Ensure GCP Cloud Function HTTP trigger is secured

Error: GCP Cloud Function HTTP trigger is not secured
Bridgecrew Policy ID: BC_GCP_NETWORKING_21
Checkov Check ID: CKV2_GCP_10
Severity: MEDIUM

GCP Cloud Function HTTP trigger is not secured

Description

This policy identifies GCP Cloud Functions for which the HTTP trigger is not secured. When you configure HTTP functions to be triggered only with HTTPS, user requests will be redirected to use the HTTPS protocol, which is more secure. It is recommended to set the 'Require HTTPS' for configuring HTTP triggers while deploying your function.

Fix - Runtime

Fix - Buildtime

Terraform

resource "google_cloudfunctions_function" "pass" {
  name        = "function-test"
  description = "My function"
  runtime     = "nodejs16"

  available_memory_mb          = 128
  source_archive_bucket        = google_storage_bucket.bucket.name
  source_archive_object        = google_storage_bucket_object.archive.name
  trigger_http                 = true
  https_trigger_security_level = "SECURE_ALWAYS"
  timeout                      = 60
  entry_point                  = "helloGET"
  labels = {
    my-label = "my-label-value"
  }
}