2-o^_^J1$<4eR$J=Rp!r;k;mkrTf
zLlwN6+|FmEScN5rzHjLIhN})G`;td8<yRCX4|UPWU720o)963BFzpURLRaYY0@{NI
z0(~<U6mj3s?#J`*B5FZ2#uBFa()GuzKx^C^3Etf~?HEljKD>aB(_i53Or{ly2;{D~
zfq85)pldG<VT*LZJPUT)aIGBQjzgUScC+1o3|bOPdVC|iCG_O(C{$croU;}DnpN-|
zyDkm+KiuokwI`7e(q|)-S~u|i?XT}9Dr8doY}SOUL+Y!E%q~MyOi|smWBVsL5{g``
zZfcZ!{HvQ+78kWVi;Tk8WOc)5$XRMUvoz_1T>?K3G}RQ$$SiR`?+oaErn4<Rg$0r`
zCL8up6%4?fcGpktxoLc5ZeG_Ay~p&se8%kySt0*w*DdqP=lk&m_7L4X%VsGfldC;z
zwjJyaV`=+QVD?>+n`TQ*=*8koz;}<cYp1JC^x??=KCGemzw+OwJu{Yb%TqY71RAVX
zH_kHJ2JMLD$U9iS`{o!J)$g)7Yz=kY#O!stYC_|L_Nv=WbJ$vG(HSMDN@$O@3)U_2
zyJyDKL+5nO^x?9dpxZ4II}+NN<jo6a;G4_ulIcU0u8Q0{R{8;(Og+w5a!2CdGhS^o
zY$DyRn0+}GX}$&h8s?#D-h7K(<dT22?F94)zo9<fsE+wWuS}6?atH8^Pq){sMoz=m
z?t19=&mTt9PLuZjJfDirmWHKtEtCBpe&5MF&nYw^$v4l30DlU5**Fu~&j8DXtk(~7
zI6cbtsO8Rcm>TGKd0=~<xD&S93z?-tYK@^QXP|F{pr-N8N!Fy{%jdzie}h-`P`x^7
zT-2ZEBx`((;JuctNvD}(u!)D_!l8JVtWKE9+c<ak-Un|yjE=>REl!5Yt^U~H6e$y`
z#%Yvx2Zkw9X3p|7I12xDoEpv)DFX&1Mw%`keOegCe(#b*{s{Ws+nVHIM9Ln2KjW~r
z(6>_Z{ZrA2OQ?K`nF+P{*C}Q;<jHewF*E(X!hW1fVo;bJ;!rqsE~lTc4|mM?*>L@X
zr`Vdy2d3DXix2;u>+_sqYg|Plp2i%>-0k!5@$bL4wNx2Jsuye*rv91KrDwrC72PgP
z15RD(dYfB3#nw`G>J(e^IfQxdW_3@oHT1Fp7BtR;o-(Elou&LW$(k5!rD91-)};Fm
zr`TF}J;S=fkg+w*oXY-q)AiP37Ym*<g}I_0IX&HZj(xRg-E--OzFTW%YU%q<TknTH
z#o7$bKmJ&o-4}kC&hah|@r*G##<K<kZAh<EJYb?)Px_lmc3*1tme7~L+fQeB)YO2l
zp&zK>bBEPM9rh1Ki7Yy)y!8Eshu#Uk&Ht=bvr*o~piOQIoyt|;16Q6Q>&n91EKzt9
z7uznRHWw6lF*bWV7WbPI8rI!pjl<uz&8^#m7?(BWR$-R(+#fnOs%xbEdX-D5@Lt@L
zboxk~4Ru6)8s(&w357m|3@EJ*|Ioe4I{O2HZCwo2(Vz7-Q>iy>Cx7TZ!*%dC^?>7b
z?r-DJX4klX0R!MjV|420XKD4*McfHAt>2j+F^b_k@*~?rs}n!`Q-0^~yiN-2>C*1J
z52$(__ZeDwhv40AJ*fK{ufzV(76H0N4bf2_c_`fJ(462A>Zh3FXZ3X}zs{|^gFd`+
zup;eKRP;LM9|zArW?NAzp?%88p|<1EiemMYJo&FDlgE;r;&T(ryxVSabsks_y0TZl
z8@`^5V~bHbh0ICYyZ1b4xj4KfNasx_7DSxUu^GA;P9lRefQ*ncxa@w)xlbET=B#P7
ztF7-dcXWv5EJ-7UBtc*2kHzp}PZY=<ajX<f=O`jwP_uwlL*HI=CRy%y**C{J|25&+
z_L~6fOl?b#64|4j|IAzR^=pma^c>3_kK0ev?jN2DF?2SAz<NyH&X~D~lrZ&Sla8@#
zS0Za8RocSGaC|z3rgeVE8p3dr6<rsHIu|G2j!UQ4c0QY9WrTPv;KcBxa2!TBRruSs
z`3@bWaZiIuJLP7dF&lT>{V^Cnf|GJ;jre@fpANM^IOWiXhy94&!0?5j)8#DSvA`MZ
ztER6%pD%%|Pk2Lb>9Z^P3nx)RC+eTg)a_YzlYh12+^k1-@1WiLZ5>r|E5`OQ4s(_c
zN0i|I<N6bve5QSd&h9f<kI*?gXBWEWnK?G}vU3su$wc0mW9aHr;6vP9K>KVQj^=?z
z#yS%RF(&ak=%4)U#+-&e1BbJow9dW>MLV$Wh|Fl5c@v5XFwe`;ne2Yu!a2u1;|BR<
zcF*w8c}}@8HtdKY&a~;P9gWjC<E%SdI_mT|H7CnJuJEdhFCuPCB7tr03s`gdZ=VWM
z4z--8BXa#i^^#soXF9BO!0B-}^dIpuc=m9%N7;zWv;98O?tzyXSyMO<%GIEAS2wi7
zOJTjEbGV@KnKR(>A;O2cAXr*HW^lI+Sqym9!r`tjfoUaA259@#?Q<UBorcDTc!f*P
zx?J*{XjIOeIrQqpVK{I(uN;=cb<u1bEp+{=%|~P3bLM$eMSh`cHO}zd<-K7`G~`|2
zHDyRl=iz&e>~#GHI0?4<4s)l=hfOX-j3>fCc~3KjUh4BC)-d%vBlZf&)8*Q>YGFMD
zBZJR{&;5jbiW$hMtKHb+S=qX#@S`_T9>Q+uG9S6d<zk0Vse(UB>zp?kk6cUre*#CY
zeYJOGGwk!K$tdKyYkT!~yOew7+PAkw8{$2lxA)Ampto=gAM%m4KB3DriZd|bXV5$o
zKp^LhNA8yE5d8oJw$2Cznp}Mg)jri~m?xSiLuMjN6j#Ld?9Pl`d{rQnUS0ZzUghd`
zw&&IL@4In{nPoeKd3)(d{rj~>9@p{Je|qfuvnbgU3r&6(ma6h?>Qx6?*-Z1s;Ol#_
zGv^F?Sdd!hpUIPT_ystUdmfq&Tp6Y4#iEHo-+CaOWJ&s#Xj^>p7G%u{Mb4hlw>WWg
z)^y#|*)w@-E_2AcJD+0Q{J$6rKt|ejja!Aby4D=&&=%2d8=-s--5Pmgl94vv?CoBU
zd{)}H^LBenj5lxWJ5#-tx8L$t+nu%Kq`IfHm2spv+P5v}zD^t^=fI6iQ*Ks_T^~IL
zP9LaeYA!vc;3<{*AoGwz!Ce#}kDwKc&BQzJd6YI4`{Xoik7M!2oZlc^S*}mb=Fh_s
z%Wpeh$oA+>R=-eF-gUD2<MGCx%44zmXHJE{VcYrcSW~@=@hj;5Qp*!@*tqTT{^aQs
zE*9J0m3bE0;O5zn!$K>YY2J*^yqH<r4E@h19}4RalMltGjJEd@d662*@vP~Xvnf(+
z8<}COr6IqU>tXm)`0R{v=k0nH#-jjuuejp<1I3ro!|)HXFE1%$ll^O_R{Ub07@2%6
zvPbM|{yuZP2$QdcvHCcCEiNzdcTSo=Fx6HV+vn0f*Ywf*8Af((M4zWM{b|SUd*Pl8
z;{P6-i(FHb5^~D!EqqGv@~p0WUMiJI$oAaL7Ebe~+T0y~$HfDFrYIC=C|uJ$zce0V
zc=V7raZ<URYsbdU<A@KY=su~G^jM@$dxlJz|7m=g(ms=P9`8#OJ98)<+ObQFaG$<0
zc;s)y7suv(?%Izr%hKxK6h0@iDwW^Kef#r!=;n^3;4BqaF|y&+!AE~{vnSK}W7&x+
zLYZ>y%kqw&SNcp`-cgfx=A3fOxY9Wt+Of+GS8B%BjL1s**WqK0DbX)iKhlqP<&Py#
zVhXnN;x?%~Ql92lL5w4ByKCH2WP{8jfBtrr&v-uM(z^LP9HrcqiqROU8=G_0HO}z<
zaO0K!*qL*o`U{!KTz!tpX=H6Lnw$hw|4S{+o1kvcy)*a;yR=loMY?MrkVEFrfay0p
ze%UE<wRe6FzQdy%9!uT11L0AbIqw%|HlEMCSh?vF!BJrJqTuzcsUyL2`u`Jo?w(V|
z<thDtRsBkT|5&}I*PrP1$Lg=uzv=hx{6Qngv|o~sP0kZwnBj_d_MG9#+<Qjy_uGDr
VtV&c_qT)!p|C$rGFxzj{{{i`PxDfyV

literal 0
HcmV?d00001

diff --git a/policies/gcp/app_engine/app_engine_application/database_type/policy.rego b/policies/gcp/app_engine/app_engine_application/database_type/policy.rego
new file mode 100644
index 000000000..e681966b3
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application/database_type/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_application.database_type
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "App Engine application is utilising a database type that is not allowed",
+      "remedies": ["Use CLOUD_FIRESTORE as the database type for App Engine applications"]
+    },
+    {
+      "condition": "Whitelist approved database type",
+      "attribute_path": ["database_type"],
+      "values": ["CLOUD_FIRESTORE"],
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/policy.rego b/policies/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/policy.rego
new file mode 100644
index 000000000..f694631f9
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_application.split_health_checks
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "App Engine is using legacy health checks",
+      "remedies": ["Set feature_settings.split_health_checks to 'true' to use readiness and liveness checks"]
+    },
+    {
+      "condition": "Ensure that split health checks are enabled",
+      "attribute_path": ["feature_settings", 0, "split_health_checks"],
+      "values": [true],
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_id/policy.rego b/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_id/policy.rego
new file mode 100644
index 000000000..9b0cf9a93
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_id/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_application.oauth2_client_id
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "App Engine IAP is using an unapproved OAuth2 Client ID",
+      "remedies": ["Ensure setting iap.oauth2_client_id to the approved Client ID"]
+    },
+    {
+      "condition": "Whitelist approved OAuth2 Client ID",
+      "attribute_path": ["iap", 0, "oauth2_client_id"],
+      "values": ["12345.apps.googleusercontent.com"],
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/policy.rego b/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/policy.rego
new file mode 100644
index 000000000..126ad8190
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_application.iap.oauth2_client_secret
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "OAuth2 Client Secret is missing/invalid",
+      "remedies": ["Please provide the valid client secret"]
+    },
+    {
+      "condition": "Ensure client secret is not a placeholder",
+      "attribute_path": ["iap", 0, "oauth2_client_secret"],
+      "values": ["password", "12345"], 
+      "policy_type": "blacklist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application/location_id/policy.rego b/policies/gcp/app_engine/app_engine_application/location_id/policy.rego
new file mode 100644
index 000000000..bad4574e3
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application/location_id/policy.rego
@@ -0,0 +1,20 @@
+package terraform.gcp.security.app_engine.app_engine_application.location_id
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application.vars
+
+conditions := [
+    [
+        {"situation_description" : "App Engine application is being deployed within an unapproved region",
+         "remedies":[ "Location should be an approved region, e.g., australia-southeast1"]},
+        {
+            "condition": "Check if location_id is allowed",
+            "attribute_path": ["location_id"],
+            "values" : ["australia-southeast1", "australia-southeast2"],
+            "policy_type" : "whitelist"
+        }
+    ]
+]
+
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application/project/policy.rego b/policies/gcp/app_engine/app_engine_application/project/policy.rego
new file mode 100644
index 000000000..bebe23769
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application/project/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_application.project
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "App Engine application is being deployed to an invalid project",
+      "remedies": ["Set the 'project' attribute to an approved Hardhat Enterprises Project ID"]
+    },
+    {
+      "condition": "Whitelist approved Project IDs",
+      "attribute_path": ["project"],
+      "values": ["gcp-project-12345"], 
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application/serving_status/policy.rego b/policies/gcp/app_engine/app_engine_application/serving_status/policy.rego
new file mode 100644
index 000000000..8b8217c69
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application/serving_status/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_application.serving_status
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "App Engine application is not serving traffic",
+      "remedies": ["Please set serving_status to SERVING for the App Engine application"]
+    },
+    {
+      "condition": "Ensure that application is serving traffic",
+      "attribute_path": ["serving_status"],
+      "values": ["SERVING"],
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application/vars.rego b/policies/gcp/app_engine/app_engine_application/vars.rego
new file mode 100644
index 000000000..77ab28572
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application/vars.rego
@@ -0,0 +1,8 @@
+package terraform.gcp.security.app_engine.app_engine_application.vars
+
+
+variables := {
+    "friendly_resource_name": "App Engine Application", # eg., "GCS Bucket",
+    "resource_type":  "google_app_engine_application", # eg., "google_storage_bucket"
+    "resource_value_name" : "name" # eg., "name"
+}
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/policy.rego b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/policy.rego
new file mode 100644
index 000000000..20ced94d0
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.dispatch_rules.dispatch_rules_domain
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "Dispatch rule uses an unapproved domain",
+      "remedies": ["Set the domain to 'hardhat.pythonanywhere.com' or a '*.hardhatenterprises.com' subdomain"]
+    },
+    {
+      "condition": "Check dispatch_rules.domain",
+      "attribute_path": ["dispatch_rules", 0, "domain"], 
+      "values": ["hardhat.pythonanywhere.com", "*.hardhatenterprises.com"], 
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/policy.rego b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/policy.rego
new file mode 100644
index 000000000..175652c64
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.dispatch_rules.dispatch_rules_path
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "A dispatch rule path is invalid",
+      "remedies": ["Ensure that the path begins with a forward slash (e.g., '/', '/*', '/api/*')"]
+    },
+    {
+      "condition": "Check dispatch_rules.path starts with slash",
+      "attribute_path": ["dispatch_rules", 0, "path"], 
+      "values": ["*/*", [ ["/"], [] ] ], 
+      "policy_type": "pattern whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/policy.rego b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/policy.rego
new file mode 100644
index 000000000..0b3be7918
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.dispatch_rules.dispatch_rules_service
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "Dispatch rule routes traffic to an unapproved service",
+      "remedies": ["Set dispatch_rules.service to an approved service (e.g. 'default' or 'admin')"]
+    },
+    {
+      "condition": "Check that dispatch_rules.service is whitelisted",
+      "attribute_path": ["dispatch_rules", 0, "service"], 
+      "values": ["default", "admin", "api-gateway"], 
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/vars.rego b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/vars.rego
new file mode 100644
index 000000000..e9448eed0
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/vars.rego
@@ -0,0 +1,8 @@
+package terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.vars
+
+
+variables := {
+    "friendly_resource_name": "App Engine Application URL dispatch Rules", # eg., "GCS Bucket",
+    "resource_type":  "google_app_engine_application_url_dispatch_rules", # eg., "google_storage_bucket"
+    "resource_value_name" : "name" # eg., "name"
+}
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_domain_mapping/domain_name/policy.rego b/policies/gcp/app_engine/app_engine_domain_mapping/domain_name/policy.rego
new file mode 100644
index 000000000..7bd187b18
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_domain_mapping/domain_name/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_domain_mapping.domain_name
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_domain_mapping.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "Domain mapping is utilising an unapproved domain name",
+      "remedies": ["Use an approved domain: 'hardhat.pythonanywhere.com' or 'hardhatenterprises.com'"]
+    },
+    {
+      "condition": "Check domain_name against whitelist",
+      "attribute_path": ["domain_name"],
+      "values": ["hardhat.pythonanywhere.com", "hardhatenterprises.com"],
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_domain_mapping/override_strategy/policy.rego b/policies/gcp/app_engine/app_engine_domain_mapping/override_strategy/policy.rego
new file mode 100644
index 000000000..457df053b
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_domain_mapping/override_strategy/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_domain_mapping.override_strategy
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_domain_mapping.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "override_strategy is invalid",
+      "remedies": ["Ensure that override_strategy is set to 'STRICT'"]
+    },
+    {
+      "condition": "Check that override_strategy is valid",
+      "attribute_path": ["override_strategy"],
+      "values": ["STRICT"],
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego b/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego
new file mode 100644
index 000000000..eb046e273
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_domain_mapping.ssl_management_type
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_domain_mapping.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "SSL management type is invalid",
+      "remedies": ["Set ssl_management_type to 'AUTOMATIC'"]
+    },
+    {
+      "condition": "Check ssl_management_type is valid",
+      "attribute_path": ["ssl_settings", 0, "ssl_management_type"],
+      "values": ["AUTOMATIC"],
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_domain_mapping/vars.rego b/policies/gcp/app_engine/app_engine_domain_mapping/vars.rego
new file mode 100644
index 000000000..4014c7113
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_domain_mapping/vars.rego
@@ -0,0 +1,8 @@
+package terraform.gcp.security.app_engine.app_engine_domain_mapping.vars
+
+
+variables := {
+    "friendly_resource_name": "App Engine Domain Mapping", # eg., "GCS Bucket",
+    "resource_type":  "google_app_engine_domain_mapping", # eg., "google_storage_bucket"
+    "resource_value_name" : "name" # eg., "name"
+}
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_firewall_rule/action/policy.rego b/policies/gcp/app_engine/app_engine_firewall_rule/action/policy.rego
new file mode 100644
index 000000000..eb9d45e38
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_firewall_rule/action/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_firewall_rule.action
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_firewall_rule.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "Firewall rule action is not compliant",
+      "remedies": ["Set action to 'ALLOW' for this firewall rule"]
+    },
+    {
+      "condition": "Check firewall action is 'ALLOW'",
+      "attribute_path": ["action"],
+      "values": ["ALLOW"],
+      "policy_type": "whitelist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_firewall_rule/priority/policy.rego b/policies/gcp/app_engine/app_engine_firewall_rule/priority/policy.rego
new file mode 100644
index 000000000..6ff2ae808
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_firewall_rule/priority/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_firewall_rule.priority
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_firewall_rule.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "Firewall rule priority is not within approved range",
+      "remedies": ["Set the priority to a value between 1 and 2,147,483,646"]
+    },
+    {
+      "condition": "Check firewall rule priority is within approved range",
+      "attribute_path": ["priority"],
+      "values": [1, 2147483646],
+      "policy_type": "range"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_firewall_rule/source_range/policy.rego b/policies/gcp/app_engine/app_engine_firewall_rule/source_range/policy.rego
new file mode 100644
index 000000000..2d1f331c3
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_firewall_rule/source_range/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_firewall_rule.source_range
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_firewall_rule.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "Firewall rule allows traffic from all sources (*)",
+      "remedies": ["Replace '*' with a specific CIDR range (such as '192.168.1.0/24' or '1.2.3.4/32')"]
+    },
+    {
+      "condition": "Block wildcard source ranges",
+      "attribute_path": ["source_range"],
+      "values": ["*"],
+      "policy_type": "blacklist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_firewall_rule/vars.rego b/policies/gcp/app_engine/app_engine_firewall_rule/vars.rego
new file mode 100644
index 000000000..dc6452865
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_firewall_rule/vars.rego
@@ -0,0 +1,8 @@
+package terraform.gcp.security.app_engine.app_engine_firewall_rule.vars
+
+
+variables := {
+    "friendly_resource_name": "App Engine Firewall Rule", # eg., "GCS Bucket",
+    "resource_type":  "google_app_engine_firewall_rule", # eg., "google_storage_bucket"
+    "resource_value_name" : "name" # eg., "name"
+}
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/policy.rego
new file mode 100644
index 000000000..2dbaebd27
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.automatic_scaling.cpu_utilization.target_utilization
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine CPU target utilization is not within the approved range",
+            "remedies": ["Set 'automatic_scaling.cpu_utilization.target_utilization' to a value between 0.5 and 0.8"]
+        },
+        {
+            "condition": "Check CPU target utilization is within the approved range",
+            "attribute_path": ["automatic_scaling", 0, "cpu_utilization", 0, "target_utilization"],
+            "values": [0.5, 0.8],
+            "policy_type": "range"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/policy.rego
new file mode 100644
index 000000000..5f5a3f616
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.deployment.zip.source_url
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine application code is being deployed from an unauthorized source URL",
+            "remedies": ["Set 'deployment.zip.source_url' to an authorized GCS URL"]
+        },
+        {
+            "condition": "Match against exact approved deployment URLs",
+            "attribute_path": ["deployment", 0, "zip", 0, "source_url"],
+            "values": ["https://storage.googleapis.com/hardhat-bucket/hello-world.zip"],
+            "policy_type": "whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/policy.rego
new file mode 100644
index 000000000..eaca84945
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.entrypoint.shell
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine entrypoint contains unauthorized/insecure commands",
+            "remedies": ["Please remove 'sudo', 'curl', or 'wget' from the entrypoint.shell command"]
+        },
+        {
+            "condition": "Blacklist insecure shell commands",
+            "attribute_path": ["entrypoint", 0, "shell"],
+            "values": ["*/*", [ ["sudo node .", "curl .", "wget .", "sudo", "curl", "wget"], [] ]], 
+            "policy_type": "pattern blacklist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/policy.rego
new file mode 100644
index 000000000..d5ef6b846
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.liveness_check.path
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine liveness check is pointing to an unapproved path",
+            "remedies": ["set liveness_check.path to an approved endpoint (e.g. '/', '/healthz')"]
+        },
+        {
+            "condition": "Whitelist approved liveness paths",
+            "attribute_path": ["liveness_check", 0, "path"],
+            "values": ["/", "/healthz"],
+            "policy_type": "whitelist"
+        }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/policy.rego
new file mode 100644
index 000000000..4d43bc702
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.liveness_check.timeout
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine liveness check timeout is set to an unapproved duration",
+            "remedies": ["set 'liveness_check.timeout' to an approved duration (within 1s to 10s')"]
+        },
+        {
+            "condition": "Whitelist approved timeout durations",
+            "attribute_path": ["liveness_check", 0, "timeout"],
+            "values": ["1s", "2s", "3s", "4s", "5s", "6s", "7s", "8s", "9s", "10s", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10"],
+            "policy_type": "whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/policy.rego
new file mode 100644
index 000000000..d7ad26a23
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.readiness_check.path
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+conditions := [
+    [
+        {
+        "situation_description": "App Engine readiness check is pointing to a path that is unapproved",
+        "remedies": ["Set 'readiness_check.path' to an approved endpoint (e.g. '/', '/health')"]
+        },
+        {
+        "condition": "Ensure readiness check path is allowed",
+        "attribute_path": ["readiness_check", 0, "path"],
+        "values": ["/", "/health"],
+        "policy_type": "whitelist"
+        }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/policy.rego
new file mode 100644
index 000000000..2af12e834
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.readiness_check.timeout
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine readiness check timeout is set to an unapproved duration",
+            "remedies": ["Have 'readiness_check.timeout' set to an approved duration (within 1s to 10s)"]
+        },
+        {
+            "condition": "Ensure readiness timeout is within 1-10s",
+            "attribute_path": ["readiness_check", 0, "timeout"],
+            "values": ["1s", "2s", "3s", "4s", "5s", "6s", "7s", "8s", "9s", "10s", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10"],
+            "policy_type": "whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/runtime/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/runtime/policy.rego
new file mode 100644
index 000000000..2242c2fc1
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/runtime/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.runtime
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine Flexible is using an unapproved/deprecated runtime",
+            "remedies": ["Set 'runtime' to an approved value (e.g., 'nodejs', 'python', 'java')"]
+        },
+        {
+            "condition": "Whitelist approved Flexible runtimes",
+            "attribute_path": ["runtime"],
+            "values": ["nodejs", "python", "java", "custom"],
+            "policy_type": "whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/service/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/service/policy.rego
new file mode 100644
index 000000000..7355edf4b
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/service/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.service
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine service name does not meet naming standards",
+            "remedies": ["Rename the service to 'default' or use the 'hh-' prefix (e.g.'hh-frontend')"]
+        },
+        {
+            "condition": "Service name must be 'default' or start with 'hh-'",
+            "attribute_path": ["service"],
+            "values": ["*", [["default", "hh-*"]]], 
+            "policy_type": "pattern whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/vars.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/vars.rego
new file mode 100644
index 000000000..67a707cae
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/vars.rego
@@ -0,0 +1,8 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+
+variables := {
+    "friendly_resource_name": "App Engine Flexible App Version", # eg., "GCS Bucket",
+    "resource_type":  "google_app_engine_flexible_app_version", # eg., "google_storage_bucket"
+    "resource_value_name" : "name" # eg., "name"
+}
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/policy.rego b/policies/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/policy.rego
new file mode 100644
index 000000000..286a3a227
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_service_network_settings.ingress_traffic_allowed
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_service_network_settings.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine service ingress is too permissive or unspecified",
+            "remedies": ["Set ingress_traffic_allowed to 'INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY'"]
+        },
+        {
+            "condition": "Enforce internal-only ingress",
+            "attribute_path": ["network_settings", 0, "ingress_traffic_allowed"],
+            "values": ["INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY"],
+            "policy_type": "whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_service_network_settings/service/policy.rego b/policies/gcp/app_engine/app_engine_service_network_settings/service/policy.rego
new file mode 100644
index 000000000..0064dcc65
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_service_network_settings/service/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_service_network_settings.service
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_service_network_settings.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine service name does not follow the required naming convention",
+            "remedies": ["Ensure to set the service name to an approved value, such as 'app-internal-service'"]
+        },
+        {
+            "condition": "Check service naming against whitelist",
+            "attribute_path": ["service"],
+            "values": ["app-internal-service"], 
+            "policy_type": "whitelist" 
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_service_network_settings/vars.rego b/policies/gcp/app_engine/app_engine_service_network_settings/vars.rego
new file mode 100644
index 000000000..11d377fcf
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_service_network_settings/vars.rego
@@ -0,0 +1,8 @@
+package terraform.gcp.security.app_engine.app_engine_service_network_settings.vars
+
+
+variables := {
+    "friendly_resource_name": "App Engine Service Network Settings", # eg., "GCS Bucket",
+    "resource_type":  "google_app_engine_service_network_settings", # eg., "google_storage_bucket"
+    "resource_value_name" : "name" # eg., "name"
+}
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/policy.rego b/policies/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/policy.rego
new file mode 100644
index 000000000..888c82303
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_service_split_traffic.migrate_traffic
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_service_split_traffic.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "Traffic is being migrated immediately, bypassing the split configuration",
+            "remedies": ["Have migrate_traffic set to 'false' to respect the defined version allocations"]
+        },
+        {
+            "condition": "ensure traffic split is respected",
+            "attribute_path": ["migrate_traffic"],
+            "values": [false],
+            "policy_type": "whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_service_split_traffic/service/policy.rego b/policies/gcp/app_engine/app_engine_service_split_traffic/service/policy.rego
new file mode 100644
index 000000000..1e021febd
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_service_split_traffic/service/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_service_split_traffic.service
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_service_split_traffic.vars
+
+conditions := [
+  [
+        {
+            "situation_description": "Traffic splitting is applied to an unapproved service",
+            "remedies": ["Set the service name to an approved value such as 'hardhat-main-api'"]
+        },
+        {
+            "condition": "Check service against approved whitelist",
+            "attribute_path": ["service"],
+            "values": ["hardhat-main-api"],
+            "policy_type": "whitelist" 
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_service_split_traffic/split/allocations/policy.rego b/policies/gcp/app_engine/app_engine_service_split_traffic/split/allocations/policy.rego
new file mode 100644
index 000000000..95fae5c20
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_service_split_traffic/split/allocations/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_service_split_traffic.allocations
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_service_split_traffic.vars
+
+conditions := [
+   [
+        {
+            "situation_description": "Version 'v1' is receiving an unapproved amount of traffic",
+            "remedies": ["ensure 'v1' allocation is set to a standard split (e.g. 0.5 or 0.8)"]
+        },
+        {
+            "condition": "Check v1 traffic allocation",
+            "attribute_path": ["split", 0, "allocations", "v1"],
+            "values": [0.01, 0.99], 
+            "policy_type": "range"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/policy.rego b/policies/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/policy.rego
new file mode 100644
index 000000000..b552a03df
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_service_split_traffic.shard_by
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_service_split_traffic.vars
+
+conditions := [
+   [
+        {
+            "situation_description": "Traffic sharding mechanism is unstable/unspecified",
+            "remedies": ["Need to set split.shard_by to 'IP' or 'COOKIE' to ensure stable session routing"]
+        },
+        {
+            "condition": "Whitelist stable sharding mechanisms",
+            "attribute_path": ["split", 0, "shard_by"],
+            "values": ["IP", "COOKIE"],
+            "policy_type": "whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_service_split_traffic/vars.rego b/policies/gcp/app_engine/app_engine_service_split_traffic/vars.rego
new file mode 100644
index 000000000..440a51f64
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_service_split_traffic/vars.rego
@@ -0,0 +1,8 @@
+package terraform.gcp.security.app_engine.app_engine_service_split_traffic.vars
+
+
+variables := {
+    "friendly_resource_name": "App Engine Service Split Traffic", # eg., "GCS Bucket",
+    "resource_type":  "google_app_engine_service_split_traffic", # eg., "google_storage_bucket"
+    "resource_value_name" : "name" # eg., "name"
+}
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/policy.rego b/policies/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/policy.rego
new file mode 100644
index 000000000..0d93daaa4
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_standard_app_version.deployment.zip.source_url
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine Standard application code is being deployed via an unauthorized source URL",
+            "remedies": ["Ensure to set 'deployment.zip.source_url' to the authorized GCS URL"]
+        },
+        {
+            "condition": "Match against exact approved deployment URLs",
+            "attribute_path": ["deployment", 0, "zip", 0, "source_url"],
+            "values": ["https://storage.googleapis.com/appengine-static-content/hello-world.zip"],
+            "policy_type": "whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/policy.rego b/policies/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/policy.rego
new file mode 100644
index 000000000..68f66b10d
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_standard_app_version.entrypoint.shell
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "The App Engine Standard entrypoint is using an unapproved runtime/file structure",
+            "remedies": ["Follow the format 'node ./app.js' or 'python ./main.py'"]
+        },
+        {
+            "condition": "Whitelist approved shell execution patterns",
+            "attribute_path": ["entrypoint", 0, "shell"],
+            "values": ["*/*", [ ["node .", "python ."], ["app.js", "server.js", "main.py"] ]],
+            "policy_type": "pattern whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/instance_class/policy.rego b/policies/gcp/app_engine/app_engine_standard_app_version/instance_class/policy.rego
new file mode 100644
index 000000000..af067461e
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/instance_class/policy.rego
@@ -0,0 +1,36 @@
+package terraform.gcp.security.app_engine.app_engine_standard_app_version.instance_class
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
+
+conditions := [
+    # scenario 1:
+    [
+        {
+            "situation_description": "The App Engine service name is not approved.",
+            "remedies": ["Set 'service' to 'prod-web'."]
+        },
+        {
+            "condition": "Whitelist service names",
+            "attribute_path": ["service"],
+            "values": ["prod-web"],
+            "policy_type": "whitelist"
+        }
+    ],
+    # scenario 2
+    [
+        {
+            "situation_description": "The Instance Class is not approved.",
+            "remedies": ["Set 'instance_class' to 'F1'."]
+        },
+        {
+            "condition": "Whitelist instance classes",
+            "attribute_path": ["instance_class"],
+            "values": ["F1"],
+            "policy_type": "whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/runtime/policy.rego b/policies/gcp/app_engine/app_engine_standard_app_version/runtime/policy.rego
new file mode 100644
index 000000000..706a258b8
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/runtime/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_standard_app_version.runtime
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine Standard runtime is using an unapproved/deprecated language version",
+            "remedies": ["set the 'runtime' attribute to an approved version  (e.g. 'nodejs20', 'python311' or 'java17')"]
+        },
+        {
+            "condition": "Whitelist approved Standard runtimes",
+            "attribute_path": ["runtime"],
+            "values": ["nodejs20", "python311", "java17"],
+            "policy_type": "whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/service/policy.rego b/policies/gcp/app_engine/app_engine_standard_app_version/service/policy.rego
new file mode 100644
index 000000000..cabb6afd0
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/service/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_standard_app_version.service
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
+
+conditions := [
+    [
+        {
+            "situation_description": "App Engine Standard service name does not follow the naming standards required",
+            "remedies": ["Rename the service to 'default' or a name starting with 'hh-' (e.g., 'hh-frontend')"]
+        },
+        {
+            "condition": "Check if service name is 'default' or prefixed with 'hh-'",
+            "attribute_path": ["service"],
+            "values": ["*", [["default", "hh-*"]]],
+            "policy_type": "pattern whitelist"
+        }
+    ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/vars.rego b/policies/gcp/app_engine/app_engine_standard_app_version/vars.rego
new file mode 100644
index 000000000..8c51b8cb1
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/vars.rego
@@ -0,0 +1,8 @@
+package terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
+
+
+variables := {
+    "friendly_resource_name": "App Engine Standard App Version", # eg., "GCS Bucket",
+    "resource_type":  "google_app_engine_standard_app_version", # eg., "google_storage_bucket"
+    "resource_value_name" : "name" # eg., "name"
+}
\ No newline at end of file

From 822379ba2e5cea62cacda9755f6e6b5b9085174b Mon Sep 17 00:00:00 2001
From: sidd <schaudhuri@deakin.edu.au>
Date: Mon, 2 Feb 2026 15:56:04 +1100
Subject: [PATCH 2/4] update

---
 .../database_type/plan.json                   | Bin 13790 -> 6388 bytes
 .../ssl_policy/.terraform.lock.hcl            |  21 +++++++++++
 .../app_engine_application/ssl_policy/c.tf    |   6 ++++
 .../ssl_policy}/config.tf                     |   0
 .../app_engine_application/ssl_policy/nc.tf   |   6 ++++
 .../ssl_policy/plan.json                      | Bin 0 -> 6286 bytes
 .../ssl_management_type/.terraform.lock.hcl   |   0
 .../ssl_management_type/c.tf                  |   0
 .../ssl_management_type/config.tf             |  11 ++++++
 .../ssl_management_type/nc.tf                 |   0
 .../ssl_management_type/plan.json             | Bin
 .../failure_threshold/.terraform.lock.hcl     |  21 +++++++++++
 .../liveness_check/failure_threshold/c.tf     |  33 ++++++++++++++++++
 .../failure_threshold/config.tf               |  11 ++++++
 .../liveness_check/failure_threshold/nc.tf    |  33 ++++++++++++++++++
 .../failure_threshold/plan.json               | Bin 0 -> 23064 bytes
 .../failure_threshold/.terraform.lock.hcl     |  21 +++++++++++
 .../readiness_check/failure_threshold/c.tf    |  33 ++++++++++++++++++
 .../failure_threshold/config.tf               |  11 ++++++
 .../readiness_check/failure_threshold/nc.tf   |  33 ++++++++++++++++++
 .../failure_threshold/plan.json               | Bin 0 -> 23064 bytes
 .../location_id/policy.rego                   |   1 +
 .../ssl_policy/policy.rego                    |  22 ++++++++++++
 .../ssl_management_type/policy.rego           |   2 +-
 .../failure_threshold/policy.rego             |  24 +++++++++++++
 .../failure_threshold/policy.rego             |  24 +++++++++++++
 26 files changed, 312 insertions(+), 1 deletion(-)
 create mode 100644 inputs/gcp/app_engine/app_engine_application/ssl_policy/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_application/ssl_policy/c.tf
 rename inputs/gcp/app_engine/{app_engine_domain_mapping/ssl_management_type => app_engine_application/ssl_policy}/config.tf (100%)
 create mode 100644 inputs/gcp/app_engine/app_engine_application/ssl_policy/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_application/ssl_policy/plan.json
 rename inputs/gcp/app_engine/app_engine_domain_mapping/{ => ssl_settings}/ssl_management_type/.terraform.lock.hcl (100%)
 rename inputs/gcp/app_engine/app_engine_domain_mapping/{ => ssl_settings}/ssl_management_type/c.tf (100%)
 create mode 100644 inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/config.tf
 rename inputs/gcp/app_engine/app_engine_domain_mapping/{ => ssl_settings}/ssl_management_type/nc.tf (100%)
 rename inputs/gcp/app_engine/app_engine_domain_mapping/{ => ssl_settings}/ssl_management_type/plan.json (100%)
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/plan.json
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/.terraform.lock.hcl
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/c.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/config.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/nc.tf
 create mode 100644 inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/plan.json
 create mode 100644 policies/gcp/app_engine/app_engine_application/ssl_policy/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/policy.rego
 create mode 100644 policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/policy.rego

diff --git a/inputs/gcp/app_engine/app_engine_application/database_type/plan.json b/inputs/gcp/app_engine/app_engine_application/database_type/plan.json
index 6c87811cbc17ccac8f19f2fb1b5770904cdf4727..a4e352ff33f47c4a73704a15f472faee1214de04 100644
GIT binary patch
literal 6388
zcmeHM+inv<4D~Y-Kapn|l5&&sR$7oM6@j2UK!sLmHkYNF&1yFZRH(mRILFR(C-)S!
zB_vU`Np|e<*dBX)#{GT$OG?s`o@COMy7VQGp)~Q9ON7w`)Eb_ulw}{^Pw@1Wo`KuV
zn?I*2&oJ}FXl5!gW+nJ*N~kN<F*3kg4vv~omkg`+RF5vcLr`PT3o3bg7|o<{Gw)1i
z*1;WOoE#>vByE+}Rv7`-PVpCjBLO8+J=|!F_lA1F>@MTY>@_`1hmv|J0bd(Z!VyPb
zE+N-({Qa7?9;J70q&Y28^~?}jhM;AzVw{h5)21B0%b-tr#y*un@5xi?V1*o?w3s`e
zV$9dt^vFT&Kq}*6)(%%R8it@w?qP_rKAv+tIV1#l^F4GZC-PoC%MmDV<ybz-8~G%s
z7~?NnJ%(ofegtZ{MdJWc_dw-7(pqX@v&>81L1}<u+->|$!Oys*clPkcC@Z)usw4F}
zW2+B7&P_D>V!2XFX-NV~1bU=dLa$6)-vS@)XN=Nz&g<(OMx9AMlW!_B0%xjgxe?Ba
zF)PFxIcSu`eF!jK<N~>`R4?YtT}OU`70sXjHueiWHZ}T><N$Gh;6;BRhsc9>@<A!b
z@*4SZg6CAejP_)g8LMQ5%MVtR@tP56KCuq*40ri>A9=JMS>&{M_#EQ7<^1d_cpcv7
z`AKZyd|$#CcZp{mtEiog=lE?1!z!ygjd@xVdl(LJayPT)6m|wU{S&#s(~}?gbap#T
zLtMZy)<YsH^Ac+rYe$G#tmDKylU&3A#1sMQ^#D6@f!|g;eOcsaK>}+KQQ~cQJ6M60
z*GDYA>{TkJ&(DfZ1hmMiqO$rkXL)I!R;=3@Dm;DG#%i>{>bk|PFPDguRXc^Hh9obi
z{JdIacTx>=_&H!mVjO{RFS#o*)^~gEGGiXUA^wNMD7550PS*k*Y%fY#*AsR#aLw-Y
zb@vr_DzU2UPG5Kb`#(-!LsP8s32H@z{bMC!B`Z2SJfElWp+ASVl54zAU}Js-o#bG|
zv=lY4K8|zVZO_8)!@CYrX~N6%@xQ;nf#N<xEwlEpDL*wrth?spcSglx^i2+1%P<tX
zHh%Afu~ovocX3z95YhbG?`o^e?j4!z$-a<9_j1jbcbHskF7K&rGg?~Tc)Ts1*_K!>
zx-6_F>{?rfcX3u&R_{v%|2cSxt}DO!Sw%0aivJ1J<hi`UX9d)+;I<npJM=NS#q1ut
j&cBa77$cNUnsp1t@4URTvAfIKVmIRAesm>|<&pdWw?21Y

literal 13790
zcmeHO+in{-5S`}&{fC0jjbo<?3gj)976_0aMVmadfw535%T^;x!b)x%6#n(3=a3pK
zNv~EUwYJk>Ay_n5<Zw9m8FD{=`d7Y{Z{)kp$H+t$Qp<&mWG$8aC8y}EWQwPAG4dGW
zj2y{<JV5(>G<R)B*O;qNx*#0M4}kNi1<q1tfHBACRK^yI5uRM4x7y$kV%=b01J8xU
z`~vM5b7q+3@NS>u&n5f?=G1cHt@SS0rH+r=Zs_r7gZ+*1sqH$tD<fwX|1*nqg)vKf
zDvX)qm#L+PKAoX|f)VQtZw}ClITEiL_YL?=Dk+87C*4O_jg-%ax0a8<xPe!`pZv9n
z_l3812|bqJ$O2M7wN$A=`xq)YMqaEy`5L=DKuaC*rT)P3<i4B(qZPi%DQeYH?gt#s
z-{T69&aoc()UI2Hkyge$kNXC@P1CM;X52TR8Rc;#@A0<+mKA!TJUo+^@><@?bNu$R
zypUhzC;3g@;2HnRrH5i*pf8I+8!F2|wO5zG<{o~h9+7L@Z~0nIM*ak}6F}27&d^(8
z6-onT;~sjHrDj}cEfx1&tpTj5m1|n2HDJ3H=hn8(l5CT%ag{9_<l-D_PAwMn29&zK
z<YfYQlo(oELgs2~yAti4?)04;XX35<HNcxT)KP37IK*%U499@D0z_g>O|0<T_c2_<
z_os@<w)QG%bSmHO-UrP=m0ZpGy1h^tMFu~_NHb5KRmXDu&~teL5A?+ILzO&(M|vf{
z*k4}AQ+TSE_<JM2XG?d3)!?I)7F}(sty37rdX2$H8S6#w(nodqy>_n{dcT<S#zqBx
zMpjv$%M6A2NfRHmt=w%p?k4}**V8c;4CCpW%dgC}%xAY}H=CIEOUa*1ATKTo?3Rnh
zs*EsKbL(zN(>Za=)fv|^R%AxpCZ+M5)JWGL$2#3qSv1?$j36z~pax7VX7wgMPNR%s
zoa<%x&-QL3%Toz%vNl)o>N~sZBdd$;rE(^2eNI>K5_9>0zlHpb?;M>_xP<5GQmm3V
z2+XQkpG%WH9};s~=22r{#Ht3XT>HUft%WtM3OaHL9sGd*HBT?alkg_Mj=3J|qBjTm
z9N4pd5Z0Ya@lMOIOQBOMSR?C?cYeNJiq-y7*$?em&8TfHk?{(v8?247+M)iWbcZWI
zV5GN%thhSx$31l>wZ5Skr}(mT`{esFR|N{=d1nu(e>3bn)yjl+?|LPx%=V>eRDP{#
z-&$4w@qZYdtIgK7{nu?g?~X0VslHD`QtB@M?|3|IhhJ7DX^6;Gf3CN_y(+U!dFL-T
zTlX5G^^n8cEMqu|r|V5#Hbm=XS;Y{o$5KVP8lv^<RM97{iabQ?%}pSsOx%W*ry*Kr
zeW)bbPtCYePn6r^aphk7ui?|<sCvU#jkmrgsL7lmYvsKOt%!ETCt5@EtH3^_uDObD
zcoQmRMl&<a-eX8<6)N6?W37i-b_}oI8$ex|bjTmw;kHPE=Ox4Kx7`*@>9}w9r*O2r
z&C?lOQ`?f$8l9`{F1@X6B~>d;WqQ@Dbt?bZ(;}YZ>HSizi*;8E6h_?cK9MMctLvye
zbag!5B=he=IU8kgbD;Z%TbI7;N^!eQ<KuC0zdHxJ4QjOCyt`c*#P{&ZZ<Z*1(<EW{
znNb-Xa%Sa94&&h6H%wD7NL@Kk3h$~?sGQgK>-HTfl|`k5wuARjO0>6WHpBNGx%Ige
zt&DL?)zWz0;8|Ev89Yl)wB4U)>5}y0)_XQ#CKXG4a~s3Ob{F8R#&Zwk5bruY!hQZD
zwEX@N_dpNv{TNRl;`<@qWBLQ*!_1PNink<YxUt1IBAWM*^b9o~&m5U6bELa5#7Je^
VX!p(u-zsr$>TqmxLP`o<$$t}5DE<Hd

diff --git a/inputs/gcp/app_engine/app_engine_application/ssl_policy/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_application/ssl_policy/.terraform.lock.hcl
new file mode 100644
index 000000000..5698484ba
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/ssl_policy/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.16.0"
+  hashes = [
+    "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=",
+    "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443",
+    "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a",
+    "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907",
+    "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a",
+    "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71",
+    "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f",
+    "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773",
+    "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c",
+    "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb",
+    "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf",
+    "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_application/ssl_policy/c.tf b/inputs/gcp/app_engine/app_engine_application/ssl_policy/c.tf
new file mode 100644
index 000000000..058ef5826
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/ssl_policy/c.tf
@@ -0,0 +1,6 @@
+resource "google_app_engine_application" "c" {
+  project     = "gcp-project-12345"
+  location_id = "us-central"
+
+  ssl_policy = "DEFAULT"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/config.tf b/inputs/gcp/app_engine/app_engine_application/ssl_policy/config.tf
similarity index 100%
rename from inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/config.tf
rename to inputs/gcp/app_engine/app_engine_application/ssl_policy/config.tf
diff --git a/inputs/gcp/app_engine/app_engine_application/ssl_policy/nc.tf b/inputs/gcp/app_engine/app_engine_application/ssl_policy/nc.tf
new file mode 100644
index 000000000..ed3c4d607
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_application/ssl_policy/nc.tf
@@ -0,0 +1,6 @@
+resource "google_app_engine_application" "nc" {
+  project     = "gcp-project-12345"
+  location_id = "us-central"
+
+  ssl_policy = "SSL_POLICY_UNSPECIFIED"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_application/ssl_policy/plan.json b/inputs/gcp/app_engine/app_engine_application/ssl_policy/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..647251b30cc243e45baf276eb1a8b8299a8f36af
GIT binary patch
literal 6286
zcmeHL+iuf95S?cve!|Z*G=YNDH`I%SgrHLC160UL<K_a6ZP{s|Lj85%oSAIAPUAK~
zX=sHNIf-|!yF0UUc7Ff*DS`AQm0ZTsm5GFMDd%`AWQ5TK)LlGnX-Nma&+tr?o`c)T
z)yuTy1tfQ-l9|MiO7J<CNG)|Sa)Gx39J@kaa#&5(k1>8DP-D<bDtS|k=F*$VovLIP
z+!4mfVfq3YsJ4OX2w^+JCj>_V%1HfiqcPrlx&k)u7T#>W=7;$Z=qe@P8$e4m<(SA7
z^g52ew`umMeLU0VyvTHAF5zVaT8>#%`8aRRsleLh@Taw4pIV@&@?3_nP~e+0=FVpr
z^Sw4d3Q&j8%D7mx!`m7Sm!Qt?VGOPQT88SiMbZT<Z-L4^pr@2Jdp5(bp!7g7?g9R1
z;IGoQ5RV;1*2`IBamQnLnZdH{<keKez8uJ*ypa=mCm(0~HPRJk98DleTZu+mEY~`#
zLj7Y7Oz<!xxB@q4+6RSM!+0bQ<t8e_2s6#6@<nxyz?rEnH$o|T9l=Hc8Z~jvLyVVk
zPws2=i}|tcC{JMVA;fv<M-%C(xGY#D(vRgBF&@g1e8BHp*^^IrJCXMoKSCDlVeAmk
zf$UFroUzT5=5ghL%LdkpYBdNodstz3I=k$<kF0qZIpe(8e8%vUa_j7Ba~G@6h$3om
zYad{YyTp@?_0dkkGyFH~U^Ua7y+jv86^1aJ-p5}}$~lEN*Aw}MCzbE`c5`&dgw>s6
ztc=7(wj!)jtO^mNSdEEX=DAqOi3~zHgJcgjSc&GjBHf8Dc!&VV?PC|;Ds}b2#X3Y(
zc)Qjr?-0HahxiD^*S$>D^!bSbh<I+Be_369$wli~=M~o@N0sO54q%Nlu-b0X?CV{w
zaytpb6n@kjQed8x2!ngY6_0gis<}|dZ|Hq<7=$yqkMp#w{{I$jmwq&7>ZTC-ec+bn
z#I4ql=ESW#K_C8!YnX}kJwbgKp*FGlurie$8lK5FPb^=C)rDNud%lhN6>*+}b*Qf>
zfH&1D=X!e%cE@cxK*8K9*Q0!Ye?vuluIo|VW$xj*{Ll!o?wF6#85Q*yn^d!7c!*sa
zzZb%|3J@QQx;ln?EH2%R*2Ur7I+yAFn1#CT&vL%ccZggZ-rfKDpV3egd+Uh3)v(Vh
zky&<0T$ji4cRcMu2I!z}<9UVd>NfhRTloJP9nv;FyZGP1_YSC^k==F|VedRfXPLK0
k*OPZQ9C9!ssGT&s?N>1fZ&&Q@vufBax2(O_@>HJ4AE|3#<p2Nx

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/.terraform.lock.hcl
similarity index 100%
rename from inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/.terraform.lock.hcl
rename to inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/.terraform.lock.hcl
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/c.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/c.tf
similarity index 100%
rename from inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/c.tf
rename to inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/c.tf
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/config.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/nc.tf b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/nc.tf
similarity index 100%
rename from inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/nc.tf
rename to inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/nc.tf
diff --git a/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/plan.json b/inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/plan.json
similarity index 100%
rename from inputs/gcp/app_engine/app_engine_domain_mapping/ssl_management_type/plan.json
rename to inputs/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/plan.json
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/.terraform.lock.hcl
new file mode 100644
index 000000000..316309c9a
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.17.0"
+  hashes = [
+    "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=",
+    "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc",
+    "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5",
+    "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937",
+    "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9",
+    "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4",
+    "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54",
+    "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb",
+    "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474",
+    "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49",
+    "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/c.tf
new file mode 100644
index 000000000..805be137a
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/c.tf
@@ -0,0 +1,33 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path              = "/"
+    failure_threshold = 4
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/nc.tf
new file mode 100644
index 000000000..7a155b865
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/nc.tf
@@ -0,0 +1,33 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path              = "/"
+    failure_threshold = 0
+  }
+
+  readiness_check {
+    path = "/"
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..842ca7d148f54ec1d3d99cd6e4691b8ed5d96786
GIT binary patch
literal 23064
zcmeI4OLH4V5Xa|C72ko<nK-gza>$*cxNrc911W0Du^mT2mV_QAgz{Gh{=aFpXJ+;A
z3R@y1Q!3l?&a0>2+tbs3|Mh3+h1X#mrr|oAg?VVgO}Ny5voO%pky>Bq=QtdN6aD>C
zKl9i=Rc{}+dCYNmrjcJQM^3^}qel8%hKsn;nVu~4-%LGT1YntJ)p3O5T7NIpI#hdV
zrSDizr{Vl=+{-xfOuaAkoE|n`FI>ghuHqbx)}H9osK-bxg9t~XU9iGC{r{@fuf)WW
zRx}J4WCm3);%%h4uQbcWvd299p_RPHV?tpNu-^6E{0`S7V(&&fxlr3wJ1zTx8}>aD
zey4))Xbmlo)IJVR!yBzI)9-<H4R=iREZ>L0F;nXs%?j_V<AQ$Vm>adW=?pCf8pG@(
z(O{t2q4LY{OB{118qd{cTnQA7;5m;oK{@XY&oIYWD>T~oIQ*{GCSrdY_X16fhfhL3
zat2&{t{w~ZW0ir%4#IoQ&3ET|=c+5MWtdCtjaC5)Td#?H159&agVjcwcc_oa%bCW*
z9Z1*a_4-j#ZkPMN(EPLT>(&vDD{%BqJ)t|i%(sz7&-Hwyow|JGQ27|RlzkXZ*$KPk
z*||8Ry%!$^WtbhDuU`vXv-|7VzAJ3ZX*ApgHXGFiHXuU_%|%DJyBnV2g5N|z@VT9q
zP{t|wDz1Zk%;GnA3|=uEmD2>NeJ!lQJIs$(LQ2rJIcK)VKyzqjD@>)qkr)1lmyrsC
z7~N_#WtCxs2Tah8Zl)EjGSX}&izZ#PEYz!!hFoawVf;SU7>COC;{1p-15^3*y`E08
zc~dXb0*kwK^Zn)89_g8CW|L=V0PRfk9topp0n_!SU1pLfbi=hqKn<sear{IrP+~4P
z%{HKqpi#o0VZk(#;RU^!MkXwwD=!6`LpRdw;Pnf^@Ki8jd5*%{h?5+S8?A|cL|2_H
zEzl}wtlFrlZ~^RtNU`<2<@8{euLKVxpklel)z#>qYY*syUU0jb(+ACookW^wr!SZ|
zmrNz>q-Ult%!e?$VAOn;>1MbS4uaZnF<O;x;21q`8vQit7oGqsv*d8Ghe5=TX(?#I
z9*qBc@=N;JiW9ZC?(T_RZrv8zhv`ptwjPd?rIt5JfMtWG7fuD4aUN2J?gT=EXPqrG
zJ}dQ-;m}*gg#_jjWEKjI(Z&Rvh^%(i2IfV)jWqO~TnP)4@I*i85N~@TzwktuJiYVq
zfC4`Z>~G@-_r#3LrotH5UBzHYrTe+)tB7&1-HnHgcAI$U5L{t=z3R~##Y-tSNpa0$
zx`e%!y-Wh#&o+IOOGdjld<nhG-XOVfu<IhMaFUIDo>Ge#Y)DzMU@k?uMn%&iQ>Kj)
ze<j`B)=%vb==4RDc{Ka|z0EsCpS0n@3NxPF&f}c6iyy+*;rsAY_%?hOzFCecxpP%#
zmhTGY@7QcNk`i0_M!3X}H4G&Az)B-8=Yj%@#yImJpe}euADcE~9kUqw^{Bge$8N`V
z@l{Lhw#^@Q>xG2u?sYx3Ph;;XaEj@+L?vjHG_li;r=`cUUk}7-@i0$;w?2FXyf<P1
z`EI&cdWYiSwyv8c@%6TA(cR_lRyG~qcmFX3-m^?Qd}vXH1X+zM)VM;8E7Z6`jVsi+
zLhcdZ34MHV1&dp5dM9MhHLienTjL6wV^cM*(8PFGjVsi+LU~eG;|k?lb&V^0T5$zV
zp@=RJwIu?WBEKna%UQ8=$zh@pA8HK3;W~T-g0lu<VbB7f*XTfm)-nW~K4cPDtco+O
z-tzRGGhfS&vC(<loV*!3|4Q@LT!`|7yXHc8_K4?C?3$-xo>z@o)R;w$S$zC4i<%3O
zPT-nokFnb|7s5`KYA%GGuMeXqm-}Kh7s7Kh{vWvz$#*7mV5A%~qL5_#?#GwjSG2<O
zXzlHve3og{T4eN@{z@4S_NGC`Hkqduc|A<#>S1yy@|`6up4;q?Bab5ACz;ypFn_k6
zI7qrDkgru{;pDh}%)E=Xb~R6Q-93REw%xNekcs?_+j7FnoGJE*9ZXrzxh`4Fv7*1d
z^FQXh`M&f?Nza;9#oO;=<aK*~QO&AKw@5rMZ+AJh$md}qnkjp!=2elqV{ZaAs_F4t
zvw6mg^@dlvt>&I-m&jqg;bmF+^@f+>q4d-9tZ2@*@{Ird9lSgPt2ey-7INEr#z&p&
zgKy)v2i+F)tY%`>8(!V+dzQDju!P){uQ$B*bMLQx&hID3rZY<^H(JyiUZ2(tuRIb_
zqni7^k6)vjd99OD|5)T~lb5mXc32*{t5MCeZcdJy-J>Nns#&9&@WA6&tEf@U{GGG(
z$99)fqMGK**=ZhUSXc2xugqy9*0h?(n2+%@hrE)BKPxLal|A5+*IJRBvHjM3O1Z1t
z*XOLVR_U^uV&(mRi?)_D+nmdq^FX6B?aR9=C98C{nn3nW;WgTfgDsXx?S`&Zv$~u{
zQSYr={VLYCop|jS_#@T+f|EV36Nz!D+3t_EV@kQ?=JkNOtWGTju+zO}P!8uV^?$lS
z<L`OvYXmudx||Dlt#{G|uG3|HdS3UV%Q&l>leFP#l%d-!T_O>;cNz3us?9ufC#8?<
z8u>n6w;OVBw^w~aPp?)@>4p{N$t$ZE2FlsIvPd3j?KXR^XYQ}4^6%fy4eC-?rdlc8
zV6}QGZi()%K**ZRTx&VNf7?BfYJJEXK*Fv1W3@hqwm$u8ePaE&WJjy@$?JtZr25x?
zV}0;+ZDp?^X8!TDbTOKyry6>F{XAEFy}oLNJyAuy<M5-tKUeFqKKy<bepXL3xYf=Z
q>K(yrv@uH_Yr->OcJe;#R$AFk&M$TRc#E(+#FQC#8$J)8g?|7|wPgVS

literal 0
HcmV?d00001

diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/.terraform.lock.hcl b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/.terraform.lock.hcl
new file mode 100644
index 000000000..316309c9a
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+  version = "7.17.0"
+  hashes = [
+    "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=",
+    "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc",
+    "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5",
+    "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937",
+    "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9",
+    "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4",
+    "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54",
+    "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb",
+    "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474",
+    "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49",
+    "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac",
+  ]
+}
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/c.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/c.tf
new file mode 100644
index 000000000..805b750f7
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/c.tf
@@ -0,0 +1,33 @@
+resource "google_app_engine_flexible_app_version" "c" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path              = "/"
+  }
+
+  readiness_check {
+    path = "/"
+    failure_threshold = 4
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/config.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/config.tf
new file mode 100644
index 000000000..9f4356520
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/config.tf
@@ -0,0 +1,11 @@
+##### DO NOT EDIT ######
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/nc.tf b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/nc.tf
new file mode 100644
index 000000000..e98547ba7
--- /dev/null
+++ b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/nc.tf
@@ -0,0 +1,33 @@
+resource "google_app_engine_flexible_app_version" "nc" {
+  version_id = "v1"
+  project    = "gcp-project-12345"
+  service    = "default"
+  runtime    = "nodejs"
+
+  entrypoint {
+    shell = "node ./app.js"
+  }
+
+  deployment {
+    zip {
+      source_url = "storage.googleapis.com"
+    }
+  }
+
+  automatic_scaling {
+    cpu_utilization {
+      target_utilization = 0.5
+    }
+  }
+
+  liveness_check {
+    path              = "/"
+  }
+
+  readiness_check {
+    path = "/"
+    failure_threshold = 0
+  }
+
+  service_account = "google_service_account.custom_service_account.email"
+}
\ No newline at end of file
diff --git a/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/plan.json b/inputs/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/plan.json
new file mode 100644
index 0000000000000000000000000000000000000000..f3ef2323cdf48f39da21ee91feeae60cd9cc8a5a
GIT binary patch
literal 23064
zcmeI4%WhjY5Qe!f(03@bZXCsN0wnvQ=%$Od=%PU(IJV;`wIx*-H%;MJZ~K27jY%HK
z5|vm+;1Grq>F_q38UCCz9L|6L{u6rPO&Eu1xD3Z(9tPnmoaxsr4E1!R(wF)?2?ya&
z|9`8`JeE&Y+uPmV=1F*}md}<gC*eY^M*2Gor*WiXJz412Of_BxXqjr%airr?|DUS#
zLglHHx???^hLf9iuVTw%)jrj8YFK~0a2|U*k9`a@_C$XJ)flN{80i>j7L4#-zh8Ii
zm7F-xh{ge<%&6)`zKzuPxq3NW)|iLCHImo3ODc>4#=E@f-|3n}?p<jnrz)Fjre!^N
z!@OtW?^F~XtdZq`%E#exc&ia+`gf>Vqa71H%jaQq%vAbTy`nqow4fg~=1QeqIU|dq
z+R*z*G8n3Nr2H!U9@`vC#&eaKRzk%<^qj<=ket^>XXs<B5eAy~IQ*s3LFE24&IOs6
z4j+bo)C{!vL^T$w$0$R!9fl9;oA0jmu2tt6%Q%<H2O0$`Y`j6#8)%w~8;mwmzZd$m
z^>VECXa}q7_VN00rCcxPf2#gx;g5|ioLBJZy=o$NbeV4>wVvzwNHg{Il~d(y&{F1M
zJY^=#l4mE<knUW(6_TNMc)ortc+KoDWBIPM(Wl997uu{<4Q)^c3e6=)w7ZVaXu+S7
zApG1cOC;lxd>zMOeazxFbPQcFjLK!gs(mA_qC4~tDzQqy+FUccZIC%Kvk|63aMlaI
z(PdVJQ4F@4Oc~`O(gP<b2b(DcRYvN~)}pO0N*1a$5JE20_eK0ZRvV|v=HmLuYKErr
z=?6WXWc{XEh60P5ar61*XwT}Is%Klz$N<?H@*aqzpnze$q03Aw3T(Jk3#8!^F^!+7
z1WC+Ar|k{k5i&{~G%gq-8DGH7)G~1itUMEKPTfeo!`E*_!(-9N&T|mnMV{nzTxm@3
z5v)31?m(-WvARc1#S3U3Mv1N0Etdzgd@XutffUO*u8v0i96gW^xZwM0E+3GSeUjBg
zId$R0iPlu&PI_i|VK#*A3ntB{88)MxXb{pyi$PVs!DDdV5dA3P3s0bxUUIsa!!Yv4
zPzqTv2h;za?2>*q;zT8m-95?6cejP+Vfe|+*3)sgM0t}0TsCTY;YgI3=CR7aPAD{b
z*6n4cXC*Ef54~hutiXH)*$xF_bUA@0vQ}%+z^sUOQHDN~b8%r39_a&yc-bS_g@@wg
z(T#-%71&{Lf0I7AC1zSS702N2DhEp`ZP%h_k>hatE_CQVw8Hdy)uJ_tm#f@XiX)3*
z33DxL*$Q+!+wdq~8Qt3GCGxWUhLwv3I~K7Er?rvyQ=*8`#wtrYn6IK7Q9)YPl%Y}5
zuY}!QeCoCU(-(2ggY4UDn{^7Fbm?IiraiNr$3ATqKZozaPvO__L-;X#zid@%=PG8F
z?+Rw`SZ`NaB{uSvc!?cr97yYfU7GcBA}ZL?XlE7#(uL39v7s5`*p9JZi@L@-_I+#@
zTeU>DP4=+wUaXMat**PaY3w}(O)+dsQbI-viCuO)EiIn?S|BcqPqP$w>%&ICdcy~h
z&!%RlcPc)8udCZhe7wyly8F7j)}D^-yMLbo?^%WppPN@9QP%tl&9Bh>3eB(3{0hyl
zkXr;;Ld~zx{0enm#?p6y9&tYNF#QVV`@YRLmA_H%%iFZsA})OZCX41*XnuwLpVT$K
zLitwR{0d)|Ux8C7ybE}3@c<^zZ}Qu6R_t1GKVFE>)d%5p-M<Hdvj%)&$b$XR<ba3P
zA_QDML=u><iZiX=^7NiFUyF{h*16xDxEVYDO8vH2i1LKH#X@-Wh{sRt8mD0=I?ZR%
zd=|}T0nYkqQuA3@JWz{;sELgFl6)4M<7t}Df^+wr3%O0#Vj*&F>@OA~+0H}`j1*&r
z*NTYW{n*m`@>X~pt-bx@cbdkx2qO9h@mq>`us01NwuwCD&GBKyP~<av$Z-_;Jc-ms
zWAkVG@q?s$0{K{_2IcmVy~}Qk;H!(fD80-n#<s+VE+2M})?iKKZ`>9WR>n**N*VQ>
zW65fa74_|%|1RIn_k|~=JX=&1R{mYYb-SLosH${}#NVWLU#I5zydRHdie74QRmARC
zj9K$)y8qVpJk!N?!z<lZbIY{GbJ%WpS(JXe;bnX%<DK)UXwJ6si2wX;u{;B7H@y57
za@TssMxE;q+s1DX`d-|;n$4@(Zg{P`CD<ad2Jz-02+?kMnJ=vuKCc^IxhJA|HTQiV
z|9)<U<=(dD)!ckP+`TOIx5k=R({9~2ucn>+xE+l5I-Q(s^MktH-47x-jSm?Oe2)7$
z%gFP!nE%G!JMZ$$;^VxUMu(l|A>Z?OqF2VW;cHrrW6az5nM0n*#GjR!oXQ%Uf4tF%
z#Ek7X=TnMZ<-R^=l`Tt`<rM3lY1uh#+NX#UH6QF|9T@0L`|Ku5$*P<!ClDG>wv{{<
z)qI)cZm7+gRdX6ezPGykRg7=i?73smk94B|P4>7>khczfyFR7cyhSymlS={a)aMM!
z>D(p%PaQRW<7R!1Am>jFmVzuPOGn-4WVvBI8+NTmI@R@3bA#*pCf>a!H%wjTmKy4g
zmXY?K%A3*?=ZL&b*NM}x98jM12~1dx6snnt<><;Ys~Atq-aNBN?rE*-J;#~t8C5?1
zo|I8tVr9yeQb()hQ}LZ>dj>+rr015)0sU*ck71tU-e%js?LKYyS?5)*L8^Y+eIo8|
z-zOjT?t`Uk`<~|zGyC{bSd1;vQx3hpKF^h3udiHTkCajGN%%$IpR4p~coFU9qwt$*
vg5Z`r??Uego}-Oka(^Qnr+4B$>{eP?PHrdi`0*BDafm50?mB!Oz6$>Xd&^}L

literal 0
HcmV?d00001

diff --git a/policies/gcp/app_engine/app_engine_application/location_id/policy.rego b/policies/gcp/app_engine/app_engine_application/location_id/policy.rego
index bad4574e3..7a47ee8a5 100644
--- a/policies/gcp/app_engine/app_engine_application/location_id/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application/location_id/policy.rego
@@ -1,4 +1,5 @@
 package terraform.gcp.security.app_engine.app_engine_application.location_id
+
 import data.terraform.gcp.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application.vars
 
diff --git a/policies/gcp/app_engine/app_engine_application/ssl_policy/policy.rego b/policies/gcp/app_engine/app_engine_application/ssl_policy/policy.rego
new file mode 100644
index 000000000..f0dca4390
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_application/ssl_policy/policy.rego
@@ -0,0 +1,22 @@
+package terraform.gcp.security.app_engine.app_engine_application.ssl_policy
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_application.vars
+
+conditions := [
+  [
+    {
+      "situation_description": "App Engine Application is using an unspecified SSL policy",
+      "remedies": ["Ensure ssl_policy is set to DEFAULT or MODERN"]
+    },
+    {
+      "condition": "Blacklist SSL_POLICY_UNSPECIFIED",
+      "attribute_path": ["ssl_policy"],
+      "values": ["SSL_POLICY_UNSPECIFIED"],
+      "policy_type": "blacklist"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego b/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego
index eb046e273..cc4ba0554 100644
--- a/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego
+++ b/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego
@@ -1,4 +1,4 @@
-package terraform.gcp.security.app_engine.app_engine_domain_mapping.ssl_management_type
+package terraform.gcp.security.app_engine.app_engine_domain_mapping.ssl_settings.ssl_management_type
 
 import data.terraform.gcp.helpers
 import data.terraform.gcp.security.app_engine.app_engine_domain_mapping.vars
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/policy.rego
new file mode 100644
index 000000000..a3d032aa9
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/policy.rego
@@ -0,0 +1,24 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.liveness_check.failure_threshold
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+
+conditions := [
+  [
+    {
+      "situation_description": "failure_threshold is too low/not safely configured",
+      "remedies": ["Set failure_threshold to at least 1"
+      ]
+    },
+    {
+      "condition": "Check that failure_threshold is below minimum safe value",
+      "attribute_path": ["liveness_check", 0, "failure_threshold"],
+      "values": [1, null],
+      "policy_type": "range"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/policy.rego
new file mode 100644
index 000000000..fa8d59b37
--- /dev/null
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/policy.rego
@@ -0,0 +1,24 @@
+package terraform.gcp.security.app_engine.app_engine_flexible_app_version.readiness_check.failure_threshold
+
+import data.terraform.gcp.helpers
+import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
+
+
+conditions := [
+  [
+    {
+      "situation_description": "failure_threshold is too low/not safely configured",
+      "remedies": ["Set failure_threshold to at least 1"
+      ]
+    },
+    {
+      "condition": "Check that failure_threshold is below minimum safe value",
+      "attribute_path": ["readiness_check", 0, "failure_threshold"],
+      "values": [1, null],
+      "policy_type": "range"
+    }
+  ]
+]
+
+message := helpers.get_multi_summary(conditions, vars.variables).message
+details := helpers.get_multi_summary(conditions, vars.variables).details
\ No newline at end of file

From d224b0df4b430b13653144b6ad0b77078e3cfbb9 Mon Sep 17 00:00:00 2001
From: sidd <schaudhuri@deakin.edu.au>
Date: Mon, 2 Feb 2026 17:12:37 +1100
Subject: [PATCH 3/4] .gcp.helpers -> .helpers

---
 .../app_engine/app_engine_application/database_type/policy.rego | 2 +-
 .../feature_settings/split_health_checks/policy.rego            | 2 +-
 .../app_engine_application/iap/oauth2_client_id/policy.rego     | 2 +-
 .../app_engine_application/iap/oauth2_client_secret/policy.rego | 2 +-
 .../app_engine/app_engine_application/location_id/policy.rego   | 2 +-
 .../gcp/app_engine/app_engine_application/project/policy.rego   | 2 +-
 .../app_engine_application/serving_status/policy.rego           | 2 +-
 .../app_engine/app_engine_application/ssl_policy/policy.rego    | 2 +-
 .../dispatch_rules/dispatch_rules_domain/policy.rego            | 2 +-
 .../dispatch_rules/dispatch_rules_path/policy.rego              | 2 +-
 .../dispatch_rules/dispatch_rules_service/policy.rego           | 2 +-
 .../app_engine_domain_mapping/domain_name/policy.rego           | 2 +-
 .../app_engine_domain_mapping/override_strategy/policy.rego     | 2 +-
 .../ssl_settings/ssl_management_type/policy.rego                | 2 +-
 .../gcp/app_engine/app_engine_firewall_rule/action/policy.rego  | 2 +-
 .../app_engine/app_engine_firewall_rule/priority/policy.rego    | 2 +-
 .../app_engine_firewall_rule/source_range/policy.rego           | 2 +-
 .../cpu_utilization/target_utilization/policy.rego              | 2 +-
 .../deployment/zip/source_url/policy.rego                       | 2 +-
 .../entrypoint/shell/policy.rego                                | 2 +-
 .../liveness_check/failure_threshold/policy.rego                | 2 +-
 .../liveness_check/path/policy.rego                             | 2 +-
 .../liveness_check/timeout/policy.rego                          | 2 +-
 .../readiness_check/failure_threshold/policy.rego               | 2 +-
 .../readiness_check/path/policy.rego                            | 2 +-
 .../readiness_check/timeout/policy.rego                         | 2 +-
 .../app_engine_flexible_app_version/runtime/policy.rego         | 2 +-
 .../app_engine_flexible_app_version/service/policy.rego         | 2 +-
 .../network_settings/ingress_traffic_allowed/policy.rego        | 2 +-
 .../app_engine_service_network_settings/service/policy.rego     | 2 +-
 .../migrate_traffic/policy.rego                                 | 2 +-
 .../app_engine_service_split_traffic/service/policy.rego        | 2 +-
 .../split/allocations/policy.rego                               | 2 +-
 .../app_engine_service_split_traffic/split/shard_by/policy.rego | 2 +-
 .../deployment/zip/source_url/policy.rego                       | 2 +-
 .../entrypoint/shell/policy.rego                                | 2 +-
 .../app_engine_standard_app_version/instance_class/policy.rego  | 2 +-
 .../app_engine_standard_app_version/runtime/policy.rego         | 2 +-
 .../app_engine_standard_app_version/service/policy.rego         | 2 +-
 39 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/policies/gcp/app_engine/app_engine_application/database_type/policy.rego b/policies/gcp/app_engine/app_engine_application/database_type/policy.rego
index e681966b3..705b411c8 100644
--- a/policies/gcp/app_engine/app_engine_application/database_type/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application/database_type/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application.database_type
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/policy.rego b/policies/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/policy.rego
index f694631f9..8703bb9ab 100644
--- a/policies/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application/feature_settings/split_health_checks/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application.split_health_checks
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_id/policy.rego b/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_id/policy.rego
index 9b0cf9a93..09d418824 100644
--- a/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_id/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_id/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application.oauth2_client_id
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/policy.rego b/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/policy.rego
index 126ad8190..8bbfb05ec 100644
--- a/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application/iap/oauth2_client_secret/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application.iap.oauth2_client_secret
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_application/location_id/policy.rego b/policies/gcp/app_engine/app_engine_application/location_id/policy.rego
index 7a47ee8a5..ca2b409d2 100644
--- a/policies/gcp/app_engine/app_engine_application/location_id/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application/location_id/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application.location_id
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_application/project/policy.rego b/policies/gcp/app_engine/app_engine_application/project/policy.rego
index bebe23769..16d906b32 100644
--- a/policies/gcp/app_engine/app_engine_application/project/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application/project/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application.project
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_application/serving_status/policy.rego b/policies/gcp/app_engine/app_engine_application/serving_status/policy.rego
index 8b8217c69..5f93f8bfa 100644
--- a/policies/gcp/app_engine/app_engine_application/serving_status/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application/serving_status/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application.serving_status
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_application/ssl_policy/policy.rego b/policies/gcp/app_engine/app_engine_application/ssl_policy/policy.rego
index f0dca4390..19c01fab5 100644
--- a/policies/gcp/app_engine/app_engine_application/ssl_policy/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application/ssl_policy/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application.ssl_policy
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/policy.rego b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/policy.rego
index 20ced94d0..dd06b228e 100644
--- a/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_domain/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.dispatch_rules.dispatch_rules_domain
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/policy.rego b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/policy.rego
index 175652c64..66bcb072a 100644
--- a/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_path/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.dispatch_rules.dispatch_rules_path
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/policy.rego b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/policy.rego
index 0b3be7918..0abdf3b5d 100644
--- a/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/policy.rego
+++ b/policies/gcp/app_engine/app_engine_application_url_dispatch_rules/dispatch_rules/dispatch_rules_service/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.dispatch_rules.dispatch_rules_service
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_application_url_dispatch_rules.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_domain_mapping/domain_name/policy.rego b/policies/gcp/app_engine/app_engine_domain_mapping/domain_name/policy.rego
index 7bd187b18..e1e75a37c 100644
--- a/policies/gcp/app_engine/app_engine_domain_mapping/domain_name/policy.rego
+++ b/policies/gcp/app_engine/app_engine_domain_mapping/domain_name/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_domain_mapping.domain_name
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_domain_mapping.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_domain_mapping/override_strategy/policy.rego b/policies/gcp/app_engine/app_engine_domain_mapping/override_strategy/policy.rego
index 457df053b..6001fe1ff 100644
--- a/policies/gcp/app_engine/app_engine_domain_mapping/override_strategy/policy.rego
+++ b/policies/gcp/app_engine/app_engine_domain_mapping/override_strategy/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_domain_mapping.override_strategy
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_domain_mapping.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego b/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego
index cc4ba0554..9a8f63b74 100644
--- a/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego
+++ b/policies/gcp/app_engine/app_engine_domain_mapping/ssl_settings/ssl_management_type/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_domain_mapping.ssl_settings.ssl_management_type
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_domain_mapping.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_firewall_rule/action/policy.rego b/policies/gcp/app_engine/app_engine_firewall_rule/action/policy.rego
index eb9d45e38..17bb976d0 100644
--- a/policies/gcp/app_engine/app_engine_firewall_rule/action/policy.rego
+++ b/policies/gcp/app_engine/app_engine_firewall_rule/action/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_firewall_rule.action
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_firewall_rule.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_firewall_rule/priority/policy.rego b/policies/gcp/app_engine/app_engine_firewall_rule/priority/policy.rego
index 6ff2ae808..bfa4984a0 100644
--- a/policies/gcp/app_engine/app_engine_firewall_rule/priority/policy.rego
+++ b/policies/gcp/app_engine/app_engine_firewall_rule/priority/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_firewall_rule.priority
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_firewall_rule.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_firewall_rule/source_range/policy.rego b/policies/gcp/app_engine/app_engine_firewall_rule/source_range/policy.rego
index 2d1f331c3..ed3ccb67a 100644
--- a/policies/gcp/app_engine/app_engine_firewall_rule/source_range/policy.rego
+++ b/policies/gcp/app_engine/app_engine_firewall_rule/source_range/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_firewall_rule.source_range
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_firewall_rule.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/policy.rego
index 2dbaebd27..40727dbad 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/automatic_scaling/cpu_utilization/target_utilization/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.automatic_scaling.cpu_utilization.target_utilization
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/policy.rego
index 5f5a3f616..395ea1d99 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/deployment/zip/source_url/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.deployment.zip.source_url
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/policy.rego
index eaca84945..46a68a242 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/entrypoint/shell/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.entrypoint.shell
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/policy.rego
index a3d032aa9..918c5fac0 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/failure_threshold/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.liveness_check.failure_threshold
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/policy.rego
index d5ef6b846..2b34e1e22 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/path/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.liveness_check.path
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/policy.rego
index 4d43bc702..7fae022ca 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/liveness_check/timeout/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.liveness_check.timeout
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/policy.rego
index fa8d59b37..5c0abe922 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/failure_threshold/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.readiness_check.failure_threshold
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/policy.rego
index d7ad26a23..1326aee29 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/path/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.readiness_check.path
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/policy.rego
index 2af12e834..fa500ddd5 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/readiness_check/timeout/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.readiness_check.timeout
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/runtime/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/runtime/policy.rego
index 2242c2fc1..59af4f0cc 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/runtime/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/runtime/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.runtime
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_flexible_app_version/service/policy.rego b/policies/gcp/app_engine/app_engine_flexible_app_version/service/policy.rego
index 7355edf4b..6eecc1639 100644
--- a/policies/gcp/app_engine/app_engine_flexible_app_version/service/policy.rego
+++ b/policies/gcp/app_engine/app_engine_flexible_app_version/service/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_flexible_app_version.service
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_flexible_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/policy.rego b/policies/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/policy.rego
index 286a3a227..d764d9622 100644
--- a/policies/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/policy.rego
+++ b/policies/gcp/app_engine/app_engine_service_network_settings/network_settings/ingress_traffic_allowed/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_service_network_settings.ingress_traffic_allowed
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_service_network_settings.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_service_network_settings/service/policy.rego b/policies/gcp/app_engine/app_engine_service_network_settings/service/policy.rego
index 0064dcc65..e49af78a4 100644
--- a/policies/gcp/app_engine/app_engine_service_network_settings/service/policy.rego
+++ b/policies/gcp/app_engine/app_engine_service_network_settings/service/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_service_network_settings.service
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_service_network_settings.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/policy.rego b/policies/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/policy.rego
index 888c82303..4271211ca 100644
--- a/policies/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/policy.rego
+++ b/policies/gcp/app_engine/app_engine_service_split_traffic/migrate_traffic/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_service_split_traffic.migrate_traffic
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_service_split_traffic.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_service_split_traffic/service/policy.rego b/policies/gcp/app_engine/app_engine_service_split_traffic/service/policy.rego
index 1e021febd..e19f7de41 100644
--- a/policies/gcp/app_engine/app_engine_service_split_traffic/service/policy.rego
+++ b/policies/gcp/app_engine/app_engine_service_split_traffic/service/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_service_split_traffic.service
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_service_split_traffic.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_service_split_traffic/split/allocations/policy.rego b/policies/gcp/app_engine/app_engine_service_split_traffic/split/allocations/policy.rego
index 95fae5c20..af4572072 100644
--- a/policies/gcp/app_engine/app_engine_service_split_traffic/split/allocations/policy.rego
+++ b/policies/gcp/app_engine/app_engine_service_split_traffic/split/allocations/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_service_split_traffic.allocations
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_service_split_traffic.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/policy.rego b/policies/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/policy.rego
index b552a03df..5592a74c6 100644
--- a/policies/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/policy.rego
+++ b/policies/gcp/app_engine/app_engine_service_split_traffic/split/shard_by/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_service_split_traffic.shard_by
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_service_split_traffic.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/policy.rego b/policies/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/policy.rego
index 0d93daaa4..ef0250986 100644
--- a/policies/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/policy.rego
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/deployment/zip/source_url/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_standard_app_version.deployment.zip.source_url
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/policy.rego b/policies/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/policy.rego
index 68f66b10d..8df765b5e 100644
--- a/policies/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/policy.rego
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/entrypoint/shell/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_standard_app_version.entrypoint.shell
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/instance_class/policy.rego b/policies/gcp/app_engine/app_engine_standard_app_version/instance_class/policy.rego
index af067461e..ed053e2b9 100644
--- a/policies/gcp/app_engine/app_engine_standard_app_version/instance_class/policy.rego
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/instance_class/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_standard_app_version.instance_class
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/runtime/policy.rego b/policies/gcp/app_engine/app_engine_standard_app_version/runtime/policy.rego
index 706a258b8..e4bc8242e 100644
--- a/policies/gcp/app_engine/app_engine_standard_app_version/runtime/policy.rego
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/runtime/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_standard_app_version.runtime
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
 
 conditions := [
diff --git a/policies/gcp/app_engine/app_engine_standard_app_version/service/policy.rego b/policies/gcp/app_engine/app_engine_standard_app_version/service/policy.rego
index cabb6afd0..0576db509 100644
--- a/policies/gcp/app_engine/app_engine_standard_app_version/service/policy.rego
+++ b/policies/gcp/app_engine/app_engine_standard_app_version/service/policy.rego
@@ -1,6 +1,6 @@
 package terraform.gcp.security.app_engine.app_engine_standard_app_version.service
 
-import data.terraform.gcp.helpers
+import data.terraform.helpers
 import data.terraform.gcp.security.app_engine.app_engine_standard_app_version.vars
 
 conditions := [

From 622ed5f1c435931df8b4e71315b2562e7629f7bd Mon Sep 17 00:00:00 2001
From: sidd <schaudhuri@deakin.edu.au>
Date: Wed, 4 Feb 2026 04:23:55 +1100
Subject: [PATCH 4/4] Documentation

---
 docs/gcp/App_Engine/app_engine_application.md |  23 ++
 ...p_engine_application_url_dispatch_rules.md |  22 ++
 .../App_Engine/app_engine_domain_mapping.md   |  24 ++
 .../App_Engine/app_engine_firewall_rule.md    |  17 +
 .../app_engine_flexible_app_version.md        | 265 +++++++++++++++
 .../app_engine_service_network_settings.md    |  21 ++
 .../app_engine_service_split_traffic.md       |  23 ++
 .../app_engine_standard_app_version.md        | 143 ++++++++
 .../resource_json/app_engine_application.json | 117 ++++---
 ...engine_application_url_dispatch_rules.json |  34 +-
 .../app_engine_domain_mapping.json            |  42 +--
 .../app_engine_firewall_rule.json             |  34 +-
 .../app_engine_flexible_app_version.json      | 312 +++++++++---------
 .../app_engine_service_network_settings.json  |  26 +-
 .../app_engine_service_split_traffic.json     |  42 +--
 .../app_engine_standard_app_version.json      | 138 ++++----
 16 files changed, 915 insertions(+), 368 deletions(-)
 create mode 100644 docs/gcp/App_Engine/app_engine_application.md
 create mode 100644 docs/gcp/App_Engine/app_engine_application_url_dispatch_rules.md
 create mode 100644 docs/gcp/App_Engine/app_engine_domain_mapping.md
 create mode 100644 docs/gcp/App_Engine/app_engine_firewall_rule.md
 create mode 100644 docs/gcp/App_Engine/app_engine_flexible_app_version.md
 create mode 100644 docs/gcp/App_Engine/app_engine_service_network_settings.md
 create mode 100644 docs/gcp/App_Engine/app_engine_service_split_traffic.md
 create mode 100644 docs/gcp/App_Engine/app_engine_standard_app_version.md

diff --git a/docs/gcp/App_Engine/app_engine_application.md b/docs/gcp/App_Engine/app_engine_application.md
new file mode 100644
index 000000000..95b995c96
--- /dev/null
+++ b/docs/gcp/App_Engine/app_engine_application.md
@@ -0,0 +1,23 @@
+## 🛡️ Policy Deployment Engine: `app_engine_application`
+
+This section provides a concise policy evaluation for the `app_engine_application` resource in GCP.
+
+Reference: [Terraform Registry – app_engine_application](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/app_engine_application)
+
+---
+
+## Argument Reference  
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `project` | ~>**NOTE:** GCP only accepts project ID, not project number. If you are using number, you may get a "Permission denied" error. | true | true | To enforce the use of Project IDs over Project Numbers to prevent API resolution failures and (Permission Denied) errors during deployment. | gcp-project-12345 | 123456789 |
+| `location_id` | The location to serve the app from. | true | true | To esnure data residency compliance, prevents deployment to unauthorized regions, as App Engine locations cannot be changed once set. | australia-southeast1 | europe-west1 |
+| `auth_domain` | The domain to authenticate users with when using App Engine's User API. | false | false | Modern identity management is handled via Identity-Aware Proxy IAP), making the legacy domain setting redundant for security enforcement. | None | None |
+| `database_type` | Can be `CLOUD_FIRESTORE` or `CLOUD_DATASTORE_COMPATIBILITY` for new instances.  To support old instances, the value `CLOUD_DATASTORE` is accepted by the provider, but will be rejected by the API. To create a Cloud Firestore database without creating an App Engine application, use the [`google_firestore_database`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/firestore_database) resource instead. | false | true | To enforce the selection of Cloud Firestore so the application uses Google's latest scalable database technology with modern security and consistency features. | CLOUD_FIRESTORE | CLOUD_DATASTORE_COMPATIBILITY |
+| `serving_status` | The serving status of the app. | false | true | Ensures applications are deployed in an active state and prevents accidental service outages caused by manual or uncoordinated status overrides. | SERVING | USER_DISABLED |
+| `feature_settings` | A block of optional settings to configure specific App Engine features: | false | true | to enforce the use of modern split health checks to ensure precise monitoring of application readiness and liveness, replacing legacy combined health checks. | None | None |
+| `split_health_checks` | Set to false to use the legacy health check instead of the readiness and liveness checks. | true | true | Enables the separation of readiness and liveness probes to improve deployment reliability and prevent traffic from being routed to instances that are still initializing. | split_health_checks = true | split_health_checks = false |
+| `iap` | Settings for enabling Cloud Identity Aware Proxy | false | true | Enforces Identity-Aware Proxy to establish a Zero Trust security layer, ensuring that only authenticated and authorized users can access the application, regardless of network location. | None | None |
+| `oauth2_client_id` | OAuth2 client ID to use for the authentication flow. | true | true | Mandates a valid OAuth2 Client ID to securely link the IAP to the organization's identity provider, ensuring only verified corporate credentials can grant access. | 12345.apps.googleusercontent.com | incorrect-id.apps.googleusercontent.com |
+| `oauth2_client_secret` | OAuth2 client secret to use for the authentication flow. The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field. | true | true | Ensures the authenticity of the handshake between Google Cloud and the Identity Provider to prevent man-in-the-middle attacks/unauthorized identity spoofing. | GOCSPX-abc123def456_actual_secret | 12345 |
+| `ssl_policy` | A list of the SSL policy that will be applied. Each block has a SSL_POLICY_UNSPECIFIED, DEFAULT, and MODERN field. | false | true | To enforce secure managed SSL certificates to ensure all data in transit is encrypted using modern protocols and to prevent service outages caused by manual certificate expiration. | AUTOMATIC | MANUAL |
diff --git a/docs/gcp/App_Engine/app_engine_application_url_dispatch_rules.md b/docs/gcp/App_Engine/app_engine_application_url_dispatch_rules.md
new file mode 100644
index 000000000..1225a4bb5
--- /dev/null
+++ b/docs/gcp/App_Engine/app_engine_application_url_dispatch_rules.md
@@ -0,0 +1,22 @@
+## 🛡️ Policy Deployment Engine: `app_engine_application_url_dispatch_rules`
+
+This section provides a concise policy evaluation for the `app_engine_application_url_dispatch_rules` resource in GCP.
+
+Reference: [Terraform Registry – app_engine_application_url_dispatch_rules](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/app_engine_application_url_dispatch_rules)
+
+---
+
+## Argument Reference  
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `dispatch_rules` | Rules to match an HTTP request and dispatch that request to a service. Structure is [documented below](#nested_dispatch_rules). | true | true | Establishes centralized routing logic to ensure requests are directed to the correct microservices based on URL patterns, preventing leaky traffic/unauthorized cross-service access. | None | None |
+| `project` | If it is not provided, the provider project is used. | false | false | Unnecessary as it defaults to the provider-level project configuration if it is not provided, ensuring the resource is naturally governed by the existing project-level access controls. | None | None |
+
+### dispatch_rules Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `domain` | Domain name to match against. The wildcard "*" is supported if specified before a period: "*.". Defaults to matching all domains: "*". | false | true | To enforce strict hostname mapping to ensure traffic is only routed through approved domains, preventing 'Host Header Injection' and ensuring cross-site requests are properly isolated. | hardhat.pythonanywhere.com | invalid-domain.com |
+| `path` | Pathname within the host. Must start with a "/". A single "*" can be included at the end of the path. The sum of the lengths of the domain and path may not exceed 100 characters. | true | true | To define explicit URL patterns to ensure sensitive application paths are strictly mapped to their intended microservices, preventing accidental exposure of internal endpoints | /* | admin/* |
+| `service` | Pathname within the host. Must start with a "/". A single "*" can be included at the end of the path. The sum of the lengths of the domain and path may not exceed 100 characters. | true | true | To enforce explicit mapping of URL patterns to specific microservices to ensure architectural isolation and prevent traffic from falling back to a service that may not have the appropriate security context/permissions | default | unauthorized-service |
diff --git a/docs/gcp/App_Engine/app_engine_domain_mapping.md b/docs/gcp/App_Engine/app_engine_domain_mapping.md
new file mode 100644
index 000000000..2b6c62897
--- /dev/null
+++ b/docs/gcp/App_Engine/app_engine_domain_mapping.md
@@ -0,0 +1,24 @@
+## 🛡️ Policy Deployment Engine: `app_engine_domain_mapping`
+
+This section provides a concise policy evaluation for the `app_engine_domain_mapping` resource in GCP.
+
+Reference: [Terraform Registry – app_engine_domain_mapping](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/app_engine_domain_mapping)
+
+---
+
+## Argument Reference  
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `domain_name` | Relative name of the domain serving the application. Example: example.com. | true | true | To enforce the use of verified domains to prevent unauthorized shadow branding and ensure all application traffic is protected by corporate-standard SSL/TLS configurations | hardhatenterprises.com | unverified-domain.com |
+| `ssl_settings` | SSL configuration for this domain. If unconfigured, this domain will not serve with SSL. Structure is [documented below](#nested_ssl_settings). | false | true | Mandates the use of managed SSL settings to guarantee that all custom domain traffic is encrypted via TLS and to eliminate the risk of service downtime caused by expired manual certificates | None | None |
+| `override_strategy` | Whether the domain creation should override any existing mappings for this domain. By default, overrides are rejected. Default value is `STRICT`. Possible values are: `STRICT`, `OVERRIDE`. | false | true | to enforce a clear resolution strategy for domain mapping conflicts to prevent accidental hijacking of custom domains from other projects and ensure predictable routing behavior. | STRICT | OVERRIDE |
+| `project` | If it is not provided, the provider project is used. | false | false | It is a standard provider-inherited field as the resource is inherently constrained by the project-level permissions and deployment context of the authenticated service account. | None | None |
+
+### ssl_settings Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `certificate_id` | ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will remove SSL support. By default, a managed certificate is automatically created for every domain mapping. To omit SSL support or to configure SSL manually, specify `SslManagementType.MANUAL` on a `CREATE` or `UPDATE` request. You must be authorized to administer the `AuthorizedCertificate` resource to manually map it to a DomainMapping resource. Example: 12345. | false | false | Mandating/managing specific certificate IDs manually increases operational overhead and introduces the risk of service outages due to manual renewal failures. | None | None |
+| `ssl_management_type` | SSL management type for this domain. If `AUTOMATIC`, a managed certificate is automatically provisioned. If `MANUAL`, `certificateId` must be manually specified in order to configure SSL for this domain. Possible values are: `AUTOMATIC`, `MANUAL`. | true | true | Mandates 'AUTOMATIC' SSL management to utilise Google's managed certificate authority, ensuring renewals and the use of modern cryptographic protocols without human intervention. | AUTOMATIC | MANUAL |
+| `pending_managed_certificate_id` | (Output) ID of the managed `AuthorizedCertificate` resource currently being provisioned, if applicable. Until the new managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the provisioning process completes, the `certificateId` field will reflect the new managed certificate and this field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the `certificateId` field with an update request. | false | false | Is a read-only output attribute managed by Google Cloud, represents a transient state during certificate provisioning and cannot be influenced/configured by the user. | None | None |
diff --git a/docs/gcp/App_Engine/app_engine_firewall_rule.md b/docs/gcp/App_Engine/app_engine_firewall_rule.md
new file mode 100644
index 000000000..a01812135
--- /dev/null
+++ b/docs/gcp/App_Engine/app_engine_firewall_rule.md
@@ -0,0 +1,17 @@
+## 🛡️ Policy Deployment Engine: `app_engine_firewall_rule`
+
+This section provides a concise policy evaluation for the `app_engine_firewall_rule` resource in GCP.
+
+Reference: [Terraform Registry – app_engine_firewall_rule](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/app_engine_firewall_rule)
+
+---
+
+## Argument Reference  
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `source_range` | IP address or range, defined using CIDR notation, of requests that this rule applies to. | true | true | Enforces strict IP CIDR boundaries to minimize the application's attack surface by ensuring only trusted networks or specific geographic IP ranges can interact with the App Engine environment. | 192.168.1.0/24 | * |
+| `action` | The action to take if this rule matches. Possible values are: `UNSPECIFIED_ACTION`, `ALLOW`, `DENY`. | true | true | Is the explicit binary outcome for a network request, ensuring that the firewall behaves as a definitive gatekeeper rather than allowing traffic to pass through ambiguity. | ALLOW | DENY |
+| `description` | An optional string description of this rule. | false | false | Is an informative field that does not influence the network logic/security enforcement of the firewall rule. | None | None |
+| `priority` | A positive integer that defines the order of rule evaluation. Rules with the lowest priority are evaluated first. A default rule at priority Int32.MaxValue matches all IPv4 and IPv6 traffic when no previous rule matches. Only the action of this rule can be modified by the user. | false | true | Enforces an ordering of firewall rules to ensure that specific security 'Allow' or 'Deny' logic is evaluated in the correct sequence. | 1000 | 2147483647 |
+| `project` | If it is not provided, the provider project is used. | false | false | Is automatically constrained by the Google provider's project configuration, ensuring that firewall rules are strictly applied to the intended environment without manual entry. | None | None |
diff --git a/docs/gcp/App_Engine/app_engine_flexible_app_version.md b/docs/gcp/App_Engine/app_engine_flexible_app_version.md
new file mode 100644
index 000000000..0be330958
--- /dev/null
+++ b/docs/gcp/App_Engine/app_engine_flexible_app_version.md
@@ -0,0 +1,265 @@
+## 🛡️ Policy Deployment Engine: `app_engine_flexible_app_version`
+
+This section provides a concise policy evaluation for the `app_engine_flexible_app_version` resource in GCP.
+
+Reference: [Terraform Registry – app_engine_flexible_app_version](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/app_engine_flexible_app_version)
+
+---
+
+## Argument Reference  
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `runtime` | Desired runtime. Example python27. | true | true | To ensure the application environment is patched against known vulnerabilities and remains compatible with organizational security tooling. | nodejs | python27 |
+| `readiness_check` | Configures readiness health checking for instances. Unhealthy instances are not put into the backend traffic rotation. Structure is [documented below](#nested_readiness_check). | true | true | Mandates the configuration of health probes to ensure that the load balancer only routes traffic to fully initialized and healthy instances which prevents errors and ensures correct deployments. | None | None |
+| `liveness_check` | Health checking configuration for VM instances. Unhealthy instances are killed and replaced with new instances. Structure is [documented below](#nested_liveness_check). | true | true | Enforces the configuration of liveness probes to detect deadlocked/zombie processes that are running but no longer functional, allowing the platform to automatically restart the instance and restore service health. | None | None |
+| `service` | AppEngine service resource. Can contain numbers, letters, and hyphens. | true | true | Enforces explicit service naming to ensure that application components are logically isolated, preventing accidental resource overwrites. | default | unauthorized-app |
+| `version_id` | Relative name of the version within the service. For example, `v1`. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,"default", "latest", and any name with the prefix "ah-". | false | false | to allow CI/CD pipelines to dynamically generate unique identifiers, which is essential for maintaining an immutable audit trail and enabling safe rollbacks. | None | None |
+| `inbound_services` | A list of the types of messages that this application is able to receive. Each value may be one of: `INBOUND_SERVICE_MAIL`, `INBOUND_SERVICE_MAIL_BOUNCE`, `INBOUND_SERVICE_XMPP_ERROR`, `INBOUND_SERVICE_XMPP_MESSAGE`, `INBOUND_SERVICE_XMPP_SUBSCRIBE`, `INBOUND_SERVICE_XMPP_PRESENCE`, `INBOUND_SERVICE_CHANNEL_PRESENCE`, `INBOUND_SERVICE_WARMUP`. | false | false | As primarily used to enable legacy App Engine services which are largely deprecated/irrelevant in the Flexible Environment, security for incoming traffic is instead governed by modern network and firewall policies. | None | None |
+| `instance_class` | Instance class that is used to run this version. Valid values are AutomaticScaling: F1, F2, F4, F4_1G ManualScaling: B1, B2, B4, B8, B4_1G Defaults to F1 for AutomaticScaling and B1 for ManualScaling. | false | false | It is a legacy parameter exclusive to the App Engine Standard environment. | None | None |
+| `network` | Extra network settings Structure is [documented below](#nested_network). | false | false | App Engine Flexible automatically defaults to the 'default' VPC with managed settings and primary network security is better governed at the VPC and Firewall levels rather than through individual resource declarations. | None | None |
+| `resources` | Machine resources for a version. Structure is [documented below](#nested_resources). | false | false | The hardware requirements are tied to the specific application's performance profile, imposing constraints would prevent right-sizing and could lead to resource starvation/unnecessary cloud spend. | None | None |
+| `runtime_channel` | The channel of the runtime to use. Only available for some runtimes. | false | false | The platform defaults to the stable channel which ensures that applications run on production-ready environment binaries without requiring manual intervention or the risk of using experimental preview features. | None | None |
+| `flexible_runtime_settings` | Runtime settings for App Engine flexible environment. Structure is [documented below](#nested_flexible_runtime_settings). | false | false | The settings are highly specific to individual language runtimes and typically govern performance tuning/debugging than compliance boundaries. | None | None |
+| `beta_settings` | Metadata settings that are supplied to this version to enable beta runtime features. | false | false | Parameters are intended for temporary experimental features that are not yet part of the stable API. | None | None |
+| `serving_status` | Current serving status of this version. Only the versions with a SERVING status create instances and can be billed. Default value is `SERVING`. Possible values are: `SERVING`, `STOPPED`. | false | false | As it governs the operational state of a version which must remain dynamic to allow automated deployments, traffic splitting and manual emergency interventions without triggering policy violations. | None | None |
+| `runtime_api_version` | The version of the API in the given runtime environment. Please see the app.yaml reference for valid values at `https://cloud.google.com/appengine/docs/standard/<language>/config/appref`\ Substitute `<language>` with `python`, `java`, `php`, `ruby`, `go` or `nodejs`. | false | false | As managed internally by the selected runtime, enforcing a specific API version at the policy level would create unnecessary coupling between infrastructure code and language-specific internals. | None | None |
+| `handlers` | An ordered list of URL-matching patterns that should be applied to incoming requests. The first matching URL handles the request and other request handlers are not attempted. Structure is [documented below](#nested_handlers). | false | false | Flexible Environment is container-based where routing and static file handling are managed internally by the application's web server. | None | None |
+| `runtime_main_executable_path` | The path or name of the app's main executable. | false | false | Within a containerized Flexible environment the execution logic is better governed by the entrypoint or the container's internal configuration and enforcing a path would break standard deployment conventions for multi-language microservices. | None | None |
+| `service_account` | The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag. | false | false | To allow developers to assign unique least-privileged identities to each microservice | None | None |
+| `api_config` | Serving configuration for Google Cloud Endpoints. Structure is [documented below](#nested_api_config). | false | false | Is a legacy configuration for Google Cloud Endpoints Frameworks, this block would not be utilised. | None | None |
+| `env_variables` | Environment variables available to the application.  As these are not returned in the API request, Terraform will not detect any changes made outside of the Terraform config. | false | false | Intrinsic to the application's runtime logic. | None | None |
+| `default_expiration` | Duration that static files should be cached by web proxies and browsers. Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. | false | false | Cache-control requirements are dictated by the specific nature of the application's static assets. | None | None |
+| `nobuild_files_regex` | Files that match this pattern will not be built into this version. Only applicable for Go runtimes. | false | false | File exclusion is more effectively managed via standardized version control ignore files and container-specific exclusion files. | None | None |
+| `deployment` | Code and application artifacts that make up this version. Structure is [documented below](#nested_deployment). | false | true | Is enforced to ensure that every application version is derived from a verified immutable source (such as a specific container image or source code hash). | None | None |
+| `endpoints_api_service` | Code and application artifacts that make up this version. Structure is [documented below](#nested_endpoints_api_service). | false | false | API management via Cloud Endpoints is a separate service layer with its own lifecycle. | None | None |
+| `entrypoint` | The entrypoint for the application. Structure is [documented below](#nested_entrypoint). | false | true | Enforced to ensure that the application starts using a predefined command-string that adheres to organizational standards | None | None |
+| `vpc_access_connector` | Enables VPC connectivity for standard apps. Structure is [documented below](#nested_vpc_access_connector). | false | false | To allow for architectural flexibility, while Serverless VPC Access is required for internal-only communication, as not all workloads require connectivity to VPC-hosted resources. | None | None |
+| `automatic_scaling` | Automatic scaling is based on request rate, response latencies, and other application metrics. Structure is [documented below](#nested_automatic_scaling). | false | true | Enforced to ensure that every service can respond to traffic fluctuations while maintaining strict guardrails on resource consumption. | None | None |
+| `manual_scaling` | A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. Structure is [documented below](#nested_manual_scaling). | false | false | Lacks the ability to adjust to real-time traffic changes, which can lead to unexpected traffic spikes. | None | None |
+| `project` | If it is not provided, the provider project is used. | false | false | To automatically inherit the provider-level project ID | None | None |
+| `noop_on_destroy` | If set to true, the application version will not be deleted. | false | false | Ensure that the Terraform state remains a truthful representation of the cloud environment. | None | None |
+| `delete_service_on_destroy` | If set to true, the service will be deleted if it is the last version. | false | false | To prevent the accidental deletion of an entire service logical grouping when only a specific version is being decommissioned | None | None |
+| `volumes` |  | false | false | None | None | None |
+| `script` |  | false | false | None | None | None |
+| `static_files` |  | false | false | None | None | None |
+| `zip` | Zip | false | true | Ensure that source-based deployments utilize versioned objects stored in Google Cloud Storage. | None | None |
+| `files` |  | false | false | None | None | None |
+| `container` |  | false | false | None | None | None |
+| `cloud_build_options` |  | false | false | None | None | None |
+| `cpu_utilization` |  | false | false | None | None | None |
+| `request_utilization` |  | false | false | None | None | None |
+| `disk_utilization` |  | false | false | None | None | None |
+| `network_utilization` |  | false | false | None | None | None |
+
+### readiness_check Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `path` | The request path. | true | true | to enforce a specific dedicated health endpoint to ensure the load balancer validates the actual readiness of the application logic rather than just the availability of the web server/static landing page. | / | /invalid-path |
+| `host` | Host header to send when performing a HTTP Readiness check. Example: "myapp.appspot.com" | false | false | App Engine routes health checks to the instance's internal IP, defining a host header is unnecessary and can inadvertently bypass internal security controls if misconfigured. | None | None |
+| `failure_threshold` | Number of consecutive failed checks required before removing traffic. Default: 2. | false | true | Configures the specific tolerance level for failed health probes to prevent flapping. | failure_threshold = 4 | failure_threshold = 0 |
+| `success_threshold` | Number of consecutive successful checks required before receiving traffic. Default: 2. | false | false | Google Cloud default is sufficiently conservative to prevent flapping and ensures an instance is stable before it is reintroduced to the load balancer. | None | None |
+| `check_interval` | Interval between health checks.  Default: "5s". | false | false | As Google-managed default provides an optimal balance between rapid failure detection and the reduction of unnecessary noise. | None | None |
+| `timeout` | Time before the check is considered failed. Default: "4s" | false | true | Enforces a strict upper limit on how long a health probe can wait for a response to ensure that stalled requests are terminated quickly to prevent them from clogging the application's request queue. | 4s | 30s |
+| `app_start_timeout` | A maximum time limit on application initialization, measured from moment the application successfully replies to a healthcheck until it is ready to serve traffic. Default: "300s" | false | false | Application initialization times vary drastically based on language runtime, dependency loading, and cache warming requirements. | None | None |
+
+### liveness_check Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `path` | The request path. | true | true | To enforce a specific dedicated health endpoint to ensure the load balancer validates the actual readiness of the application logic rather than just the availability of the web server/static landing page. | / | /invalid-path |
+| `host` | Host header to send when performing a HTTP Readiness check. Example: "myapp.appspot.com" | false | false | App Engine routes health checks to the instance's internal IP, defining a host header is unnecessary and can inadvertently bypass internal security controls if misconfigured. | None | None |
+| `failure_threshold` | Number of consecutive failed checks required before considering the VM unhealthy. Default: 4. | false | true | Configures the specific tolerance level for failed health probes to prevent flapping. | failure_threshold = 4 | failure_threshold = 0 |
+| `success_threshold` | Number of consecutive successful checks required before considering the VM healthy. Default: 2. | false | false | Google Cloud default is sufficiently conservative to prevent flapping and ensures an instance is stable before it is reintroduced to the load balancer. | None | None |
+| `check_interval` | Interval between health checks. | false | false | As Google-managed default provides an optimal balance between rapid failure detection and the reduction of unnecessary noise. | None | None |
+| `timeout` | Time before the check is considered failed. Default: "4s" | false | true | Enforces a strict upper limit on how long a health probe can wait for a response to ensure that stalled requests are terminated quickly to prevent them from clogging the application's request queue. | 4s | 30s |
+| `initial_delay` | The initial delay before starting to execute the checks. Default: "300s" | false | false | Enforcing a universal delay could lead to premature restarts of slow-starting but healthy applications. | None | None |
+
+### network Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `forwarded_ports` | List of ports, or port pairs, to forward from the virtual machine to the application container. | false | false | None | None | None |
+| `instance_ip_mode` | , [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) Prevent instances from receiving an ephemeral external IP address. Possible values are: `EXTERNAL`, `INTERNAL`. | false | false | None | None | None |
+| `instance_tag` | Tag to apply to the instance during creation. | false | false | None | None | None |
+| `name` | Google Compute Engine network where the virtual machines are created. Specify the short name, not the resource path. | true | false | None | None | None |
+| `subnetwork` | Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. | false | false | None | None | None |
+| `session_affinity` | Enable session affinity. | false | false | None | None | None |
+
+### resources Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `cpu` | Number of CPU cores needed. | false | false | None | None | None |
+| `disk_gb` | Disk size (GB) needed. | false | false | None | None | None |
+| `memory_gb` | Memory (GB) needed. | false | false | None | None | None |
+| `volumes` | List of ports, or port pairs, to forward from the virtual machine to the application container. Structure is [documented below](#nested_resources_volumes). | false | false | None | None | None |
+
+### flexible_runtime_settings Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `operating_system` | Operating System of the application runtime. | false | false | None | None | None |
+| `runtime_version` | The runtime version of an App Engine flexible application. | false | false | None | None | None |
+
+### handlers Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `url_regex` | URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. | false | false | None | None | None |
+| `security_level` | Security (HTTPS) enforcement for this URL. Possible values are: `SECURE_DEFAULT`, `SECURE_NEVER`, `SECURE_OPTIONAL`, `SECURE_ALWAYS`. | false | false | None | None | None |
+| `login` | Methods to restrict access to a URL based on login status. Possible values are: `LOGIN_OPTIONAL`, `LOGIN_ADMIN`, `LOGIN_REQUIRED`. | false | false | None | None | None |
+| `auth_fail_action` | Actions to take when the user is not logged in. Possible values are: `AUTH_FAIL_ACTION_REDIRECT`, `AUTH_FAIL_ACTION_UNAUTHORIZED`. | false | false | None | None | None |
+| `redirect_http_response_code` | 30x code to use when performing redirects for the secure field. Possible values are: `REDIRECT_HTTP_RESPONSE_CODE_301`, `REDIRECT_HTTP_RESPONSE_CODE_302`, `REDIRECT_HTTP_RESPONSE_CODE_303`, `REDIRECT_HTTP_RESPONSE_CODE_307`. | false | false | None | None | None |
+| `script` | Executes a script to handle the requests that match this URL pattern. Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". Structure is [documented below](#nested_handlers_handlers_script). | false | false | None | None | None |
+| `static_files` | Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them. Structure is [documented below](#nested_handlers_handlers_static_files). | false | false | None | None | None |
+
+### api_config Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `auth_fail_action` | Action to take when users access resources that require authentication. Default value is `AUTH_FAIL_ACTION_REDIRECT`. Possible values are: `AUTH_FAIL_ACTION_REDIRECT`, `AUTH_FAIL_ACTION_UNAUTHORIZED`. | false | false | None | None | None |
+| `login` | Level of login required to access this resource. Default value is `LOGIN_OPTIONAL`. Possible values are: `LOGIN_OPTIONAL`, `LOGIN_ADMIN`, `LOGIN_REQUIRED`. | false | false | None | None | None |
+| `script` | Path to the script from the application root directory. | true | false | None | None | None |
+| `security_level` | Security (HTTPS) enforcement for this URL. Possible values are: `SECURE_DEFAULT`, `SECURE_NEVER`, `SECURE_OPTIONAL`, `SECURE_ALWAYS`. | false | false | None | None | None |
+| `url` | URL to serve the endpoint at. | false | false | None | None | None |
+
+### deployment Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `zip` | Zip File Structure is [documented below](#nested_deployment_zip). | false | true | Ensure that source-based deployments utilize versioned objects stored in Google Cloud Storage | None | None |
+| `files` | Manifest of the files stored in Google Cloud Storage that are included as part of this version. All files must be readable using the credentials supplied with this call. Structure is [documented below](#nested_deployment_files). | false | false | individual file-level declarations are redundant when deploying via comprehensive archives or Container Images | None | None |
+| `container` | The Docker image for the container that runs the version. Structure is [documented below](#nested_deployment_container). | false | false | To prevent configuration overlap, as in workflows where source code is the primary artifact the platform automatically generates the container via Cloud Build. | None | None |
+| `cloud_build_options` | Options for the build operations performed as a part of the version deployment. Only applicable when creating a version using source code directly. Structure is [documented below](#nested_deployment_cloud_build_options). | false | false | Build-time configuration is an operational concern distinct from the application's runtime security posture. | None | None |
+
+### endpoints_api_service Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `name` | Endpoints service name which is the name of the "service" resource in the Service Management API. For example "myapi.endpoints.myproject.cloud.goog" | true | false | None | None | None |
+| `config_id` | Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID and is required in this case. Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need the configuration ID. In this case, configId must be omitted. | false | false | None | None | None |
+| `rollout_strategy` | Endpoints rollout strategy. If FIXED, configId must be specified. If MANAGED, configId must be omitted. Default value is `FIXED`. Possible values are: `FIXED`, `MANAGED`. | false | false | None | None | None |
+| `disable_trace_sampling` | Enable or disable trace sampling. By default, this is set to false for enabled. | false | false | None | None | None |
+
+### entrypoint Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `shell` | The format should be a shell command that can be fed to bash -c. | true | true | Enforced to restrict/standardize the scripts executed during the deployment phase | node ./app.js | sudo node ./app.js |
+
+### vpc_access_connector Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `name` | Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. | true | false | None | None | None |
+
+### automatic_scaling Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `cool_down_period` | The time period that the Autoscaler should wait before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. Default: 120s | false | false | Prevents the App Engine autoscaler from reacting to sudden traffic spikes as new instances are ignored until the period ends. | None | None |
+| `cpu_utilization` | Target scaling by CPU usage. Structure is [documented below](#nested_automatic_scaling_cpu_utilization). | true | true | Enforced to establish a standardized trigger for horizontal scaling, which ensures that the system proactively adds capacity before CPU saturation leads to increased request latency/service instability | target_utilization = 0.5 | target_utilization = 0.9 |
+| `max_concurrent_requests` | Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. Defaults to a runtime-specific value. | false | false | Can lead to under-utilisation and higher costs by triggering the creation of new instances before the existing ones are actually CPU/memory constrained. | None | None |
+| `max_idle_instances` | Maximum number of idle instances that should be maintained for this version. | false | false | Autoscaler manages idle instances automatically by default, also manually capping too low can cause performance degradation during volatile traffic spikes. | None | None |
+| `max_total_instances` | Maximum number of instances that should be started to handle requests for this version. Default: 20 | false | false | Avoid denial-of-service scenarios, as the application cannot scale to meet a legitimate traffic surge and resulting in request timeouts/503 errors. | None | None |
+| `max_pending_latency` | Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. | false | false | Forces requests to sit in a queue for too long before the App Engine autoscaler triggers a new instance. | None | None |
+| `min_idle_instances` | Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service. | false | false | To ensure the App Engine autoscaler can ingest performance metrics during traffic surges. | None | None |
+| `min_total_instances` | Minimum number of running instances that should be maintained for this version. Default: 2 | false | false | To ensure of allowing the environment to fully de-provision resources during periods of zero activity. | None | None |
+| `min_pending_latency` | Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. | false | false | Optimal wait time before scaling is highly dependent on a specific workload | None | None |
+| `request_utilization` | Target scaling by request utilization. Structure is [documented below](#nested_automatic_scaling_request_utilization). | false | false | Can be unreliable if request processing times vary whereas relying on CPU utilisation provides a more accurate measure of when an instance is actually working at its limit. | None | None |
+| `disk_utilization` | Target scaling by disk usage. Structure is [documented below](#nested_automatic_scaling_disk_utilization). | false | false | Typically bottlenecked by CPU or memory rather than storage. | None | None |
+| `network_utilization` | Target scaling by network usage. Structure is [documented below](#nested_automatic_scaling_network_utilization). | false | false | Scaling based on data throughput can be highly inconsistent while CPU-based scaling provides a more stable and accurate signal for when an instance is reaching its operational capacity. | None | None |
+
+### manual_scaling Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `instances` | Number of instances to assign to the service at the start. **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 Modules API set_num_instances() you must use `lifecycle.ignore_changes = ["manual_scaling"[0].instances]` to prevent drift detection. | true | false | None | None | None |
+
+### volumes Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `name` | Unique name for the volume. | true | false | None | None | None |
+| `volume_type` | Underlying volume type, e.g. 'tmpfs'. | true | false | None | None | None |
+| `size_gb` | Volume size in gigabytes. | true | false | None | None | None |
+
+### script Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `script_path` | Path to the script from the application root directory. | true | false | None | None | None |
+
+### static_files Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `path` | Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern. | false | false | None | None | None |
+| `upload_path_regex` | Regular expression that matches the file paths for all files that should be referenced by this handler. | false | false | None | None | None |
+| `http_headers` | HTTP headers to use for all responses from these URLs. An object containing a list of "key:value" value pairs.". | false | false | None | None | None |
+| `mime_type` | MIME type used to serve all files served by this handler. Defaults to file-specific MIME types, which are derived from each file's filename extension. | false | false | None | None | None |
+| `expiration` | Time a static file served by this handler should be cached by web proxies and browsers. A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". Default is '0s' | false | false | None | None | None |
+| `require_matching_file` | Whether this handler should match the request if the file referenced by the handler does not exist. | false | false | None | None | None |
+| `application_readable` | Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged against both your code and static data storage resource quotas. | false | false | None | None | None |
+
+### zip Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `source_url` | Source URL | true | true | To ensure that the application's source code is retrieved from a managed version-controlled repository, using an immutable path. | https://storage.googleapis.com/hardhat-bucket/hello-world.zip | invalid.com |
+| `files_count` | files count | false | false | None | None | None |
+
+### files Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `name` |  | false | false | None | None | None |
+| `sha1_sum` | SHA1 checksum of the file | false | false | None | None | None |
+| `source_url` | Source URL | true | false | None | None | None |
+
+### container Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `image` | URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest" | true | false | None | None | None |
+
+### cloud_build_options Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `app_yaml_path` | Path to the yaml file used in deployment, used to determine runtime configuration details. | true | false | None | None | None |
+| `cloud_build_timeout` | The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". | false | false | None | None | None |
+
+### cpu_utilization Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `aggregation_window_length` | Period of time over which CPU utilization is calculated. | false | false | None | None | None |
+| `target_utilization` | Target CPU utilization ratio to maintain when scaling. Must be between 0 and 1. | true | false | None | None | None |
+
+### request_utilization Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `target_request_count_per_second` | Target requests per second. | false | false | None | None | None |
+| `target_concurrent_requests` | Target number of concurrent requests. | false | false | None | None | None |
+
+### disk_utilization Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `target_write_bytes_per_second` | Target bytes written per second. | false | false | None | None | None |
+| `target_write_ops_per_second` | Target ops written per second. | false | false | None | None | None |
+| `target_read_bytes_per_second` | Target bytes read per second. | false | false | None | None | None |
+| `target_read_ops_per_second` | Target ops read per seconds. | false | false | None | None | None |
+
+### network_utilization Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `target_sent_bytes_per_second` | Target bytes sent per second. | false | false | None | None | None |
+| `target_sent_packets_per_second` | Target packets sent per second. | false | false | None | None | None |
+| `target_received_bytes_per_second` | Target bytes received per second. | false | false | None | None | None |
+| `target_received_packets_per_second` | Target packets received per second. | false | false | None | None | None |
diff --git a/docs/gcp/App_Engine/app_engine_service_network_settings.md b/docs/gcp/App_Engine/app_engine_service_network_settings.md
new file mode 100644
index 000000000..2b0d34016
--- /dev/null
+++ b/docs/gcp/App_Engine/app_engine_service_network_settings.md
@@ -0,0 +1,21 @@
+## 🛡️ Policy Deployment Engine: `app_engine_service_network_settings`
+
+This section provides a concise policy evaluation for the `app_engine_service_network_settings` resource in GCP.
+
+Reference: [Terraform Registry – app_engine_service_network_settings](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/app_engine_service_network_settings)
+
+---
+
+## Argument Reference  
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `service` | The name of the service these settings apply to. | true | true | Enforced to establish a verifiable network perimeter at the application layer. | app-internal-service | internal-service |
+| `network_settings` | Ingress settings for this service. Will apply to all versions. Structure is [documented below](#nested_network_settings). | true | true | Enforced to ensure the definition of the fundamental trust boundary of the application | None | None |
+| `project` | If it is not provided, the provider project is used. | false | false | To automatically inherit the provider-level project ID. | None | None |
+
+### network_settings Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `ingress_traffic_allowed` | The ingress settings for version or service. Default value is `INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED`. Possible values are: `INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED`, `INGRESS_TRAFFIC_ALLOWED_ALL`, `INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY`, `INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB`. | false | true | Is enforced to mitigate the risk of direct-to-origin attacks from occurring. By ensuring that the default unshielded App Engine URL is disabled. | INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY | INGRESS_TRAFFIC_ALLOWED_ALL |
diff --git a/docs/gcp/App_Engine/app_engine_service_split_traffic.md b/docs/gcp/App_Engine/app_engine_service_split_traffic.md
new file mode 100644
index 000000000..262c7a7a4
--- /dev/null
+++ b/docs/gcp/App_Engine/app_engine_service_split_traffic.md
@@ -0,0 +1,23 @@
+## 🛡️ Policy Deployment Engine: `app_engine_service_split_traffic`
+
+This section provides a concise policy evaluation for the `app_engine_service_split_traffic` resource in GCP.
+
+Reference: [Terraform Registry – app_engine_service_split_traffic](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/app_engine_service_split_traffic)
+
+---
+
+## Argument Reference  
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `service` | The name of the service these settings apply to. | true | true | To ensure that traffic splitting configurations are explicitly mapped to the correct logical microservice. | hardhat-main-api | generic-api |
+| `split` | Mapping that defines fractional HTTP traffic diversion to different versions within the service. Structure is [documented below](#nested_split). | true | true | To ensure that traffic distribution is managed as code and providing an automated way to transition users to new versions while maintaining a clear record of routing logic. | None | None |
+| `migrate_traffic` | If set to true traffic will be migrated to this version. | false | true | Allowing to ensure the system to warm up new instances and preventing sudden latency spikes for users during a deployment. | false | true |
+| `project` | If it is not provided, the provider project is used. | false | false | To automatically inherit the provider-level project ID. | None | None |
+
+### split Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `shard_by` | Mechanism used to determine which version a request is sent to. The traffic selection algorithm will be stable for either type until allocations are changed. Possible values are: `UNSPECIFIED`, `COOKIE`, `IP`, `RANDOM`. | false | true | To define how traffic is distributed through versions, ensuring that users have a consistent experience by consistently routing them to the same version based on their IP address. | IP | RANDOM |
+| `allocations` | Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits. | true | true | Ensuring to provide precise control over the percentage of traffic directed to specific versions. | v1 = 0.8 v2 = 0.2 | v1 = 0.0 v2 = 1.0 |
diff --git a/docs/gcp/App_Engine/app_engine_standard_app_version.md b/docs/gcp/App_Engine/app_engine_standard_app_version.md
new file mode 100644
index 000000000..bd3e8d572
--- /dev/null
+++ b/docs/gcp/App_Engine/app_engine_standard_app_version.md
@@ -0,0 +1,143 @@
+## 🛡️ Policy Deployment Engine: `app_engine_standard_app_version`
+
+This section provides a concise policy evaluation for the `app_engine_standard_app_version` resource in GCP.
+
+Reference: [Terraform Registry – app_engine_standard_app_version](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/app_engine_standard_app_version)
+
+---
+
+## Argument Reference  
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `runtime` | Desired runtime. Example python27. | true | true | Ensuring the application executes in the correct environment with the specific language version required for its dependencies. | nodejs20 | nodejs10 |
+| `deployment` | Code and application artifacts that make up this version. Structure is [documented below](#nested_deployment). | true | true | To define the specific source code and files that constitute the application version ensuring that Terraform can verify and upload the correct assets to the environment. | None | None |
+| `entrypoint` | The entrypoint for the application. Structure is [documented below](#nested_entrypoint). | true | true | To provide the specific command required to start the application, ensuring that the environment knows how to execute the code, with which port/startup script to initialize. | None | None |
+| `service` | AppEngine service resource | true | true | Ensuring the application is deployed as a specific microservice, allowing for independent scaling and routing logic within the larger App Engine project. | default | unauthorized-app-name |
+| `version_id` | Relative name of the version within the service. For example, `v1`. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,"default", "latest", and any name with the prefix "ah-". | false | false | To automatically generate unique timestamp identifiers for each deployment, inturn preventing naming conflicts and ensuring that new releases do not accidentally overwrite existing versions. | None | None |
+| `service_account` | The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag. | false | false | Having utilise the default App Engine service account, simplifying permission management by leveraging the standard identity provided by the platform for accessing Google Cloud resources. | None | None |
+| `threadsafe` | Whether multiple requests can be dispatched to this version at once. | false | false | Environment to use its default concurrency settings, ensuring the application remains stable and avoids race conditions if the codebase is not optimized for parallel request handling. | None | None |
+| `app_engine_apis` | Allows App Engine second generation runtimes to access the legacy bundled services. | false | false | To ensure the application remains modern and portable | None | None |
+| `runtime_api_version` | The version of the API in the given runtime environment. Please see the app.yaml reference for valid values at `https://cloud.google.com/appengine/docs/standard/<language>/config/appref`\ Substitute `<language>` with `python`, `java`, `php`, `ruby`, `go` or `nodejs`. | false | false | The application utilises a second-generation runtime where the API version is automatically managed by the platform, ensuring the environment always uses the most compatible interface without manual intervention. | None | None |
+| `handlers` | An ordered list of URL-matching patterns that should be applied to incoming requests. The first matching URL handles the request and other request handlers are not attempted. Structure is [documented below](#nested_handlers). | false | false | For a more flexible and unified approach to request handling without platform-specific configuration. | None | None |
+| `libraries` | Configuration for third-party Python runtime libraries that are required by the application. Structure is [documented below](#nested_libraries). | false | false | Uses a second-generation runtime that manages dependencies through standard package managers. | None | None |
+| `env_variables` | Environment variables available to the application. | false | false | Avoid hardcoding sensitive/environment-specific data in the deployment manifest. | None | None |
+| `vpc_access_connector` | Enables VPC connectivity for standard apps. Structure is [documented below](#nested_vpc_access_connector). | false | false | interacts with public APIs/managed services that do not require a private connection to a Virtual Private Cloud which reduces infrastructure complexity. | None | None |
+| `inbound_services` | A list of the types of messages that this application is able to receive. Each value may be one of: `INBOUND_SERVICE_MAIL`, `INBOUND_SERVICE_MAIL_BOUNCE`, `INBOUND_SERVICE_XMPP_ERROR`, `INBOUND_SERVICE_XMPP_MESSAGE`, `INBOUND_SERVICE_XMPP_SUBSCRIBE`, `INBOUND_SERVICE_XMPP_PRESENCE`, `INBOUND_SERVICE_CHANNEL_PRESENCE`, `INBOUND_SERVICE_WARMUP`. | false | false | Does not require specialised App Engine-specific features, allowing it to remain a standard web service with a smaller configuration footprint. | None | None |
+| `instance_class` | Instance class that is used to run this version. Valid values are AutomaticScaling: F1, F2, F4, F4_1G BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. | false | true | Defined to ensure the application has the specific CPU and memory resources required for its workload. | F1 | F2 |
+| `automatic_scaling` | Automatic scaling is based on request rate, response latencies, and other application metrics. Structure is [documented below](#nested_automatic_scaling). | false | false | To prevent the application from scaling up to aggressively during minor traffic fluctuations. | None | None |
+| `basic_scaling` | Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity. Structure is [documented below](#nested_basic_scaling). | false | false | Avoid the latency delays in relation with starting instances from zero after periods of inactivity. | None | None |
+| `manual_scaling` | A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. Structure is [documented below](#nested_manual_scaling). | false | false | To ensure the system can instead respond dynamically to traffic changes without the risk of over-provisioning/service outages during unexpected load. | None | None |
+| `project` | If it is not provided, the provider project is used. | false | false | To automatically inherit the provider-level project ID. | None | None |
+| `noop_on_destroy` | If set to true, the application version will not be deleted. | false | false | To ensure Terraform can fully decommission the application version. | None | None |
+| `delete_service_on_destroy` | If set to true, the service will be deleted if it is the last version. | false | false | Prevent the accidental removal of the entire service and its versions when a specific version is decommissioned. | None | None |
+| `zip` | Zip | false | true | Provides a direct way to package the application's source code. | None | None |
+| `files` |  | false | false | None | None | None |
+| `script` |  | false | false | None | None | None |
+| `static_files` |  | false | false | None | None | None |
+| `standard_scheduler_settings` |  | false | false | None | None | None |
+
+### deployment Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `zip` | Zip File Structure is [documented below](#nested_deployment_zip). | false | true | Provides a direct way to package the application's source code. | None | None |
+| `files` | Manifest of the files stored in Google Cloud Storage that are included as part of this version. All files must be readable using the credentials supplied with this call. Structure is [documented below](#nested_deployment_files). | false | false | To simplify the configuration and ensure that the application package is deployed as a single consistent unit rather than managing individual file paths manually. | None | None |
+
+### entrypoint Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `shell` | The format should be a shell command that can be fed to bash -c. | true | true | To define the startup command, as it allows for the execution of complex scripts/multiple commands within the standard shell environment. | node ./app.js | bash ./app.js |
+
+### handlers Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `url_regex` | URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. | false | false | None | None | None |
+| `security_level` | Security (HTTPS) enforcement for this URL. Possible values are: `SECURE_DEFAULT`, `SECURE_NEVER`, `SECURE_OPTIONAL`, `SECURE_ALWAYS`. | false | false | None | None | None |
+| `login` | Methods to restrict access to a URL based on login status. Possible values are: `LOGIN_OPTIONAL`, `LOGIN_ADMIN`, `LOGIN_REQUIRED`. | false | false | None | None | None |
+| `auth_fail_action` | Actions to take when the user is not logged in. Possible values are: `AUTH_FAIL_ACTION_REDIRECT`, `AUTH_FAIL_ACTION_UNAUTHORIZED`. | false | false | None | None | None |
+| `redirect_http_response_code` | 30x code to use when performing redirects for the secure field. Possible values are: `REDIRECT_HTTP_RESPONSE_CODE_301`, `REDIRECT_HTTP_RESPONSE_CODE_302`, `REDIRECT_HTTP_RESPONSE_CODE_303`, `REDIRECT_HTTP_RESPONSE_CODE_307`. | false | false | None | None | None |
+| `script` | Executes a script to handle the requests that match this URL pattern. Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". Structure is [documented below](#nested_handlers_handlers_script). | false | false | None | None | None |
+| `static_files` | Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them. Structure is [documented below](#nested_handlers_handlers_static_files). | false | false | None | None | None |
+
+### libraries Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `name` | Name of the library. Example "django". | false | false | None | None | None |
+| `version` | Version of the library to select, or "latest". | false | false | None | None | None |
+
+### vpc_access_connector Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `name` | Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. | true | false | None | None | None |
+| `egress_setting` | The egress setting for the connector, controlling what traffic is diverted through it. | false | false | None | None | None |
+
+### automatic_scaling Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `max_concurrent_requests` | Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. Defaults to a runtime-specific value. | false | false | None | None | None |
+| `max_idle_instances` | Maximum number of idle instances that should be maintained for this version. | false | false | None | None | None |
+| `max_pending_latency` | Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". | false | false | None | None | None |
+| `min_idle_instances` | Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service. | false | false | None | None | None |
+| `min_pending_latency` | Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". | false | false | None | None | None |
+| `standard_scheduler_settings` | Scheduler settings for standard environment. Structure is [documented below](#nested_automatic_scaling_standard_scheduler_settings). | false | false | None | None | None |
+
+### basic_scaling Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `idle_timeout` | Duration of time after the last request that an instance must wait before the instance is shut down. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. | false | false | None | None | None |
+| `max_instances` | Maximum number of instances to create for this version. Must be in the range [1.0, 200.0]. | true | false | None | None | None |
+
+### manual_scaling Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `instances` | Number of instances to assign to the service at the start. **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 Modules API set_num_instances() you must use `lifecycle.ignore_changes = ["manual_scaling"[0].instances]` to prevent drift detection. | true | false | None | None | None |
+
+### zip Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `source_url` | Source URL | true | true | Ensuring that the deployment process uses a verified artifact that is consistent across all environments. | https://storage.googleapis.com/appengine-static-content/hello-world.zip | https://storage.googleapis.com/malicious-bucket/exploit.zip |
+| `files_count` | files count | false | false | None | None | None |
+
+### files Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `name` |  | false | false | None | None | None |
+| `sha1_sum` | SHA1 checksum of the file | false | false | None | None | None |
+| `source_url` | Source URL | true | false | None | None | None |
+
+### script Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `script_path` | Path to the script from the application root directory. | true | false | None | None | None |
+
+### static_files Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `path` | Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern. | false | false | None | None | None |
+| `upload_path_regex` | Regular expression that matches the file paths for all files that should be referenced by this handler. | false | false | None | None | None |
+| `http_headers` | HTTP headers to use for all responses from these URLs. An object containing a list of "key:value" value pairs.". | false | false | None | None | None |
+| `mime_type` | MIME type used to serve all files served by this handler. Defaults to file-specific MIME types, which are derived from each file's filename extension. | false | false | None | None | None |
+| `expiration` | Time a static file served by this handler should be cached by web proxies and browsers. A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". | false | false | None | None | None |
+| `require_matching_file` | Whether this handler should match the request if the file referenced by the handler does not exist. | false | false | None | None | None |
+| `application_readable` | Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged against both your code and static data storage resource quotas. | false | false | None | None | None |
+
+### standard_scheduler_settings Block
+
+| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant |
+|----------|-------------|----------|-----------------|-----------|-----------|---------------|
+| `target_cpu_utilization` | Target CPU utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value. | false | false | None | None | None |
+| `target_throughput_utilization` | Target throughput utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value. | false | false | None | None | None |
+| `min_instances` | Minimum number of instances to run for this version. Set to zero to disable minInstances configuration. | false | false | None | None | None |
+| `max_instances` | Maximum number of instances to run for this version. Set to zero to disable maxInstances configuration. **Note:** Starting from March 2025, App Engine sets the maxInstances default for standard environment deployments to 20. This change doesn't impact existing apps. To override the default, specify a new value between 0 and 2147483647, and deploy a new version or redeploy over an existing version. To disable the maxInstances default configuration setting, specify the maximum permitted value 2147483647. | false | false | None | None | None |
diff --git a/docs/gcp/App_Engine/resource_json/app_engine_application.json b/docs/gcp/App_Engine/resource_json/app_engine_application.json
index f084e39a7..45df4c175 100644
--- a/docs/gcp/App_Engine/resource_json/app_engine_application.json
+++ b/docs/gcp/App_Engine/resource_json/app_engine_application.json
@@ -4,92 +4,101 @@
   "arguments": {
     "project": {
       "description": "~>**NOTE:** GCP only accepts project ID, not project number. If you are using number, you may get a \"Permission denied\" error.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "required": true,
+      "security_impact": true,
+      "rationale": "To enforce the use of Project IDs over Project Numbers to prevent API resolution failures and (Permission Denied) errors during deployment.",
+      "compliant": "gcp-project-12345",
+      "non-compliant": "123456789",
       "parent": null
     },
     "location_id": {
-      "description": "to serve the app from.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "description": "The location to serve the app from.",
+      "required": true,
+      "security_impact": true,
+      "rationale": "To esnure data residency compliance, prevents deployment to unauthorized regions, as App Engine locations cannot be changed once set.",
+      "compliant": "australia-southeast1",
+      "non-compliant": "europe-west1",
       "parent": null
     },
     "auth_domain": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "description": "The domain to authenticate users with when using App Engine's User API.",
+      "required": false,
+      "security_impact": false,
+      "rationale": "Modern identity management is handled via Identity-Aware Proxy IAP), making the legacy domain setting redundant for security enforcement.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
     },
     "database_type": {
       "description": "Can be `CLOUD_FIRESTORE` or `CLOUD_DATASTORE_COMPATIBILITY` for new instances.  To support old instances, the value `CLOUD_DATASTORE` is accepted by the provider, but will be rejected by the API. To create a Cloud Firestore database without creating an App Engine application, use the [`google_firestore_database`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/firestore_database) resource instead.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "required": false,
+      "security_impact": true,
+      "rationale": "To enforce the selection of Cloud Firestore so the application uses Google's latest scalable database technology with modern security and consistency features.",
+      "compliant": "CLOUD_FIRESTORE",
+      "non-compliant": "CLOUD_DATASTORE_COMPATIBILITY",
       "parent": null
     },
     "serving_status": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "description": "The serving status of the app.",
+      "required": false,
+      "security_impact": true,
+      "rationale": "Ensures applications are deployed in an active state and prevents accidental service outages caused by manual or uncoordinated status overrides.",
+      "compliant": "SERVING",
+      "non-compliant": "USER_DISABLED",
       "parent": null
     },
     "feature_settings": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "description": "A block of optional settings to configure specific App Engine features:",
+      "required": false,
+      "security_impact": true,
+      "rationale": "to enforce the use of modern split health checks to ensure precise monitoring of application readiness and liveness, replacing legacy combined health checks.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
     },
     "split_health_checks": {
-      "description": "and liveness checks.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
-      "parent": null
+      "description": "Set to false to use the legacy health check instead of the readiness and liveness checks.",
+      "required": true,
+      "security_impact": true,
+      "rationale": "Enables the separation of readiness and liveness probes to improve deployment reliability and prevent traffic from being routed to instances that are still initializing.",
+      "compliant": "split_health_checks = true",
+      "non-compliant": "split_health_checks = false",
+      "parent": "feature_settings"
     },
     "iap": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "description": "Settings for enabling Cloud Identity Aware Proxy",
+      "required": false,
+      "security_impact": true,
+      "rationale": "Enforces Identity-Aware Proxy to establish a Zero Trust security layer, ensuring that only authenticated and authorized users can access the application, regardless of network location.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
     },
     "oauth2_client_id": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
-      "parent": null
+      "description": "OAuth2 client ID to use for the authentication flow.",
+      "required": true,
+      "security_impact": true,
+      "rationale": "Mandates a valid OAuth2 Client ID to securely link the IAP to the organization's identity provider, ensuring only verified corporate credentials can grant access.",
+      "compliant": "12345.apps.googleusercontent.com",
+      "non-compliant": "incorrect-id.apps.googleusercontent.com",
+      "parent": "iap"
     },
     "oauth2_client_secret": {
-      "description": "The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "description": "OAuth2 client secret to use for the authentication flow. The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.",
+      "required": true,
+      "security_impact": true,
+      "rationale": "Ensures the authenticity of the handshake between Google Cloud and the Identity Provider to prevent man-in-the-middle attacks/unauthorized identity spoofing.",
+      "compliant": "GOCSPX-abc123def456_actual_secret",
+      "non-compliant": "12345",
+      "parent": "iap"
+    },
+    "ssl_policy": {
+      "description": "A list of the SSL policy that will be applied. Each block has a SSL_POLICY_UNSPECIFIED, DEFAULT, and MODERN field.",
+      "required": false,
+      "security_impact": true,
+      "rationale": "To enforce secure managed SSL certificates to ensure all data in transit is encrypted using modern protocols and to prevent service outages caused by manual certificate expiration.",
+      "compliant": "AUTOMATIC",
+      "non-compliant": "MANUAL",
       "parent": null
     }
   }
diff --git a/docs/gcp/App_Engine/resource_json/app_engine_application_url_dispatch_rules.json b/docs/gcp/App_Engine/resource_json/app_engine_application_url_dispatch_rules.json
index 020b45eb6..d0257f953 100644
--- a/docs/gcp/App_Engine/resource_json/app_engine_application_url_dispatch_rules.json
+++ b/docs/gcp/App_Engine/resource_json/app_engine_application_url_dispatch_rules.json
@@ -5,8 +5,8 @@
     "dispatch_rules": {
       "description": "Rules to match an HTTP request and dispatch that request to a service. Structure is [documented below](#nested_dispatch_rules).",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "Establishes centralized routing logic to ensure requests are directed to the correct microservices based on URL patterns, preventing leaky traffic/unauthorized cross-service access.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -14,37 +14,37 @@
         "domain": {
           "description": "Domain name to match against. The wildcard \"*\" is supported if specified before a period: \"*.\". Defaults to matching all domains: \"*\".",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "To enforce strict hostname mapping to ensure traffic is only routed through approved domains, preventing 'Host Header Injection' and ensuring cross-site requests are properly isolated.",
+          "compliant": "hardhat.pythonanywhere.com",
+          "non-compliant": "invalid-domain.com",
           "parent": "dispatch_rules"
         },
         "path": {
           "description": "Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path. The sum of the lengths of the domain and path may not exceed 100 characters.",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "To define explicit URL patterns to ensure sensitive application paths are strictly mapped to their intended microservices, preventing accidental exposure of internal endpoints",
+          "compliant": "/*",
+          "non-compliant": "admin/*",
           "parent": "dispatch_rules"
         },
         "service": {
           "description": "Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path. The sum of the lengths of the domain and path may not exceed 100 characters.",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "To enforce explicit mapping of URL patterns to specific microservices to ensure architectural isolation and prevent traffic from falling back to a service that may not have the appropriate security context/permissions",
+          "compliant": "default",
+          "non-compliant": "unauthorized-service",
           "parent": "dispatch_rules"
         }
       }
     },
     "project": {
       "description": "If it is not provided, the provider project is used.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "required": false,
+      "security_impact": false,
+      "rationale": "Unnecessary as it defaults to the provider-level project configuration if it is not provided, ensuring the resource is naturally governed by the existing project-level access controls.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
diff --git a/docs/gcp/App_Engine/resource_json/app_engine_domain_mapping.json b/docs/gcp/App_Engine/resource_json/app_engine_domain_mapping.json
index bbd1fb750..41d797ed7 100644
--- a/docs/gcp/App_Engine/resource_json/app_engine_domain_mapping.json
+++ b/docs/gcp/App_Engine/resource_json/app_engine_domain_mapping.json
@@ -5,17 +5,17 @@
     "domain_name": {
       "description": "Relative name of the domain serving the application. Example: example.com.",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "To enforce the use of verified domains to prevent unauthorized shadow branding and ensure all application traffic is protected by corporate-standard SSL/TLS configurations",
+      "compliant": "hardhatenterprises.com",
+      "non-compliant": "unverified-domain.com",
       "parent": null
     },
     "ssl_settings": {
       "description": "SSL configuration for this domain. If unconfigured, this domain will not serve with SSL. Structure is [documented below](#nested_ssl_settings).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "Mandates the use of managed SSL settings to guarantee that all custom domain traffic is encrypted via TLS and to eliminate the risk of service downtime caused by expired manual certificates",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -23,8 +23,8 @@
         "certificate_id": {
           "description": "ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will remove SSL support. By default, a managed certificate is automatically created for every domain mapping. To omit SSL support or to configure SSL manually, specify `SslManagementType.MANUAL` on a `CREATE` or `UPDATE` request. You must be authorized to administer the `AuthorizedCertificate` resource to manually map it to a DomainMapping resource. Example: 12345.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Mandating/managing specific certificate IDs manually increases operational overhead and introduces the risk of service outages due to manual renewal failures.",
           "compliant": null,
           "non-compliant": null,
           "parent": "ssl_settings"
@@ -32,17 +32,17 @@
         "ssl_management_type": {
           "description": "SSL management type for this domain. If `AUTOMATIC`, a managed certificate is automatically provisioned. If `MANUAL`, `certificateId` must be manually specified in order to configure SSL for this domain. Possible values are: `AUTOMATIC`, `MANUAL`.",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "Mandates 'AUTOMATIC' SSL management to utilise Google's managed certificate authority, ensuring renewals and the use of modern cryptographic protocols without human intervention.",
+          "compliant": "AUTOMATIC",
+          "non-compliant": "MANUAL",
           "parent": "ssl_settings"
         },
         "pending_managed_certificate_id": {
           "description": "(Output) ID of the managed `AuthorizedCertificate` resource currently being provisioned, if applicable. Until the new managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the provisioning process completes, the `certificateId` field will reflect the new managed certificate and this field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the `certificateId` field with an update request.",
           "required": null,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Is a read-only output attribute managed by Google Cloud, represents a transient state during certificate provisioning and cannot be influenced/configured by the user.",
           "compliant": null,
           "non-compliant": null,
           "parent": "ssl_settings"
@@ -52,17 +52,17 @@
     "override_strategy": {
       "description": "Whether the domain creation should override any existing mappings for this domain. By default, overrides are rejected. Default value is `STRICT`. Possible values are: `STRICT`, `OVERRIDE`.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "to enforce a clear resolution strategy for domain mapping conflicts to prevent accidental hijacking of custom domains from other projects and ensure predictable routing behavior.",
+      "compliant": "STRICT",
+      "non-compliant": "OVERRIDE",
       "parent": null
     },
     "project": {
       "description": "If it is not provided, the provider project is used.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "required": false,
+      "security_impact": false,
+      "rationale": "It is a standard provider-inherited field as the resource is inherently constrained by the project-level permissions and deployment context of the authenticated service account.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
diff --git a/docs/gcp/App_Engine/resource_json/app_engine_firewall_rule.json b/docs/gcp/App_Engine/resource_json/app_engine_firewall_rule.json
index 948e356a8..d27a50455 100644
--- a/docs/gcp/App_Engine/resource_json/app_engine_firewall_rule.json
+++ b/docs/gcp/App_Engine/resource_json/app_engine_firewall_rule.json
@@ -5,26 +5,26 @@
     "source_range": {
       "description": "IP address or range, defined using CIDR notation, of requests that this rule applies to.",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "Enforces strict IP CIDR boundaries to minimize the application's attack surface by ensuring only trusted networks or specific geographic IP ranges can interact with the App Engine environment.",
+      "compliant": "192.168.1.0/24",
+      "non-compliant": "*",
       "parent": null
     },
     "action": {
       "description": "The action to take if this rule matches. Possible values are: `UNSPECIFIED_ACTION`, `ALLOW`, `DENY`.",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "Is the explicit binary outcome for a network request, ensuring that the firewall behaves as a definitive gatekeeper rather than allowing traffic to pass through ambiguity.",
+      "compliant": "ALLOW",
+      "non-compliant": "DENY",
       "parent": null
     },
     "description": {
       "description": "An optional string description of this rule.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Is an informative field that does not influence the network logic/security enforcement of the firewall rule.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -32,17 +32,17 @@
     "priority": {
       "description": "A positive integer that defines the order of rule evaluation. Rules with the lowest priority are evaluated first. A default rule at priority Int32.MaxValue matches all IPv4 and IPv6 traffic when no previous rule matches. Only the action of this rule can be modified by the user.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "Enforces an ordering of firewall rules to ensure that specific security 'Allow' or 'Deny' logic is evaluated in the correct sequence.",
+      "compliant": "1000",
+      "non-compliant": "2147483647",
       "parent": null
     },
     "project": {
       "description": "If it is not provided, the provider project is used.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "required": false,
+      "security_impact": false,
+      "rationale": "Is automatically constrained by the Google provider's project configuration, ensuring that firewall rules are strictly applied to the intended environment without manual entry.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
diff --git a/docs/gcp/App_Engine/resource_json/app_engine_flexible_app_version.json b/docs/gcp/App_Engine/resource_json/app_engine_flexible_app_version.json
index 168a34b2e..32f80910e 100644
--- a/docs/gcp/App_Engine/resource_json/app_engine_flexible_app_version.json
+++ b/docs/gcp/App_Engine/resource_json/app_engine_flexible_app_version.json
@@ -5,17 +5,17 @@
     "runtime": {
       "description": "Desired runtime. Example python27.",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "To ensure the application environment is patched against known vulnerabilities and remains compatible with organizational security tooling.",
+      "compliant": "nodejs",
+      "non-compliant": "python27",
       "parent": null
     },
     "readiness_check": {
       "description": "Configures readiness health checking for instances. Unhealthy instances are not put into the backend traffic rotation. Structure is [documented below](#nested_readiness_check).",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "Mandates the configuration of health probes to ensure that the load balancer only routes traffic to fully initialized and healthy instances which prevents errors and ensures correct deployments.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -23,17 +23,17 @@
         "path": {
           "description": "The request path.",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "to enforce a specific dedicated health endpoint to ensure the load balancer validates the actual readiness of the application logic rather than just the availability of the web server/static landing page.",
+          "compliant": "/",
+          "non-compliant": "/invalid-path",
           "parent": "readiness_check"
         },
         "host": {
           "description": "Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "App Engine routes health checks to the instance's internal IP, defining a host header is unnecessary and can inadvertently bypass internal security controls if misconfigured.",
           "compliant": null,
           "non-compliant": null,
           "parent": "readiness_check"
@@ -41,17 +41,17 @@
         "failure_threshold": {
           "description": "Number of consecutive failed checks required before removing traffic. Default: 2.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "Configures the specific tolerance level for failed health probes to prevent flapping.",
+          "compliant": "failure_threshold = 4",
+          "non-compliant": "failure_threshold = 0",
           "parent": "readiness_check"
         },
         "success_threshold": {
           "description": "Number of consecutive successful checks required before receiving traffic. Default: 2.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Google Cloud default is sufficiently conservative to prevent flapping and ensures an instance is stable before it is reintroduced to the load balancer.",
           "compliant": null,
           "non-compliant": null,
           "parent": "readiness_check"
@@ -59,8 +59,8 @@
         "check_interval": {
           "description": "Interval between health checks.  Default: \"5s\".",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "As Google-managed default provides an optimal balance between rapid failure detection and the reduction of unnecessary noise.",
           "compliant": null,
           "non-compliant": null,
           "parent": "readiness_check"
@@ -68,17 +68,17 @@
         "timeout": {
           "description": "Time before the check is considered failed. Default: \"4s\"",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "Enforces a strict upper limit on how long a health probe can wait for a response to ensure that stalled requests are terminated quickly to prevent them from clogging the application's request queue.",
+          "compliant": "4s",
+          "non-compliant": "30s",
           "parent": "readiness_check"
         },
         "app_start_timeout": {
           "description": "A maximum time limit on application initialization, measured from moment the application successfully replies to a healthcheck until it is ready to serve traffic. Default: \"300s\"",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Application initialization times vary drastically based on language runtime, dependency loading, and cache warming requirements.",
           "compliant": null,
           "non-compliant": null,
           "parent": "readiness_check"
@@ -88,8 +88,8 @@
     "liveness_check": {
       "description": "Health checking configuration for VM instances. Unhealthy instances are killed and replaced with new instances. Structure is [documented below](#nested_liveness_check).",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "Enforces the configuration of liveness probes to detect deadlocked/zombie processes that are running but no longer functional, allowing the platform to automatically restart the instance and restore service health.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -97,17 +97,17 @@
         "path": {
           "description": "The request path.",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "To enforce a specific dedicated health endpoint to ensure the load balancer validates the actual readiness of the application logic rather than just the availability of the web server/static landing page.",
+          "compliant": "/",
+          "non-compliant": "/invalid-path",
           "parent": "liveness_check"
         },
         "host": {
-          "description": "Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"",
+         "description": "Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "App Engine routes health checks to the instance's internal IP, defining a host header is unnecessary and can inadvertently bypass internal security controls if misconfigured.",
           "compliant": null,
           "non-compliant": null,
           "parent": "liveness_check"
@@ -115,17 +115,17 @@
         "failure_threshold": {
           "description": "Number of consecutive failed checks required before considering the VM unhealthy. Default: 4.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "Configures the specific tolerance level for failed health probes to prevent flapping.",
+          "compliant": "failure_threshold = 4",
+          "non-compliant": "failure_threshold = 0",
           "parent": "liveness_check"
         },
         "success_threshold": {
           "description": "Number of consecutive successful checks required before considering the VM healthy. Default: 2.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Google Cloud default is sufficiently conservative to prevent flapping and ensures an instance is stable before it is reintroduced to the load balancer.",
           "compliant": null,
           "non-compliant": null,
           "parent": "liveness_check"
@@ -133,8 +133,8 @@
         "check_interval": {
           "description": "Interval between health checks.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "As Google-managed default provides an optimal balance between rapid failure detection and the reduction of unnecessary noise.",
           "compliant": null,
           "non-compliant": null,
           "parent": "liveness_check"
@@ -142,17 +142,17 @@
         "timeout": {
           "description": "Time before the check is considered failed. Default: \"4s\"",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "Enforces a strict upper limit on how long a health probe can wait for a response to ensure that stalled requests are terminated quickly to prevent them from clogging the application's request queue.",
+          "compliant": "4s",
+          "non-compliant": "30s",
           "parent": "liveness_check"
         },
         "initial_delay": {
           "description": "The initial delay before starting to execute the checks. Default: \"300s\"",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Enforcing a universal delay could lead to premature restarts of slow-starting but healthy applications.",
           "compliant": null,
           "non-compliant": null,
           "parent": "liveness_check"
@@ -162,17 +162,17 @@
     "service": {
       "description": "AppEngine service resource. Can contain numbers, letters, and hyphens.",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "Enforces explicit service naming to ensure that application components are logically isolated, preventing accidental resource overwrites.",
+      "compliant": "default",
+      "non-compliant": "unauthorized-app",
       "parent": null
     },
     "version_id": {
       "description": "Relative name of the version within the service. For example, `v1`. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "to allow CI/CD pipelines to dynamically generate unique identifiers, which is essential for maintaining an immutable audit trail and enabling safe rollbacks.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -180,8 +180,8 @@
     "inbound_services": {
       "description": "A list of the types of messages that this application is able to receive. Each value may be one of: `INBOUND_SERVICE_MAIL`, `INBOUND_SERVICE_MAIL_BOUNCE`, `INBOUND_SERVICE_XMPP_ERROR`, `INBOUND_SERVICE_XMPP_MESSAGE`, `INBOUND_SERVICE_XMPP_SUBSCRIBE`, `INBOUND_SERVICE_XMPP_PRESENCE`, `INBOUND_SERVICE_CHANNEL_PRESENCE`, `INBOUND_SERVICE_WARMUP`.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "As primarily used to enable legacy App Engine services which are largely deprecated/irrelevant in the Flexible Environment, security for incoming traffic is instead governed by modern network and firewall policies.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -189,8 +189,8 @@
     "instance_class": {
       "description": "Instance class that is used to run this version. Valid values are AutomaticScaling: F1, F2, F4, F4_1G ManualScaling: B1, B2, B4, B8, B4_1G Defaults to F1 for AutomaticScaling and B1 for ManualScaling.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "It is a legacy parameter exclusive to the App Engine Standard environment.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -198,8 +198,8 @@
     "network": {
       "description": "Extra network settings Structure is [documented below](#nested_network).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "App Engine Flexible automatically defaults to the 'default' VPC with managed settings and primary network security is better governed at the VPC and Firewall levels rather than through individual resource declarations.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -263,8 +263,8 @@
     "resources": {
       "description": "Machine resources for a version. Structure is [documented below](#nested_resources).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "The hardware requirements are tied to the specific application's performance profile, imposing constraints would prevent right-sizing and could lead to resource starvation/unnecessary cloud spend.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -310,8 +310,8 @@
     "runtime_channel": {
       "description": "The channel of the runtime to use. Only available for some runtimes.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "The platform defaults to the stable channel which ensures that applications run on production-ready environment binaries without requiring manual intervention or the risk of using experimental preview features.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -319,8 +319,8 @@
     "flexible_runtime_settings": {
       "description": "Runtime settings for App Engine flexible environment. Structure is [documented below](#nested_flexible_runtime_settings).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "The settings are highly specific to individual language runtimes and typically govern performance tuning/debugging than compliance boundaries.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -348,8 +348,8 @@
     "beta_settings": {
       "description": "Metadata settings that are supplied to this version to enable beta runtime features.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Parameters are intended for temporary experimental features that are not yet part of the stable API.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -357,8 +357,8 @@
     "serving_status": {
       "description": "Current serving status of this version. Only the versions with a SERVING status create instances and can be billed. Default value is `SERVING`. Possible values are: `SERVING`, `STOPPED`.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "As it governs the operational state of a version which must remain dynamic to allow automated deployments, traffic splitting and manual emergency interventions without triggering policy violations.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -366,8 +366,8 @@
     "runtime_api_version": {
       "description": "The version of the API in the given runtime environment. Please see the app.yaml reference for valid values at `https://cloud.google.com/appengine/docs/standard/<language>/config/appref`\\ Substitute `<language>` with `python`, `java`, `php`, `ruby`, `go` or `nodejs`.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "As managed internally by the selected runtime, enforcing a specific API version at the policy level would create unnecessary coupling between infrastructure code and language-specific internals.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -375,8 +375,8 @@
     "handlers": {
       "description": "An ordered list of URL-matching patterns that should be applied to incoming requests. The first matching URL handles the request and other request handlers are not attempted. Structure is [documented below](#nested_handlers).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Flexible Environment is container-based where routing and static file handling are managed internally by the application's web server.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -449,8 +449,8 @@
     "runtime_main_executable_path": {
       "description": "The path or name of the app's main executable.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Within a containerized Flexible environment the execution logic is better governed by the entrypoint or the container's internal configuration and enforcing a path would break standard deployment conventions for multi-language microservices.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -458,8 +458,8 @@
     "service_account": {
       "description": "The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "To allow developers to assign unique least-privileged identities to each microservice",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -467,8 +467,8 @@
     "api_config": {
       "description": "Serving configuration for Google Cloud Endpoints. Structure is [documented below](#nested_api_config).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Is a legacy configuration for Google Cloud Endpoints Frameworks, this block would not be utilised.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -523,8 +523,8 @@
     "env_variables": {
       "description": "Environment variables available to the application.  As these are not returned in the API request, Terraform will not detect any changes made outside of the Terraform config.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Intrinsic to the application's runtime logic.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -532,8 +532,8 @@
     "default_expiration": {
       "description": "Duration that static files should be cached by web proxies and browsers. Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Cache-control requirements are dictated by the specific nature of the application's static assets.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -541,8 +541,8 @@
     "nobuild_files_regex": {
       "description": "Files that match this pattern will not be built into this version. Only applicable for Go runtimes.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "File exclusion is more effectively managed via standardized version control ignore files and container-specific exclusion files.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -550,8 +550,8 @@
     "deployment": {
       "description": "Code and application artifacts that make up this version. Structure is [documented below](#nested_deployment).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "Is enforced to ensure that every application version is derived from a verified immutable source (such as a specific container image or source code hash).",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -559,8 +559,8 @@
         "zip": {
           "description": "Zip File Structure is [documented below](#nested_deployment_zip).",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": true,
+          "rationale": "Ensure that source-based deployments utilize versioned objects stored in Google Cloud Storage",
           "compliant": null,
           "non-compliant": null,
           "parent": "deployment"
@@ -568,8 +568,8 @@
         "files": {
           "description": "Manifest of the files stored in Google Cloud Storage that are included as part of this version. All files must be readable using the credentials supplied with this call. Structure is [documented below](#nested_deployment_files).",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "individual file-level declarations are redundant when deploying via comprehensive archives or Container Images",
           "compliant": null,
           "non-compliant": null,
           "parent": "deployment"
@@ -577,8 +577,8 @@
         "container": {
           "description": "The Docker image for the container that runs the version. Structure is [documented below](#nested_deployment_container).",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "To prevent configuration overlap, as in workflows where source code is the primary artifact the platform automatically generates the container via Cloud Build.",
           "compliant": null,
           "non-compliant": null,
           "parent": "deployment"
@@ -586,8 +586,8 @@
         "cloud_build_options": {
           "description": "Options for the build operations performed as a part of the version deployment. Only applicable when creating a version using source code directly. Structure is [documented below](#nested_deployment_cloud_build_options).",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Build-time configuration is an operational concern distinct from the application's runtime security posture.",
           "compliant": null,
           "non-compliant": null,
           "parent": "deployment"
@@ -597,8 +597,8 @@
     "endpoints_api_service": {
       "description": "Code and application artifacts that make up this version. Structure is [documented below](#nested_endpoints_api_service).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "API management via Cloud Endpoints is a separate service layer with its own lifecycle.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -644,8 +644,8 @@
     "entrypoint": {
       "description": "The entrypoint for the application. Structure is [documented below](#nested_entrypoint).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "Enforced to ensure that the application starts using a predefined command-string that adheres to organizational standards",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -653,10 +653,10 @@
         "shell": {
           "description": "The format should be a shell command that can be fed to bash -c.",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "Enforced to restrict/standardize the scripts executed during the deployment phase",
+          "compliant": "node ./app.js",
+          "non-compliant": "sudo node ./app.js",
           "parent": "entrypoint"
         }
       }
@@ -664,8 +664,8 @@
     "vpc_access_connector": {
       "description": "Enables VPC connectivity for standard apps. Structure is [documented below](#nested_vpc_access_connector).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "To allow for architectural flexibility, while Serverless VPC Access is required for internal-only communication, as not all workloads require connectivity to VPC-hosted resources.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -684,8 +684,8 @@
     "automatic_scaling": {
       "description": "Automatic scaling is based on request rate, response latencies, and other application metrics. Structure is [documented below](#nested_automatic_scaling).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "Enforced to ensure that every service can respond to traffic fluctuations while maintaining strict guardrails on resource consumption.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -693,8 +693,8 @@
         "cool_down_period": {
           "description": "The time period that the Autoscaler should wait before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. Default: 120s",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Prevents the App Engine autoscaler from reacting to sudden traffic spikes as new instances are ignored until the period ends.",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -702,17 +702,17 @@
         "cpu_utilization": {
           "description": "Target scaling by CPU usage. Structure is [documented below](#nested_automatic_scaling_cpu_utilization).",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "Enforced to establish a standardized trigger for horizontal scaling, which ensures that the system proactively adds capacity before CPU saturation leads to increased request latency/service instability",
+          "compliant": "target_utilization = 0.5",
+          "non-compliant": "target_utilization = 0.9",
           "parent": "automatic_scaling"
         },
         "max_concurrent_requests": {
           "description": "Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. Defaults to a runtime-specific value.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Can lead to under-utilisation and higher costs by triggering the creation of new instances before the existing ones are actually CPU/memory constrained.",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -720,8 +720,8 @@
         "max_idle_instances": {
           "description": "Maximum number of idle instances that should be maintained for this version.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Autoscaler manages idle instances automatically by default, also manually capping too low can cause performance degradation during volatile traffic spikes.",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -729,8 +729,8 @@
         "max_total_instances": {
           "description": "Maximum number of instances that should be started to handle requests for this version. Default: 20",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Avoid denial-of-service scenarios, as the application cannot scale to meet a legitimate traffic surge and resulting in request timeouts/503 errors.",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -738,8 +738,8 @@
         "max_pending_latency": {
           "description": "Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Forces requests to sit in a queue for too long before the App Engine autoscaler triggers a new instance.",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -747,8 +747,8 @@
         "min_idle_instances": {
           "description": "Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "To ensure the App Engine autoscaler can ingest performance metrics during traffic surges.",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -756,8 +756,8 @@
         "min_total_instances": {
           "description": "Minimum number of running instances that should be maintained for this version. Default: 2",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "To ensure of allowing the environment to fully de-provision resources during periods of zero activity.",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -765,8 +765,8 @@
         "min_pending_latency": {
           "description": "Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Optimal wait time before scaling is highly dependent on a specific workload",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -774,8 +774,8 @@
         "request_utilization": {
           "description": "Target scaling by request utilization. Structure is [documented below](#nested_automatic_scaling_request_utilization).",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Can be unreliable if request processing times vary whereas relying on CPU utilisation provides a more accurate measure of when an instance is actually working at its limit.",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -783,8 +783,8 @@
         "disk_utilization": {
           "description": "Target scaling by disk usage. Structure is [documented below](#nested_automatic_scaling_disk_utilization).",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Typically bottlenecked by CPU or memory rather than storage.",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -792,8 +792,8 @@
         "network_utilization": {
           "description": "Target scaling by network usage. Structure is [documented below](#nested_automatic_scaling_network_utilization).",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "Scaling based on data throughput can be highly inconsistent while CPU-based scaling provides a more stable and accurate signal for when an instance is reaching its operational capacity.",
           "compliant": null,
           "non-compliant": null,
           "parent": "automatic_scaling"
@@ -803,8 +803,8 @@
     "manual_scaling": {
       "description": "A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. Structure is [documented below](#nested_manual_scaling).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Lacks the ability to adjust to real-time traffic changes, which can lead to unexpected traffic spikes.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -822,27 +822,27 @@
     },
     "project": {
       "description": "If it is not provided, the provider project is used.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "required": false,
+      "security_impact": false,
+      "rationale": "To automatically inherit the provider-level project ID",
       "compliant": null,
       "non-compliant": null,
       "parent": null
     },
     "noop_on_destroy": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "description": "If set to true, the application version will not be deleted.",
+      "required": false,
+      "security_impact": false,
+      "rationale": "Ensure that the Terraform state remains a truthful representation of the cloud environment.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
     },
     "delete_service_on_destroy": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "description": "If set to true, the service will be deleted if it is the last version.",
+      "required": false,
+      "security_impact": false,
+      "rationale": "To prevent the accidental deletion of an entire service logical grouping when only a specific version is being decommissioned",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -980,10 +980,10 @@
       }
     },
     "zip": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "description": "Zip",
+      "required": false,
+      "security_impact": true,
+      "rationale": "Ensure that source-based deployments utilize versioned objects stored in Google Cloud Storage.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -991,10 +991,10 @@
         "source_url": {
           "description": "Source URL",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "To ensure that the application's source code is retrieved from a managed version-controlled repository, using an immutable path.",
+          "compliant": "https://storage.googleapis.com/hardhat-bucket/hello-world.zip",
+          "non-compliant": "invalid.com",
           "parent": "zip"
         },
         "files_count": {
diff --git a/docs/gcp/App_Engine/resource_json/app_engine_service_network_settings.json b/docs/gcp/App_Engine/resource_json/app_engine_service_network_settings.json
index b39323b1f..2635db0ac 100644
--- a/docs/gcp/App_Engine/resource_json/app_engine_service_network_settings.json
+++ b/docs/gcp/App_Engine/resource_json/app_engine_service_network_settings.json
@@ -5,17 +5,17 @@
     "service": {
       "description": "The name of the service these settings apply to.",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "Enforced to establish a verifiable network perimeter at the application layer.",
+      "compliant": "app-internal-service",
+      "non-compliant": "internal-service",
       "parent": null
     },
     "network_settings": {
       "description": "Ingress settings for this service. Will apply to all versions. Structure is [documented below](#nested_network_settings).",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "Enforced to ensure the definition of the fundamental trust boundary of the application",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -23,19 +23,19 @@
         "ingress_traffic_allowed": {
           "description": "The ingress settings for version or service. Default value is `INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED`. Possible values are: `INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED`, `INGRESS_TRAFFIC_ALLOWED_ALL`, `INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY`, `INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB`.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "Is enforced to mitigate the risk of direct-to-origin attacks from occurring. By ensuring that the default unshielded App Engine URL is disabled.",
+          "compliant": "INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY",
+          "non-compliant": "INGRESS_TRAFFIC_ALLOWED_ALL",
           "parent": "network_settings"
         }
       }
     },
     "project": {
       "description": "If it is not provided, the provider project is used.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "required": false,
+      "security_impact": false,
+      "rationale": "To automatically inherit the provider-level project ID.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
diff --git a/docs/gcp/App_Engine/resource_json/app_engine_service_split_traffic.json b/docs/gcp/App_Engine/resource_json/app_engine_service_split_traffic.json
index a27e0659d..10d656b0a 100644
--- a/docs/gcp/App_Engine/resource_json/app_engine_service_split_traffic.json
+++ b/docs/gcp/App_Engine/resource_json/app_engine_service_split_traffic.json
@@ -5,17 +5,17 @@
     "service": {
       "description": "The name of the service these settings apply to.",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "To ensure that traffic splitting configurations are explicitly mapped to the correct logical microservice.",
+      "compliant": "hardhat-main-api",
+      "non-compliant": "generic-api",
       "parent": null
     },
     "split": {
       "description": "Mapping that defines fractional HTTP traffic diversion to different versions within the service. Structure is [documented below](#nested_split).",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "To ensure that traffic distribution is managed as code and providing an automated way to transition users to new versions while maintaining a clear record of routing logic.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -23,19 +23,19 @@
         "shard_by": {
           "description": "Mechanism used to determine which version a request is sent to. The traffic selection algorithm will be stable for either type until allocations are changed. Possible values are: `UNSPECIFIED`, `COOKIE`, `IP`, `RANDOM`.",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "To define how traffic is distributed through versions, ensuring that users have a consistent experience by consistently routing them to the same version based on their IP address.",
+          "compliant": "IP",
+          "non-compliant": "RANDOM",
           "parent": "split"
         },
         "allocations": {
           "description": "Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits.",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "Ensuring to provide precise control over the percentage of traffic directed to specific versions.",
+          "compliant": "v1 = 0.8 v2 = 0.2",
+          "non-compliant": "v1 = 0.0 v2 = 1.0",
           "parent": "split"
         }
       }
@@ -43,17 +43,17 @@
     "migrate_traffic": {
       "description": "If set to true traffic will be migrated to this version.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "Allowing to ensure the system to warm up new instances and preventing sudden latency spikes for users during a deployment.",
+      "compliant": "false",
+      "non-compliant": "true",
       "parent": null
     },
     "project": {
       "description": "If it is not provided, the provider project is used.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "required": false,
+      "security_impact": false,
+      "rationale": "To automatically inherit the provider-level project ID.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
diff --git a/docs/gcp/App_Engine/resource_json/app_engine_standard_app_version.json b/docs/gcp/App_Engine/resource_json/app_engine_standard_app_version.json
index a97986370..8b683328f 100644
--- a/docs/gcp/App_Engine/resource_json/app_engine_standard_app_version.json
+++ b/docs/gcp/App_Engine/resource_json/app_engine_standard_app_version.json
@@ -5,17 +5,17 @@
     "runtime": {
       "description": "Desired runtime. Example python27.",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "Ensuring the application executes in the correct environment with the specific language version required for its dependencies.",
+      "compliant": "nodejs20",
+      "non-compliant": "nodejs10",
       "parent": null
     },
     "deployment": {
       "description": "Code and application artifacts that make up this version. Structure is [documented below](#nested_deployment).",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "To define the specific source code and files that constitute the application version ensuring that Terraform can verify and upload the correct assets to the environment.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -23,8 +23,8 @@
         "zip": {
           "description": "Zip File Structure is [documented below](#nested_deployment_zip).",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": true,
+          "rationale": "Provides a direct way to package the application's source code.",
           "compliant": null,
           "non-compliant": null,
           "parent": "deployment"
@@ -32,8 +32,8 @@
         "files": {
           "description": "Manifest of the files stored in Google Cloud Storage that are included as part of this version. All files must be readable using the credentials supplied with this call. Structure is [documented below](#nested_deployment_files).",
           "required": false,
-          "security_impact": null,
-          "rationale": null,
+          "security_impact": false,
+          "rationale": "To simplify the configuration and ensure that the application package is deployed as a single consistent unit rather than managing individual file paths manually.",
           "compliant": null,
           "non-compliant": null,
           "parent": "deployment"
@@ -43,8 +43,8 @@
     "entrypoint": {
       "description": "The entrypoint for the application. Structure is [documented below](#nested_entrypoint).",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": true,
+      "rationale": "To provide the specific command required to start the application, ensuring that the environment knows how to execute the code, with which port/startup script to initialize.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -52,10 +52,10 @@
         "shell": {
           "description": "The format should be a shell command that can be fed to bash -c.",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "To define the startup command, as it allows for the execution of complex scripts/multiple commands within the standard shell environment.",
+          "compliant": "node ./app.js",
+          "non-compliant": "bash ./app.js",
           "parent": "entrypoint"
         }
       }
@@ -63,17 +63,17 @@
     "service": {
       "description": "AppEngine service resource",
       "required": true,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "Ensuring the application is deployed as a specific microservice, allowing for independent scaling and routing logic within the larger App Engine project.",
+      "compliant": "default",
+      "non-compliant": "unauthorized-app-name",
       "parent": null
     },
     "version_id": {
       "description": "Relative name of the version within the service. For example, `v1`. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "To automatically generate unique timestamp identifiers for each deployment, inturn preventing naming conflicts and ensuring that new releases do not accidentally overwrite existing versions.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -81,8 +81,8 @@
     "service_account": {
       "description": "The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Having utilise the default App Engine service account, simplifying permission management by leveraging the standard identity provided by the platform for accessing Google Cloud resources.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -90,8 +90,8 @@
     "threadsafe": {
       "description": "Whether multiple requests can be dispatched to this version at once.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Environment to use its default concurrency settings, ensuring the application remains stable and avoids race conditions if the codebase is not optimized for parallel request handling.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -99,8 +99,8 @@
     "app_engine_apis": {
       "description": "Allows App Engine second generation runtimes to access the legacy bundled services.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "To ensure the application remains modern and portable",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -108,8 +108,8 @@
     "runtime_api_version": {
       "description": "The version of the API in the given runtime environment. Please see the app.yaml reference for valid values at `https://cloud.google.com/appengine/docs/standard/<language>/config/appref`\\ Substitute `<language>` with `python`, `java`, `php`, `ruby`, `go` or `nodejs`.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "The application utilises a second-generation runtime where the API version is automatically managed by the platform, ensuring the environment always uses the most compatible interface without manual intervention.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -117,8 +117,8 @@
     "handlers": {
       "description": "An ordered list of URL-matching patterns that should be applied to incoming requests. The first matching URL handles the request and other request handlers are not attempted. Structure is [documented below](#nested_handlers).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "For a more flexible and unified approach to request handling without platform-specific configuration.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -191,8 +191,8 @@
     "libraries": {
       "description": "Configuration for third-party Python runtime libraries that are required by the application. Structure is [documented below](#nested_libraries).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Uses a second-generation runtime that manages dependencies through standard package managers.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -220,8 +220,8 @@
     "env_variables": {
       "description": "Environment variables available to the application.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Avoid hardcoding sensitive/environment-specific data in the deployment manifest.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -229,8 +229,8 @@
     "vpc_access_connector": {
       "description": "Enables VPC connectivity for standard apps. Structure is [documented below](#nested_vpc_access_connector).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "interacts with public APIs/managed services that do not require a private connection to a Virtual Private Cloud which reduces infrastructure complexity.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -258,8 +258,8 @@
     "inbound_services": {
       "description": "A list of the types of messages that this application is able to receive. Each value may be one of: `INBOUND_SERVICE_MAIL`, `INBOUND_SERVICE_MAIL_BOUNCE`, `INBOUND_SERVICE_XMPP_ERROR`, `INBOUND_SERVICE_XMPP_MESSAGE`, `INBOUND_SERVICE_XMPP_SUBSCRIBE`, `INBOUND_SERVICE_XMPP_PRESENCE`, `INBOUND_SERVICE_CHANNEL_PRESENCE`, `INBOUND_SERVICE_WARMUP`.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Does not require specialised App Engine-specific features, allowing it to remain a standard web service with a smaller configuration footprint.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
@@ -267,17 +267,17 @@
     "instance_class": {
       "description": "Instance class that is used to run this version. Valid values are AutomaticScaling: F1, F2, F4, F4_1G BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen.",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
-      "compliant": null,
-      "non-compliant": null,
+      "security_impact": true,
+      "rationale": "Defined to ensure the application has the specific CPU and memory resources required for its workload.",
+      "compliant": "F1",
+      "non-compliant": "F2",
       "parent": null
     },
     "automatic_scaling": {
       "description": "Automatic scaling is based on request rate, response latencies, and other application metrics. Structure is [documented below](#nested_automatic_scaling).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "To prevent the application from scaling up to aggressively during minor traffic fluctuations.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -341,8 +341,8 @@
     "basic_scaling": {
       "description": "Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity. Structure is [documented below](#nested_basic_scaling).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "Avoid the latency delays in relation with starting instances from zero after periods of inactivity.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -370,8 +370,8 @@
     "manual_scaling": {
       "description": "A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time. Structure is [documented below](#nested_manual_scaling).",
       "required": false,
-      "security_impact": null,
-      "rationale": null,
+      "security_impact": false,
+      "rationale": "To ensure the system can instead respond dynamically to traffic changes without the risk of over-provisioning/service outages during unexpected load.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -389,36 +389,36 @@
     },
     "project": {
       "description": "If it is not provided, the provider project is used.",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "required": false,
+      "security_impact": false,
+      "rationale": "To automatically inherit the provider-level project ID.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
     },
     "noop_on_destroy": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "description": "If set to true, the application version will not be deleted.",
+      "required": false,
+      "security_impact": false,
+      "rationale": "To ensure Terraform can fully decommission the application version.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
     },
     "delete_service_on_destroy": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "description": "If set to true, the service will be deleted if it is the last version.",
+      "required": false,
+      "security_impact": false,
+      "rationale": "Prevent the accidental removal of the entire service and its versions when a specific version is decommissioned.",
       "compliant": null,
       "non-compliant": null,
       "parent": null
     },
     "zip": {
-      "description": "",
-      "required": null,
-      "security_impact": null,
-      "rationale": null,
+      "description": "Zip",
+      "required": false,
+      "security_impact": true,
+      "rationale": "Provides a direct way to package the application's source code.",
       "compliant": null,
       "non-compliant": null,
       "parent": null,
@@ -426,10 +426,10 @@
         "source_url": {
           "description": "Source URL",
           "required": true,
-          "security_impact": null,
-          "rationale": null,
-          "compliant": null,
-          "non-compliant": null,
+          "security_impact": true,
+          "rationale": "Ensuring that the deployment process uses a verified artifact that is consistent across all environments.",
+          "compliant": "https://storage.googleapis.com/appengine-static-content/hello-world.zip",
+          "non-compliant": "https://storage.googleapis.com/malicious-bucket/exploit.zip",
           "parent": "zip"
         },
         "files_count": {