Triage and Remediation
Remediation
Using Console
Using Console
Sure, here are the step-by-step instructions to remediate the “Cloud Functions Endpoint Should Not Be Publicly Accessible” misconfiguration for GCP using the GCP console:
- Open the Google Cloud Console and select the project that contains the Cloud Function you want to remediate.
- In the navigation menu, go to “Cloud Functions” under the “Compute” section.
- Select the Cloud Function that you want to remediate.
- Click on the “Permissions” tab in the Cloud Function details page.
- Under the “Ingress settings” section, click on the “Allow internal traffic only” radio button.
- Click on the “Save” button to apply the changes.
-
Verify that the Cloud Function is no longer publicly accessible by attempting to access the function’s endpoint URL from a browser or using a tool like
curl. You should receive an error message stating that access is denied.
Using CLI
Using CLI
To remediate the issue of Cloud Functions Endpoint being publicly accessible in GCP, you can follow the below steps using GCP CLI:
- Open the Cloud Functions page in the GCP console.
- Find the function that you want to remediate and click on it.
- In the function details page, click on the “Permissions” tab.
- Under the “Invokers” section, click on “Add Member”.
- In the “Add members” dialog box, enter the email address of the service account or user that needs to access the function.
- Select the appropriate role for the user/service account.
- Click on “Save” to add the user/service account to the function’s invokers list.
- Repeat steps 4-7 for all the users/service accounts that need access to the function.
Using Python
Using Python
To remediate the issue of Cloud Functions Endpoint being publicly accessible on GCP using Python, you can follow the below steps:Make sure to replace the
- Open the Cloud Functions Console in your GCP project.
- Select the function that you want to remediate and click on the “Edit” button.
- In the “Edit Function” screen, scroll down to the “Networking” section and click on “Add VPC connector”.
- In the “Add VPC connector” screen, select the VPC network that you want to use and click on “Save”.
- Once the VPC connector is added, scroll down to the “Ingress Settings” section and select “Allow internal traffic only”.
- Click on “Save” to save the changes.
project_id, function_name, and vpc-connector-name variables with the appropriate values for your environment.