Ensure GCP data fusion instances are private

Error: GCP data fusion instances are not private

Bridgecrew Policy ID: BC_GCP_GENERAL_35
Checkov Check ID: CKV_GCP_87
Severity: LOW

GCP data fusion instances are not private

Description

GCP Data fusion is a fully managed, cloud-native data integration service that helps users build and manage ETL (extract, transform, and load) pipelines. It is designed to simplify and accelerate the process of building and maintaining data pipelines, allowing users to create data pipelines that can ingest data from a variety of sources, transform and cleanse the data, and then load the data into a destination of their choice.

A Data Fusion instance is a logical container that is used to host and run data pipelines. It is created within a Google Cloud project, and users can create multiple instances within a single project. Each instance has its own resources and configuration settings, allowing users to tailor the instance to their specific needs.

We recommend you remove the public IPs for your Data Fusion instance.

Fix - Runtime

Fix - Buildtime

Terraform

resource "google_data_fusion_instance" "pass" {
  provider = google-beta
  name = "my-instance"
  description = "My Data Fusion instance"
  region = "us-central1"
  type = "BASIC"
  enable_stackdriver_logging = true
  enable_stackdriver_monitoring = true
  labels = {
    example_key = "example_value"
  }
  private_instance = true
  network_config {
    network = "default"
    ip_allocation = "10.89.48.0/22"
  }
  version = "6.3.0"
  dataproc_service_account = data.google_app_engine_default_service_account.default.email
}