Ensure that all the deployed cloud functions are in 'active' mode
Google Cloud Functions is a serverless, event-driven computing service within Google Cloud Platform. Deployments work by uploading an archive containing your function's source code to a Google Cloud Storage bucket. When deploying, Cloud Functions looks for particular files, depending on your runtime. Before your function's deployment is finalized, Cloud Functions will send your function a test request to confirm that it deployed successfully.
Risk Level: Low
Cloud Entity: Google Cloud Function
CloudGuard Rule ID: D9.GCP.AS.06
Covered by Spectral: No
Category: Compute
GSL LOGIC
CloudFunction should have status='ACTIVE'
REMEDIATION
Note: If the function not in used, you need to remove the function.
From Portal
- Open the Functions Overview page in the Cloud Console: https://console.cloud.google.com/functions/
- Select the relevant function
- Click DELETE
- In the confirmation box click Delete.
From Command Line
Run
gcloud functions delete FUNCTION_NAME --region=REGION
References
- https://cloud.google.com/functions/docs/deploying/filesystem
- https://cloud.google.com/functions/docs/deploying/repo#cloud_repositories
- https://cloud.google.com/functions/docs/deploying/console
- https://cloud.google.com/functions/docs/deploying/api
- https://cloud.google.com/sdk/gcloud/reference/functions/delete
Google Cloud Function
Cloud Functions is a lightweight compute solution for developers to create single-purpose, stand-alone functions that respond to Cloud events without the need to manage a server or runtime environment.
Compliance Frameworks
- CloudGuard GCP All Rules Ruleset
- GCP CloudGuard Best Practices
- GCP MITRE ATT&CK Framework v12.1
- GCP NIST 800-53 Rev 5
Updated over 1 year ago