GCP Dataproc Clusters have public IPs
Description
Code Example
shell
{
"gcloud beta dataproc clusters create my_cluster \\
--region=us-central1 \\
--no-address",
}Remediation
- GCP Console*
It is not currently possible to edit a running * Dataproc cluster* to remove it's public IPs. To create a * Dataproc cluster* with only private IPs:
. Log in to the GCP Console.
. Select Customize Cluster to view * Network Configuration* settings.
. Locate the Internal IP Only section and select the checkbox next to * Configure all instances to have only internal IP addresses*
- CLI Command*
It is not currently possible to edit a running * Dataproc cluster* to remove it's public IPs. To create a * Dataproc cluster* with only private IPs you need to specify the `--no-address` flag. As an example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0961 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_GCP_103 |