PubSub Subscriptions Should Not Be Detached From Topics

More Info:

Ensure that PubSub Subscriptions are not detached from topics

Risk Level

Low

Address

Operational Excellence

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “PubSub Subscriptions Should Not Be Detached From Topics” for GCP using GCP CLI, follow the steps below:

Open the Cloud Shell in your GCP console.

Run the following command to list all the subscriptions that are detached from topics:

gcloud pubsub subscriptions list --filter="topic:projects/*/topics/* AND NOT topic:projects/*/topics/*"

Identify the subscription that is detached from a topic and note down its subscription name.
Run the following command to delete the subscription:
```
gcloud pubsub subscriptions delete [SUBSCRIPTION_NAME]
```
Replace [SUBSCRIPTION_NAME] with the name of the subscription that you want to delete.
Repeat steps 3 and 4 for all the subscriptions that are detached from topics.
Finally, run the following command to verify that all the subscriptions are attached to a topic:
```
gcloud pubsub subscriptions list --filter="topic:projects/*/topics/*"
```
This command will list all the subscriptions that are attached to a topic.

By following these steps, you can remediate the misconfiguration “PubSub Subscriptions Should Not Be Detached From Topics” for GCP using GCP CLI.

Using Python

To remediate the misconfiguration “PubSub Subscriptions Should Not Be Detached From Topics” for GCP using python, follow these steps:

First, you need to identify the detached subscriptions in GCP. You can use the following code to get the list of all detached subscriptions:

from google.cloud import pubsub_v1

project_id = "your-project-id"
client = pubsub_v1.SubscriberClient()
project_path = f"projects/{project_id}"
response = client.list_subscriptions(project_path)
for subscription in response:
    if not subscription.topic:
        print(f"Detached subscription: {subscription.name}")

Once you have identified the detached subscriptions, you can re-attach them to their respective topics using the following code:

from google.cloud import pubsub_v1

project_id = "your-project-id"
client = pubsub_v1.SubscriberClient()
project_path = f"projects/{project_id}"
response = client.list_subscriptions(project_path)
for subscription in response:
    if not subscription.topic:
        print(f"Re-attaching subscription {subscription.name} to topic {subscription.topic}")
        topic_path = f"projects/{project_id}/topics/{subscription.topic.split('/')[-1]}"
        client.modify_push_config(subscription.name, topic_path=topic_path)

This code will loop through all the subscriptions in your project and re-attach the detached subscriptions to their respective topics.

Additional Reading:

https://cloud.google.com/pubsub/docs/admin

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

PubSub Subscriptions Should Not Be Detached From Topics

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: