Ensure Google Cloud Function is configured with a VPC connector

To send requests to your VPC network and receive the corresponding responses without using the public internet, you can use a Serverless VPC Access connector. It is recommended to configure each function to use a Serverless VPC Access connector to connect to your VPC network for sending egress traffic.

Suggest Edits

Risk Level: High
Cloud Entity: Google Cloud Function
CloudGuard Rule ID: D9.GCP.NET.38
Covered by Spectral: No
Category: Compute

GSL LOGIC

CloudFunction should have vpcConnector

REMEDIATION

From Portal

  1. Go to the function: https://console.cloud.google.com/functions/list, then click Edit.
  2. Click 'Runtime, build, connections and security settings' to expand the function configuration page.
  3. Click the Connections tab, and under 'Egress settings' choose an option from the 'VPC Network' menu, except 'None' which is to disconnect an already associated connector.
  4. To use an existing connector, select it from the drop-down list or select Custom to use an existing connector that is not shown in the drop-down list (you can also add a new one from 'Add new VPC connector').
  5. Click Next, and then Deploy.

Note: Administrators can require that functions specify a Serverless VPC Access connector by setting the 'cloudfunctions.requireVPCConnector' organization policy.

From TF
Note: The 'name' argument is supported and the 'vpc_connector' argument is exported. Please see the Terraform link under References to get the latest updates for this entity.

data "google_cloudfunctions_function" "my-function" {
	. .
	name = "function"  // REQUIRED ARGUMENT, see Note and References
	vpc_connector = EXPORTED  // COMPUTED ATTRIBUTE
	. .
}

From Command Line
Use the gcloud functions deploy command to deploy the function and specify the --vpc-connector flag:

gcloud functions deploy FUNCTION_NAME --vpc-connector CONNECTOR_NAME FLAGS

References

  1. https://cloud.google.com/functions/docs/networking/connecting-vpc#configuring
  2. https://cloud.google.com/functions/docs/networking/connecting-vpc#gcloud_1
  3. https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/cloudfunctions_function

Google Cloud Function

Cloud Functions is a lightweight compute solution for developers to create single-purpose, stand-alone functions that respond to Cloud events without the need to manage a server or runtime environment.

Compliance Frameworks

  • CloudGuard GCP All Rules Ruleset

Updated 7 months ago