Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-gcp-perimeter
Overview
3Dashboards
33Benchmarks
0Queries
6Variables
GitHub

Control: Cloud Functions should not be publicly accessible

Description

This control checks whether Cloud Functions have public access disabled and are configured to only allow internal traffic.

Usage

Run the control in your terminal:

powerpipe control run gcp_perimeter.control.cloudfunction_function_not_publicly_accessible

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_perimeter.control.cloudfunction_function_not_publicly_accessible --share

Steampipe Tables

gcp_cloudfunctions_function
GCP plugin

SQL

select
  self_link as resource,
  case
    when vpc_connector is not null
      and ingress_settings = 'ALLOW_INTERNAL_ONLY' then 'ok'
    else 'alarm'
  end as status,
  case
    when vpc_connector is not null
      and ingress_settings = 'ALLOW_INTERNAL_ONLY' then title || ' not publicly accessible.'
    else title || ' publicly accessible.'
  end as reason
  
  , location, project
from
  gcp_cloudfunctions_function;

Tags

category = Perimeter
plugin = gcp
service = GCP/CloudFunctions