v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/gcp_compliance
Overview
12Dashboards
536Controls
201Queries
2Variables
GitHub

Control: 4.10 Ensure that App Engine applications enforce HTTPS connections

Description

In order to maintain the highest level of security all connections to an application should be secure by default.

Insecure HTTP connections maybe subject to eavesdropping which can expose sensitive data.

Remediation

Add a line to the app.yaml file controlling the application which enforces secure connections. For example

handlers:
- url: /.*
  **secure: always**
  redirect_http_response_code: 301
  script: auto

https://cloud.google.com/appengine/docs/standard/python3/config/appref

Default Value

By default both HTTP and HTTP are supported

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.cis_v200_4_10

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.cis_v200_4_10 --share

SQL

This control uses a named query:

manual_control

Tags

benchmark = cis
category = Compliance
cis_item_id = 4.10
cis_level = 2
cis_section_id = 4
cis_type = manual
cis_version = v2.0.0
plugin = gcp
service = GCP/AppEngine