Ensure GCP Cloud Function HTTP trigger is secured
Error: GCP Cloud Function HTTP trigger is not secured
Bridgecrew Policy ID: BC_GCP_NETWORKING_21
Checkov Check ID: CKV2_GCP_10
Severity: MEDIUM
GCP Cloud Function HTTP trigger is not secured
Description
This policy identifies GCP Cloud Functions for which the HTTP trigger is not secured. When you configure HTTP functions to be triggered only with HTTPS, user requests will be redirected to use the HTTPS protocol, which is more secure. It is recommended to set the 'Require HTTPS' for configuring HTTP triggers while deploying your function.
Fix - Runtime
Fix - Buildtime
Terraform
resource "google_cloudfunctions_function" "pass" {
name = "function-test"
description = "My function"
runtime = "nodejs16"
available_memory_mb = 128
source_archive_bucket = google_storage_bucket.bucket.name
source_archive_object = google_storage_bucket_object.archive.name
trigger_http = true
https_trigger_security_level = "SECURE_ALWAYS"
timeout = 60
entry_point = "helloGET"
labels = {
my-label = "my-label-value"
}
}
Updated 5 months ago