Control: Cloud Functions should not be publicly accessible
Description
This control checks whether Cloud Functions have public access disabled and are configured to only allow internal traffic.
Usage
Run the control in your terminal:
powerpipe control run gcp_perimeter.control.cloudfunction_function_not_publicly_accessible
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run gcp_perimeter.control.cloudfunction_function_not_publicly_accessible --share
Steampipe Tables
SQL
select self_link as resource, case when vpc_connector is not null and ingress_settings = 'ALLOW_INTERNAL_ONLY' then 'ok' else 'alarm' end as status, case when vpc_connector is not null and ingress_settings = 'ALLOW_INTERNAL_ONLY' then title || ' not publicly accessible.' else title || ' publicly accessible.' end as reason , location, projectfrom gcp_cloudfunctions_function;