Control: App Engine application IAP should be enabled

Description

This control ensures that App Engine application IAP(Identity-Aware Proxy) is enabled. IAP is used to enforce access control policies for applications and resources. Activating Identity-Aware Proxy (IAP) is a suggested practice for enhancing the security of your App Engine application.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.app_engine_application_iap_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.app_engine_application_iap_enabled --share

SQL

This control uses a named query:

select
  name as resource,
  case
    when (iap -> 'enabled')::bool then 'ok'
    else 'alarm'
  end as status,
  case
    when (iap -> 'enabled')::bool then title || ' IAP enabled.'
    else title || ' IAP disabled.'
  end as reason
  , location as location, project as project
from
  gcp_app_engine_application;

Control: App Engine application IAP should be enabled

Description

Usage

SQL

Tags