turbot/gcp_compliance

Query: compute_firewall_allow_tcp_connections_proxied_by_iap

Usage

powerpipe query gcp_compliance.query.compute_firewall_allow_tcp_connections_proxied_by_iap

Steampipe Tables

SQL

select
self_link resource,
case
when
( allowed @> '[{"IPProtocol":"tcp","ports":["80","443","22","3389"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","443","22"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","443","3389"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","22","3389"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["3389","443","22"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","443"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","22"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","3389"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["22","443"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["3389","443"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["22","3389"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["443"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["22"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["3389"]}]'
)
and (source_ranges ?& array['130.211.0.0/22']
or source_ranges ?& array['35.235.240.0/20']
or source_ranges ?& array['35.191.0.0/16']
or source_ranges ?& array['35.191.0.0/16', '130.211.0.0/22']
or source_ranges ?& array['35.191.0.0/16', '35.235.240.0/20']
or source_ranges ?& array['130.211.0.0/22', '35.235.240.0/20']
or source_ranges ?& array['130.211.0.0/22', '35.235.240.0/20', '35.191.0.0/16'])
then 'ok'
else 'alarm'
end as status,
case
when
( allowed @> '[{"IPProtocol":"tcp","ports":["80","443","22","3389"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","443","22"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","443","3389"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","22","3389"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["3389","443","22"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","443"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","22"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80","3389"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["22","443"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["3389","443"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["22","3389"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["443"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["22"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["80"]}]'
or allowed @> '[{"IPProtocol":"tcp","ports":["3389"]}]'
)
and (source_ranges ?& array['130.211.0.0/22']
or source_ranges ?& array['35.235.240.0/20']
or source_ranges ?& array['35.191.0.0/16']
or source_ranges ?& array['35.191.0.0/16', '130.211.0.0/22']
or source_ranges ?& array['35.191.0.0/16', '35.235.240.0/20']
or source_ranges ?& array['130.211.0.0/22', '35.235.240.0/20']
or source_ranges ?& array['130.211.0.0/22', '35.235.240.0/20', '35.191.0.0/16'])
then title || ' IAP configured to allow traffic from Google IP addresses.'
else title || ' IAP not configured to allow traffic from Google IP addresses.'
end as reason
, location as location, project as project
from
gcp_compute_firewall;

Controls

The query is being used by the following controls: