Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-gcp-compliance
Overview
12Dashboards
536Benchmarks
201Queries
2Variables
GitHub

Control: Ensure Private Google Access is enabled for all subnetworks in kubernetes cluster

Description

This control ensures that GKE clusters subnetworks have private google access enabled.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.kubernetes_cluster_subnetwork_private_ip_google_access_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.kubernetes_cluster_subnetwork_private_ip_google_access_enabled --share

SQL

This control uses a named query:

select
  c.self_link resource,
  case
    when s.private_ip_google_access then 'ok'
    else 'alarm'
  end as status,
  case
    when s.private_ip_google_access then c.title || ' private Google Access is enabled.'
    else c.title || ' private Google Access is disabled.'
  end as reason
  
  , c.location as location, c.project as project
from
  gcp_kubernetes_cluster as c
  left join gcp_compute_subnetwork as s on concat('projects' , split_part(s.self_link , '/projects' ,2)) = c.network_config ->> 'Subnetwork';

Tags

category = Compliance
pci_dss_v321 = true
plugin = gcp
service = GCP/Kubernetes