Ensure GCP Private Google Access is enabled for IPV6
*Error: GCP Private Google Access is not enabled for IPV6
Bridgecrew Policy ID: BC_GCP_NETWORKING_16
Checkov Check ID: CKV_GCP_76
Severity: LOW
GCP VPC Network subnets have Private Google access disabled
Description
Enabling Private Google Access for IPv6 can help improve the security of your Google Cloud Platform (GCP) resources by allowing them to access Google APIs and services over IPv6 networks, rather than over the public internet. This can help reduce the risk of your traffic being intercepted or tampered with, as it is routed through Google's private network. Additionally, Private Google Access can help improve the performance and reliability of your GCP resources by reducing network latency and eliminating the need to route traffic through third-party networks.
Fix - Runtime
Fix - Buildtime
Terraform
resource "google_compute_subnetwork" "pass_bidi" {
name = "log-test-subnetwork"
ip_cidr_range = "10.2.0.0/16"
stack_type = "IPV4_IPV6"
ipv6_access_type = "EXTERNAL"
region = "us-central1"
network = google_compute_network.custom-test.id
# purpose="INTERNAL_HTTPS_LOAD_BALANCER" if set ignored
# log_config {
# metadata="EXCLUDE_ALL_METADATA"
# }
private_ip_google_access = true
private_ipv6_google_access = "ENABLE_BIDIRECTIONAL_ACCESS_TO_GOOGLE"
}
Updated 9 months ago