Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-gcp-compliance
Overview
12Dashboards
536Benchmarks
201Queries
2Variables
GitHub

Control: Cloudfunction functions ingress settings should not be set to allow all

Description

It is recommended that Cloudfunction functions ingress settings should not be set to `allow all` as it allow all inbound requests to the function.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.cloudfunction_function_no_ingress_settings_allow_all

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.cloudfunction_function_no_ingress_settings_allow_all --share

SQL

This control uses a named query:

select
  self_link resource,
  case
    when ingress_settings  = 'ALLOW_ALL' then 'alarm'
    else 'ok'
  end as status,
  case
    when ingress_settings = 'ALLOW_ALL' then name || ' ingress settings is set to allow all.'
    else name || ' ingress settings is not set to allow all.'
  end as reason
  
  , location as location, project as project
from
  gcp_cloudfunctions_function;

Tags

category = Compliance
plugin = gcp
service = GCP/CloudFunctions