Cloud CDN Global Backend Services Failover Policy Should Be Enabled

More Info:

Ensure Cloud CDN global backend services have failover policy enabled.

Risk Level

High

Address

Operational Maturity, Performance Efficiency, Reliability, Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “Cloud CDN Global Backend Services Failover Policy Should Be Enabled” for GCP using GCP CLI, follow the below steps:

Open the Google Cloud Console and select the project in which you want to remediate the misconfiguration.
Open the Cloud Shell by clicking on the icon on the top right corner of the console.
In the Cloud Shell, run the following command to list the existing backend services:

gcloud compute backend-services list

Identify the backend service that is associated with the Cloud CDN.
Run the following command to enable the failover policy for the identified backend service:

gcloud compute backend-services update [BACKEND_SERVICE_NAME] --global-backend-service --failover-policy=ENABLE

Replace [BACKEND_SERVICE_NAME] with the name of the identified backend service.

Verify that the failover policy is enabled by running the following command:

gcloud compute backend-services describe [BACKEND_SERVICE_NAME] --global

This command will display the details of the backend service, including the failover policy status.By following these steps, you can remediate the misconfiguration “Cloud CDN Global Backend Services Failover Policy Should Be Enabled” for GCP using GCP CLI.

Using Python

To remediate the misconfiguration “Cloud CDN Global Backend Services Failover Policy Should Be Enabled” for GCP using Python, follow the below steps:Step 1: Import the required libraries and authenticate to GCP.

from google.oauth2 import service_account
from googleapiclient.discovery import build

# Set the credentials path for GCP
credentials = service_account.Credentials.from_service_account_file('credentials.json')

# Authenticate to GCP
service = build('compute', 'v1', credentials=credentials)

Step 2: Get the list of global backend services.

# Get the list of global backend services
backend_services = service.backendServices().list(project='your-project-id').execute()

Step 3: Loop through the backend services and check if the failover policy is enabled. If not, enable it.

for backend_service in backend_services['items']:
    # Check if failover policy is enabled
    if 'failoverPolicy' not in backend_service:
        # Enable failover policy
        backend_service['failoverPolicy'] = {
            'disableConnectionDrainOnFailover': False,
            'dropTrafficIfUnhealthy': False,
            'failoverRatio': 0.5,
            'status': 'ENABLED'
        }
        # Update the backend service with the failover policy
        service.backendServices().patch(project='your-project-id', backendService=backend_service['name'], body=backend_service).execute()

Step 4: Verify if the failover policy is enabled for all the global backend services.

# Get the list of global backend services after enabling failover policy
backend_services = service.backendServices().list(project='your-project-id').execute()

# Loop through the backend services and verify if failover policy is enabled
for backend_service in backend_services['items']:
    if 'failoverPolicy' not in backend_service:
        print(f"Failover policy is not enabled for {backend_service['name']}")
    else:
        print(f"Failover policy is enabled for {backend_service['name']}")

By following these steps, the misconfiguration “Cloud CDN Global Backend Services Failover Policy Should Be Enabled” can be remediated for GCP using Python.

Additional Reading:

https://cloud.google.com/cdn/docs/overview

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

Cloud CDN Global Backend Services Failover Policy Should Be Enabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: