GCP Compute
Analyzes GCP compute resources including Cloud Functions, Cloud Run services, and GKE clusters. Focuses on ingress configuration and service account usage to identify publicly accessible or overprivileged resources.
Required Blueprints: GCP
Sightlines
| Sightline | Description |
|---|---|
| Cloud Functions | Identifies Cloud Functions with ALLOW_ALL ingress that are accessible from the public internet. |
| Cloud Run | Identifies Cloud Run services with INGRESS_TRAFFIC_ALL that are publicly accessible. |
Explorer Node Types
Use these node types in Explorer or KAI to query resources surfaced by this analyzer:
gcp.cloudfunctions.Function, gcp.cloudfunctions.CloudFunction, gcp.cloudrun.CloudRunServiceResource, gcp.cloudrun.RevisionTemplate
Related Analyzers
- GCP IAM — Service accounts and roles for compute resources
- GCP Network — Firewall rules and network interfaces
- GCP Storage — Compute access to storage buckets
Insight Feed Alerts
- Cloud Function With Public Ingress -- Functions configured with ALLOW_ALL ingress.
- Cloud Run Service With Public Ingress -- Services configured with INGRESS_TRAFFIC_ALL.
- GKE Node Configurations Using Default Service Account -- GKE nodes using the default Compute Engine service account with Editor role (CIS GCP 7.17).
- GKE Clusters Without Master Authorized Networks -- API server accessible from any IP (CIS GCP 7.4).
- GKE Clusters Not Configured as Private -- Nodes with public IPs and API server exposed to the internet (CIS GCP 7.1).
- Cloud Run Services Using Default Service Account -- Cloud Run services with overly broad Editor permissions.
- Cloud Functions Using Default Service Account -- Functions with Editor-level permissions via default service account.