Best practice rules for GCP API
Trend Micro Cloud One™ – Conformity monitors GCP API with the following rules:
- API Keys Should Only Exist for Active Services
Ensure there are no API keys in use within your Google Cloud projects.
- Check for API Key API Restrictions
Ensure that API keys are restricted to only those APIs that your application needs access to.
- Check for API Key Application Restrictions
Ensure that your API key usage is restricted to trusted hosts and applications only.
- Enable Cloud Asset Inventory
Ensure that Google Cloud Asset Inventory is enabled for your GCP projects.
- Enable critical service APIs
Ensure that critical service APIs are enabled for your GCP projects.
- Latest Operating System Updates
Ensure that your Google Cloud virtual machine (VM) instances are using the latest operating system updates.
- Rotate Google Cloud API Keys
Ensure that all the API keys created for your Google Cloud Platform (GCP) projects are regularly rotated.