v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/gcp_compliance
Overview
12Dashboards
536Controls
201Queries
2Variables
GitHub

Control: Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'

Description

IAP authenticates the user requests to your apps via a Google single sign in. You can then manage these users with permissions to control access. It is recommended to use both IAP permissions and firewalls to restrict this access to your apps with sensitive information.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.compute_firewall_allow_tcp_connections_proxied_by_iap

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.compute_firewall_allow_tcp_connections_proxied_by_iap --share

SQL

This control uses a named query:

compute_firewall_allow_tcp_connections_proxied_by_iap

Tags

category = Compliance
plugin = gcp
service = GCP/Compute