Best practice rules for GCP Cloud Functions
Trend Micro Cloud One™ – Conformity monitors GCP Cloud Functions with the following rules:
- Cloud Logging Permissions for Google Cloud Functions
Ensure that Cloud Logging API has appropriate permissions to write function logs.
- Enable Serverless VPC Access for Google Cloud Functions
Ensure that Serverless VPC Access is enabled for your Google Cloud functions.
- GCP Execution Runtime Environment Version
Ensure that your Google Cloud functions are second generation (or newer generation) functions.
- GCP Function Runtime Version
Ensure that your GCP functions are using the latest language runtime version available.
- GCP Function using Default Service Account
Ensure that your Google Cloud functions are not using the default service account.
- GCP Function using Service Account with Basic Roles
Ensure that your Google Cloud functions are not using basic roles for permissions.
- GCP Functions with Admin Privileges
Ensure that your Google Cloud functions are not configured with admin privileges.