Best practice rules for GCP API
- API Keys Should Only Exist for Active Services
Ensure there are no API keys in use within your Google Cloud projects.
- Check for API Key API Restrictions
Ensure that API keys are restricted to only those APIs that your application needs access to.
- Check for API Key Application Restrictions
Ensure there are no unrestricted API keys available within your Google Cloud Platform (GCP) project.
- Enable Cloud Asset Inventory
Ensure that Google Cloud Asset Inventory is enabled for your GCP projects.
- Enable Security Command Center API
Ensure that Google Cloud Security Command Center API is enabled.
- Enable critical service APIs
Ensure that critical service APIs are enabled for your GCP projects.
- Latest Operating System Updates
Ensure that your Google Cloud virtual machine (VM) instances are using the latest operating system updates.
- Rotate Google Cloud API Keys
Ensure that all the API keys created for your Google Cloud Platform (GCP) projects are regularly rotated.