Ensure Excluding RDP Port For Google Compute Firewall

Risk Level: medium
Cloud Entity: Cloud Identity
Spectral Rule ID: TFGCP073
Category: Security and Identity

REMEDIATION

in google_compute_firewall.allow set ports to not 3389 (RDP port)

resource "google_compute_firewall" "default" {
  name    = "test-firewall"
  network = google_compute_network.default.name

+  allow {
+    protocol = "tcp"
-    ports    = ["3389"]
+    ports    = ["80", "443", ...] # not RDP related ports
+  }
}

Cloud Identity

A unified identity, access, app, and endpoint management (IAM/EMM) platform.

Read more:

• https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall
• https://cloud.google.com/compute/docs/reference/rest/v1/firewalls
• https://cloud.google.com/firewall/docs/firewalls