Guardrail Gaunlet at Google Cloud Next 2025

Guardrail Gauntlet

Welcome to the Google Cloud Next 2025 challenge: the Guardrail Gauntlet! Winners are entered for a chance to receive a Steam Deck.

To participate, write and submit a Guardrail for a Google Cloud resource. To enter the challenge:

1. If you haven't yet,

3. Write a valid Guardrail featuring a Google Cloud resource*

   1. The Guardrail must feature one of the following statements: IN, CONTAINS, MATCHES, EVERY, SOME, NO, AND, OR, HAS, EXISTS, or CONTEXT

4. Submit a screenshot of your Guardrail along with your name via email to .

*The written Guardrail must be valid, meaning that it must be tested for both a failing and passing condition within the Developer Experience tab of the Foundry.

Drawings of valid Guardrails will take place daily at 4p PT for a Steam Deck.

We have one Steam Deck remaining! Make sure to get your submission in by April 24th at 12p ET to be eligible to win the last remaining Steam Deck.

Inspiration for Guardrails

Here is an example Guardrail that restricts traffic for default security groups:

GUARDRAIL "Ensure the default security group of every VPC restricts all traffic."
  WHEN aws_default_security_group
    REQUIRE ingress NOT EXISTS
    REQUIRE egress NOT EXISTS
  OVERRIDE WITH APPROVAL @security

Need to be inspired? Try to write some Guardrails for the following:

• Require VMs can only be a subset of instance sizes

• Require BigQuery datasets have an access.dataset property

• Limit Cloud Run jobs to use 2 CPU and 1024 MB of memory

• Force Firebase databases to have an aggressive deletion policy