Detections
Analytics

Ensure private google access is enabled for Google Compute Subnetwork

MEDIUM

Description

Private Google Access can be enabled for virtual machines in Google Compute so that they can be accessed from a VPC network. For more information on Google Compute private access options, see the GCP documentation.
References:
https://cloud.google.com/vpc/docs/configure-private-google-access

Remediation

In GCP Console -

  1. Open the VPC networks page.
  2. Select the name of the network that contains the subnet to edit.
  3. Click the name of the subnet, select details, then click Edit.
  4. Select the Enable network policy for master and Enable network policy for nodes checkbox (One at a time).
  5. In the Private Google Access section, select On.
  6. Click Save.

In Terraform -

  1. In the google_compute_subnetwork resource, ensure that private_ip_google_access attribute is not set to false.

References:
https://cloud.google.com/vpc/docs/configure-private-google-access
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork#private_ip_google_access

Policy Details

Rule Reference ID: AC_GCP_0031
CSP: GCP
Remediation Available: Yes
Domain: Infrastructure Security
Resource: google_compute_subnetwork
Resource Category: Compute
Resource Type: Subnetwork

Frameworks