forked from aquasecurity/cloud-security-remediation-guides
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #120 from rtkwlf/AWN-194905
Remediation context for skipDefaultNetworkCreation
- Loading branch information
Showing
1 changed file
with
35 additions
and
0 deletions.
There are no files selected for viewing
35 changes: 35 additions & 0 deletions
35
en/google/resourcemanager/skip-default-network-creation.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| [](https://cloudsploit.com) | ||
|
|
||
| # GOOGLE / Resource Manager / Skip Default Network Creation | ||
|
|
||
| ## Quick Info | ||
|
|
||
| | | | | ||
| |-|-| | ||
| | **Plugin Title** | Skip Default Network Creation | | ||
| | **Cloud** | GOOGLE | | ||
| | **Category** | Resource Manager | | ||
| | **Description** | Determine if \"Skip Default Network Creation\" constraint policy is enforces at the GCP organization level. | | ||
| | **More Info** | Enforcing the \"Skip Default Network Creation\" disables the creation of default VPC network on project creation which is recommended if you want to keep some parts of your network private. | | ||
| | **GOOGLE Link** | https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints | | ||
| | **Recommended Action** | Ensure that \"Skip Default Network Creation\" constraint is enforced at the organization level. | | ||
|
|
||
| ## Detailed Remediation Steps | ||
| 1. Sign in to the Google Cloud console, go to the [Identity and Access Management (IAM)](#https://console.cloud.google.com/iam-admin/iam.) page. | ||
|
|
||
| 2. Click on the deployment selector from the top navigation bar, select ALL to list all the existing deployments, then choose the Google Cloud organization that you want to examine. | ||
|
|
||
| 3. In the navigation panel, select **Organization Policies** to view the list of the cloud organization policies available. | ||
|
|
||
| 4. In the Filter by constraint section, select `Name` and filter by: `Skip Default Network Creation`. | ||
|
|
||
| 5. Select the `Skip Default Network Creation` organizational policy. | ||
|
|
||
| 6. In the `Policy details` page, see the `Status` configuration attribute value. If the value is set to `Not enforced`, select the Manage Policy button in the upper right to modify the policy. | ||
|
|
||
| 6. In the `Applies to` section, change the selection to Customize. | ||
|
|
||
| 7. Under the Rules section, select `Add rule` and turn on Enforcement. | ||
| - Optional: Add a condition for enforcement. | ||
|
|
||
| 8. Select Done and click Save to commit your changes. |