Ensure GCP compute global forwarding rule does not use HTTP proxies with EXTERNAL load balancing scheme
Description
This policy checks whether a GCP compute global forwarding rule uses HTTP proxies with an EXTERNAL load balancing scheme. Using HTTP proxies with an external load balancing scheme can expose the internal network to external threats. It's essential to ensure that global forwarding rules are properly configured to prevent unauthorized access. By not using HTTP proxies with external load balancing, you can reduce the risk of external attacks and protect your network infrastructure.
Code Example
terraform
resource "google_compute_global_forwarding_rule" "example" {
name = "example-forwarding-rule"
target = google_compute_region_target_http_proxy.example.id
load_balancing_scheme = "INTERNAL"
}Remediation
Ensure the global forwarding rule does not use HTTP proxies with EXTERNAL load balancing scheme by setting the target to a valid regional target HTTP proxy and the load balancing scheme to INTERNAL or setting the load balancing scheme to a value other than EXTERNAL.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1023 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | google_compute_global_forwarding_rule |
| Checkov ID | CKV2_GCP_38 |