GCP Cloud Run services are anonymously or publicly accessible
Description
Code Example
shell
{
"gcloud run services remove-iam-policy-binding SERVICE-NAME \\
--member=MEMBER-TYPE \\
--role=ROLE",
}Remediation
- GCP Console*
To remove anonymous or public access to your Cloud Run service:
. Log in to the GCP Console at https://console.cloud.google.com.
. Navigate to https://console.cloud.google.com/run [Cloud Run].
. View your service's Service details page by clicking on your * Service Name*.
. Select the * PERMISSIONS* tab.
. To remove a specific role assignment, select * allUsers* or * allAuthenticatedUsers*, and then click * Delete*.
- CLI Command*
To remove anonymous or public access to your Cloud Run service execute the following command:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0960 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_GCP_102 |