Cloud CDN Regional Backend Services Should Have Connection Draining
More Info:
Cloud CDN should not send any new requests to the unhealthy instance if an compute instance fails health checksRisk Level
MediumAddress
Reliability, SecurityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
Sure, here are the step-by-step instructions to remediate the misconfiguration of Cloud CDN Regional Backend Services not having Connection Draining in GCP using the GCP console:
- Open the GCP Console and log in to your account.
- Navigate to the Cloud CDN page by selecting the “Navigation menu > Network Services > Cloud CDN”.
- From the Cloud CDN page, select the name of the CDN that you want to configure the connection draining for.
- In the CDN details page, select the “Backend Configuration” tab.
- In the Backend Configuration page, select the “Edit” button located at the top of the page.
- In the “Edit Backend Configuration” page, scroll down to the “Backend Service” section and select the name of the backend service that you want to configure connection draining for.
- In the “Backend Service” page, select the “Edit” button located at the top of the page.
- Scroll down to the “Connection Draining” section and select the “Enable” checkbox.
- In the “Connection Draining Timeout” field, specify the amount of time (in seconds) that you want to wait for the existing connections to complete before shutting down the backend service. The recommended value is 300 seconds.
- Select the “Save” button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration of Cloud CDN Regional Backend Services not having connection draining on GCP using GCP CLI, follow the below steps:Replace [BACKEND_SERVICE_NAME] with the name of the backend service you want to update, [REGION] with the region where the backend service is located, and [TIMEOUT_SECONDS] with the number of seconds that you want to set for the connection draining timeout.For example, to set the connection draining timeout to 60 seconds for a backend service named “my-backend-service” located in the “us-central1” region, run the following command:Make sure that the “connectionDraining” field shows the correct value for the connection draining configuration.By following these steps, you can remediate the misconfiguration of Cloud CDN Regional Backend Services not having connection draining on GCP using GCP CLI.
- Open the Google Cloud Console and go to the Cloud Shell.
- Run the following command to list all the backend services in your project:
- Choose the backend service that you want to update and run the following command to describe the backend service:
- Check if the connection draining configuration is set for the backend service. If not, add the connection draining configuration by running the following command:
- Verify that the connection draining configuration is set for the backend service by running the following command:
Using Python
Using Python
To remediate the misconfiguration of Cloud CDN Regional Backend Services not having connection draining in GCP using Python, you can follow the below steps:By following these steps, you can remediate the misconfiguration of Cloud CDN Regional Backend Services not having connection draining in GCP using Python.
- Install the necessary Python libraries:
- Set up authentication:
- Retrieve the list of backend services:
- For each backend service, check if connection draining is enabled:
- If connection draining is not enabled, update the backend service to enable it: