Ensure that all the Google Cloud APIs and services restricted within your organization are defined using the "Restrict allowed Google Cloud APIs and services" organization policy. This constraint policy helps you achieve regulatory compliance by defining the set of cloud services and APIs that cannot be used within your GCP organization. The list of denied APIs and services must be configured in the conformity rule settings, on the Trend Micro Cloud One™ – Conformity console.
By default, all Google Cloud APIs and services are allowed. With "Restrict allowed Google Cloud APIs and services" policy you can restricts the set of cloud services (and their APIs) that can be utilized within your organization. The list of restricted services must be defined as the string name of an API and can only include explicitly denied values from the following list: compute.googleapis.com, deploymentmanager.googleapis.com, dns.googleapis.com, doubleclicksearch.googleapis.com, replicapool.googleapis.com, replicapoolupdater.googleapis.com, and resourceviews.googleapis.com. Explicitly denying APIs that are not included in the list above will result in an error. Enforcement of this service constraint is not retroactive, therefore if a cloud service is already enabled inside the organization when this constraint is enforced, it will remain enabled. With "Restrict allowed Google Cloud APIs and services" constraint policy in use, you can manage the access to Google Cloud APIs and services, control costs, and enforce security and compliance requirements for your organizations.
To determine if Google Cloud API and service restriction is enabled for your GCP organizations, perform the following actions:
Remediation / Resolution
To implement the restriction of Google Cloud APIs and services within your GCP organizations, enable and configure the “Restrict allowed Google Cloud APIs and services” organization policy, by performing the following actions:
- Google Cloud Platform (GCP) Documentation
- Resource Manager
- Organization policy constraints
- Creating and managing organization policies
- GCP Command Line Interface (CLI) Documentation
- gcloud organizations list
- gcloud alpha resource-manager org-policies describe
- gcloud beta resource-manager org-policies set-policy
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Restrict Allowed Google Cloud APIs and Services
Risk level: Medium