Ensure GCP compute regional forwarding rule does not use HTTP proxies with EXTERNAL load balancing scheme
Description
This policy checks whether a GCP compute regional forwarding rule uses HTTP proxies with an EXTERNAL load balancing scheme. Using HTTP proxies with an external load balancing scheme can expose the internal network to external threats. It's essential to ensure that the load balancing scheme is properly configured to prevent unauthorized access. By not using HTTP proxies with an external load balancing scheme, you can help protect your network from potential security risks.
Code Example
terraform
resource "google_compute_forwarding_rule" "example" {
name = "example-forwarding-rule"
region = "us-central1"
load_balancing_scheme = "INTERNAL"
target = google_compute_region_target_http_proxy.example.id
}
resource "google_compute_region_target_http_proxy" "example" {
name = "example-target-http-proxy"
region = "us-central1"
url_map = google_compute_url_map.example.id
}Remediation
Ensure the load balancing scheme is set to INTERNAL or update the target to use a regional target HTTP proxy.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1022 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | google_compute_forwarding_rule |
| Checkov ID | CKV2_GCP_37 |