Ensure GCP Private Google Access is enabled for IPV6

*Error: GCP Private Google Access is not enabled for IPV6
Bridgecrew Policy ID: BC_GCP_NETWORKING_16
Checkov Check ID: CKV_GCP_76
Severity: LOW

GCP VPC Network subnets have Private Google access disabled


Enabling Private Google Access for IPv6 can help improve the security of your Google Cloud Platform (GCP) resources by allowing them to access Google APIs and services over IPv6 networks, rather than over the public internet. This can help reduce the risk of your traffic being intercepted or tampered with, as it is routed through Google's private network. Additionally, Private Google Access can help improve the performance and reliability of your GCP resources by reducing network latency and eliminating the need to route traffic through third-party networks.

Fix - Runtime

Fix - Buildtime


resource "google_compute_subnetwork" "pass_bidi" {
  name             = "log-test-subnetwork"
  ip_cidr_range    = ""
  stack_type       = "IPV4_IPV6"
  ipv6_access_type = "EXTERNAL"
  region           = "us-central1"
  network          = google_compute_network.custom-test.id
  # purpose="INTERNAL_HTTPS_LOAD_BALANCER" if set ignored
  # log_config {
  #   metadata="EXCLUDE_ALL_METADATA"
  # }
  private_ip_google_access   = true
  private_ipv6_google_access = "ENABLE_BIDIRECTIONAL_ACCESS_TO_GOOGLE"