Ensure Logging Configuration for Google Compute Subnetwork

Ensure that Google Compute Subnetworks have logging Configuration to facilitate monitoring and auditing of network traffic. This helps in identifying potential security threats and ensuring compliance with organizational policies.

Suggest Edits

Risk Level: medium
Cloud Entity: Virtual Private Cloud (VPC)
Spectral Rule ID: TFGCP024
Category: Networking

REMEDIATION

add log_config to "google_compute_subnetwork" resource

resource "google_compute_subnetwork" "subnet-with-logging-example" {
  name          = "log-test-subnetwork"
  ip_cidr_range = "10.2.0.0/16"
  region        = "us-central1"
  network       = google_compute_network.custom-test.id

+  log_config {
+    aggregation_interval = "INTERVAL_10_MIN" # Example Usage
+    flow_sampling        = 0.5 # Example Usage
+    metadata             = "INCLUDE_ALL_METADATA" # Example Usage
+  }
}

Virtual Private Cloud (VPC)

Global virtual network that spans all regions. Single VPC for an entire organization, isolated within projects. Increase IP space with no downtime.

Updated 7 days ago

REMEDIATION

Virtual Private Cloud (VPC)

Read more: