Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Default VPC should not be used” for GCP using the GCP console, follow these steps:
- Login to the GCP console at https://console.cloud.google.com/
- Select the project that is using the default VPC.
- In the left navigation pane, select “VPC network” and then select “VPC network”.
- Click on the name of the default VPC.
- Click on “Edit” at the top of the screen.
- In the “Edit VPC network” screen, uncheck the “Default” checkbox.
- Click “Save” to apply the changes.
Using CLI
Using CLI
To remediate the “Default VPC Should Not Be Used” misconfiguration in GCP using GCP CLI, you can follow these steps:
- Identify all the GCP projects that are using the default VPC. You can use the following command to list all the projects:
- For each project that is using the default VPC, create a new VPC network. You can use the following command to create a new VPC network:
- Once the new VPC network is created, you can move all the existing resources from the default VPC to the new VPC network. You can use the following command to move a resource to a new VPC network:
- Once all the resources are moved to the new VPC network, you can delete the default VPC network. You can use the following command to delete the default VPC network:
- Finally, you should update your organization’s policies to prevent the use of default VPCs in the future.
Using Python
Using Python
To remediate the “Default VPC Should Not Be Used” misconfiguration in GCP using Python, you can follow the below steps:Note: Replace
- Install the necessary Python packages:
- Authenticate to GCP:
- Get the list of all VPCs:
- Check if any of the VPCs are default:
- Delete the default VPC:
<path_to_service_account_key_file>, <project_id>, and <default_vpc_name> with the appropriate values for your GCP environment. Also, make sure to test the script in a non-production environment before running it in production.