v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/gcp_compliance
Overview
12Dashboards
536Controls
201Queries
2Variables
GitHub

Control: Ensure Firewall Rules for instances behind Identity Aware Proxy (IAP) only allow the traffic from Google Cloud Loadbalancer (GCLB) Health Check and Proxy Addresses

Description

Access to VMs should be restricted by firewall rules that allow only IAP traffic by ensuring only connections proxied by the IAP are allowed. To ensure that load balancing works correctly health checks should also be allowed.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.compute_firewall_allow_connections_proxied_by_iap

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.compute_firewall_allow_connections_proxied_by_iap --share

SQL

This control uses a named query:

compute_firewall_allow_connections_proxied_by_iap

Tags

category = Compliance
plugin = gcp
service = GCP/Compute