GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
Cloud Monitoring Should Use HTTPS For Backend Resource Health Check
More Info:
Ensure that GCP Cloud Monitoring uses HTTPS only for checking the health of backend resources.
Risk Level
Medium
Address
Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration “Cloud Monitoring Should Use HTTPS For Backend Resource Health Check” for GCP using GCP console, please follow the below steps:
- Login to your GCP console.
- Go to the Cloud Monitoring page.
- In the left navigation menu, select “Uptime Checks”.
- Select the uptime check that needs to be remediated.
- Click on the “Edit” button.
- In the “Check Request” section, select “HTTPS” as the protocol.
- In the “Check Request” section, enter the URL of the backend resource.
- In the “Check Request” section, select the appropriate HTTP method.
- In the “Advanced Settings” section, select “Require valid SSL certificate” checkbox.
- Click on the “Save” button to save the changes.
After following the above steps, the misconfiguration “Cloud Monitoring Should Use HTTPS For Backend Resource Health Check” will be remediated for GCP using GCP console.
To remediate the misconfiguration “Cloud Monitoring Should Use HTTPS For Backend Resource Health Check” for GCP using GCP CLI, follow the below steps:
-
Open the Cloud Shell in the GCP console.
-
Run the following command to set the default project:
gcloud config set project [PROJECT_ID]
- Run the following command to update the health check configuration:
gcloud compute health-checks update https [HEALTH_CHECK_NAME] --use-https
Replace [HEALTH_CHECK_NAME] with the name of the health check you want to update.
- Verify the updated configuration by running the following command:
gcloud compute health-checks describe [HEALTH_CHECK_NAME]
This will display the details of the health check, including the use of HTTPS.
By following these steps, you can remediate the misconfiguration “Cloud Monitoring Should Use HTTPS For Backend Resource Health Check” for GCP using GCP CLI.
To remediate the misconfiguration “Cloud Monitoring Should Use HTTPS For Backend Resource Health Check” in GCP using Python, follow these steps:
- Import the required libraries for interacting with GCP using Python. For example, you can use the
google-auth
andgoogle-api-python-client
libraries.
from google.oauth2 import service_account
from googleapiclient.discovery import build
- Set up the authentication credentials using a service account key file. You can create a service account with the required permissions for the Cloud Monitoring API in the GCP console and download the key file.
credentials = service_account.Credentials.from_service_account_file(
'path/to/service_account_key.json')
- Create a client object for the Cloud Monitoring API using the
build
function and the appropriate API version.
monitoring_client = build('monitoring', 'v3', credentials=credentials)
- Get the list of backend services in the project using the
list
method of thebackendServices
resource.
backend_services = monitoring_client.projects().backendServices().list(
name='projects/<project_id>').execute()
- For each backend service, check if the health check protocol is set to HTTPS. If not, update the backend service using the
update
method of thebackendServices
resource.
for backend_service in backend_services.get('backendServices', []):
if backend_service.get('healthChecks')[0].startswith('https://'):
continue
else:
backend_service['healthChecks'][0] = 'https://' + backend_service['healthChecks'][0][7:]
monitoring_client.projects().backendServices().update(
name=backend_service['name'], body=backend_service).execute()
- Save the Python script and run it using a Python interpreter.
These steps will remediate the misconfiguration “Cloud Monitoring Should Use HTTPS For Backend Resource Health Check” in GCP using Python.