Best practice rules for GCP API
Trend Micro Cloud One™ – Conformity monitors GCP API with the following rules:
- Check for API Key API Restrictions
Ensure that API keys are restricted to only those APIs that your application needs access to.
- Check for API Key Application Restrictions
Ensure there are no unrestricted API keys available within your Google Cloud Platform (GCP) project.
- Rotate Google Cloud API Keys
Ensure that all the API keys created for your Google Cloud Platform (GCP) projects are regularly rotated.