turbot/steampipe-mod-gcp-perimeter

Benchmark: Public Network Access

This benchmark answers the following questions:

  • Are any cloud functions publicly accessible?
  • Are any Cloud Run services publicly accessible (not using VPC access with internal-only ingress)?
  • Are any Cloud SQL instances configured with public IP addresses enabled?
  • Are any GKE clusters using public nodes (not using private nodes with legacy endpoints disabled)?

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-gcp-perimeter

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select Public Network Access.

Run this benchmark in your terminal:

powerpipe benchmark run gcp_perimeter.benchmark.public_network_access

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run gcp_perimeter.benchmark.public_network_access --share

Controls

Tags