Ensure that all the deployed cloud functions are in 'active' mode

Google Cloud Functions is a serverless, event-driven computing service within Google Cloud Platform. Deployments work by uploading an archive containing your function's source code to a Google Cloud Storage bucket. When deploying, Cloud Functions looks for particular files, depending on your runtime. Before your function's deployment is finalized, Cloud Functions will send your function a test request to confirm that it deployed successfully.

Risk Level: Low
Cloud Entity: Google Cloud Function
CloudGuard Rule ID: D9.GCP.AS.06
Covered by Spectral: No
Category: Compute

GSL LOGIC

CloudFunction should have status='ACTIVE'

REMEDIATION

Note: If the function not in used, you need to remove the function.

From Portal

  1. Open the Functions Overview page in the Cloud Console: https://console.cloud.google.com/functions/
  2. Select the relevant function
  3. Click DELETE
  4. In the confirmation box click Delete.

From Command Line
Run

gcloud functions delete FUNCTION_NAME --region=REGION

References

  1. https://cloud.google.com/functions/docs/deploying/filesystem
  2. https://cloud.google.com/functions/docs/deploying/repo#cloud_repositories
  3. https://cloud.google.com/functions/docs/deploying/console
  4. https://cloud.google.com/functions/docs/deploying/api
  5. https://cloud.google.com/sdk/gcloud/reference/functions/delete

Google Cloud Function

Cloud Functions is a lightweight compute solution for developers to create single-purpose, stand-alone functions that respond to Cloud events without the need to manage a server or runtime environment.

Compliance Frameworks

  • CloudGuard GCP All Rules Ruleset
  • GCP CloudGuard Best Practices
  • GCP MITRE ATT&CK Framework v12.1
  • GCP NIST 800-53 Rev 5