What cloud services are supported for Google Cloud?

Avatar
Abhilasha Singh Machal
Follow

Cloud Scanning for Google Cloud verifies security best practices and security misconfigurations that contribute to the most common causes of security breaches within a vast list of services.

There is also a set of plugins highlighting unused or misused services that could help save monthly Google Cloud costs. Read more about these plugins in this article:

https://support.holmsecurity.com/hc/en-us/articles/8052279700124

Google Cloud supported services

  • API
  • BigQuery
  • BigTable
  • CLB
  • Cloud Functions
  • Compute
  • Cryptographic Keys
  • Dataflow
  • Dataproc
  • Deployment Manager
  • DNS
  • IAM
  • Kubernetes
  • Logging
  • Pub/Sub
  • Resource Manager
  • Security
  • Service Usage
  • Spanner
  • SQL
  • Storage
  • VPC Network

Google Cloud-supported service policies

 

API - API Key Active Services Only
API - API Key API Restriction
API - API Key Application Restriction
API - API Key Rotation
API - Project API Keys
BigQuery - Dataset All Users Policy
BigQuery - Dataset Labels Added
BigQuery - Datasets CMK Encrypted
BigQuery - Tables CMK Encrypted
BigTable - BigTable Instance Labels Added
CLB - CLB CDN Enabled
CLB - CLB HTTPS Only
CLB - CLB Logging Enabled
CLB - CLB No Instances
CLB - Security Policy Enabled
Cloud Composer - Airflow Web Server Public Access
Cloud Composer - Environment Default Service Account
Cloud Composer - Environment Encryption
Cloud Composer - Environment Labels Added
Cloud Functions - Cloud Function All Users Policy
Cloud Functions - Cloud Function Labels Added
Cloud Functions - Cloud Function Serverless VPC Access
Cloud Functions - HTTP Trigger require HTTPS
Cloud Functions - Ingress All Traffic Disabled
CloudBuild - Comment Control Enabled
CloudBuild - Specific Source Branch
CloudBuild - Trigger Has Tags
CloudBuild - User Approval Enabled
Compute - Application Consistent Snapshots
Compute - Autoscale Enabled
Compute - Autoscale Minimum CPU Utilization Target
Compute - Confidential Computing Enabled
Compute - Connect Serial Ports Disabled
Compute - CSEK Encryption Enabled
Compute - Deprecated Images
Compute - Disk Automatic Backup Enabled
Compute - Disk In Use
Compute - Disk Labels Added
Compute - Disk MultiAz
Compute - Disk Old Snapshots
Compute - Enable Usage Export
Compute - Frequently Used Snapshots
Compute - Image Labels Added
Compute - Images CMK Encrypted
Compute - Instance Automatic Restart Enabled
Compute - Instance Default Service Account
Compute - Instance Desired Machine Type
Compute - Instance Group Auto Healing Enabled
Compute - Instance Labels Added
Compute - Instance Level SSH Only
Compute - Instance Maintenance Behavior
Compute - Instance Preemptibility Disabled
Compute - Instance Public Access Disabled
Compute - Instance Template Machine Type
Compute - Instances Multi AZ
Compute - IP Forwarding Disabled
Compute - OS Login 2FA Enabled
Compute - OS Login Enabled
Compute - Persistent Disks Auto Delete
Compute - Public Disk Images
Compute - Shielded VM Enabled
Compute - Snapshot Encryption
Compute - Snapshot Labels Added
Compute - VM Disks CMK Encryption
Compute - VM Instance Deletion Protection
Compute - VM Instances Least Privilege
Compute - VM Max Instances
Cryptographic Keys - Key Protection Level
Cryptographic Keys - Key Rotation
Cryptographic Keys - KMS Public Access
Dataflow - Dataflow Hanged Jobs
Dataflow - Dataflow Jobs Encryption
Dataproc - Dataproc Cluster Encryption
Dataproc - Dataproc Cluster Labels Added
Dataproc - Hadoop Secure Mode Enabled
Deployment Manager - Delete Expired Deployments
DNS - DNS Security Enabled
DNS - DNS Security Signing Algorithm
DNS - DNS Zone Labels Added
IAM - Corporate Emails Only
IAM - KMS User Separation
IAM - Member Admin
IAM - Service Account Admin
IAM - Service Account Key Rotation
IAM - Service Account Managed Keys
IAM - Service Account Role
IAM - Service Account Separation
IAM - Service Account Token Creator
IAM - Service Account User
IAM - Service Limits
Kubernetes - Alias IP Ranges Enabled
Kubernetes - Automatic Node Repair Enabled
Kubernetes - Automatic Node Upgrades Enabled
Kubernetes - Basic Authentication Disabled
Kubernetes - Binary Authorization Enabled
Kubernetes - Cluster Encryption Enabled
Kubernetes - Cluster Labels Added
Kubernetes - Cluster Least Privilege
Kubernetes - COS Image Enabled
Kubernetes - Default Service Account
Kubernetes - Integrity Monitoring Enabled
Kubernetes - Kubernetes Alpha Disabled
Kubernetes - Legacy Authorization Disabled
Kubernetes - Logging Enabled
Kubernetes - Master Authorized Network
Kubernetes - Monitoring Enabled
Kubernetes - Network Policy Enabled
Kubernetes - Node Encryption Enabled
Kubernetes - Pod Security Policy Enabled
Kubernetes - Private Cluster Enabled
Kubernetes - Private Endpoint
Kubernetes - Secure Boot Enabled
Kubernetes - Shielded Nodes
Kubernetes - Web Dashboard Disabled
Logging - Audit Configuration Logging
Logging - Audit Logging Enabled
Logging - Custom Role Logging
Logging - Log Sinks Enabled
Logging - Project Ownership Logging
Logging - SQL Configuration Logging
Logging - Storage Permissions Logging
Logging - VPC Firewall Rule Logging
Logging - VPC Network Logging
Logging - VPC Network Route Logging
Pub/Sub - Dead Lettering Enabled
Pub/Sub - Topic All Users Policy
Pub/Sub - Topic Encryption Enabled
Pub/Sub - Topic Labels Added
Resource Manager - Compute Allowed External IPs
Resource Manager - Detailed Audit Logging Mode
Resource Manager - Disable Automatic IAM Grants
Resource Manager - Disable Default Encryption Creation
Resource Manager - Disable Guest Attributes
Resource Manager - Disable Serial Port Access
Resource Manager - Disable Service Account Creation
Resource Manager - Disable Service Account Key Creation
Resource Manager - Disable Service Account Key Upload
Resource Manager - Disable VM IP Forwarding
Resource Manager - Disable Workload Identity Cluster Creation
Resource Manager - Enforce Require OS Login
Resource Manager - Enforce Restrict Authorized Networks
Resource Manager - Enforce Uniform Bucket-Level Access
Resource Manager - Essential Contacts Configured
Resource Manager - Location-Based Service Restriction
Resource Manager - Restrict Load Balancer Creation
Resource Manager - Restrict Shared VPC Subnetworks
Resource Manager - Restrict VPC Peering
Resource Manager - Restrict VPN Peer IPs
Resource Manager - Skip Default Network Creation
Resource Manager - Trusted Image Projects
Security - Access Approval Enabled
Service Usage - Asset Inventory Enabled
Spanner - Spanner Instance Node Count
SQL - Any Host Root Access
SQL - Database SSL Enabled
SQL - DB Automated Backups
SQL - DB Multiple AZ
SQL - DB Publicly Accessible
SQL - DB Restorable
SQL - MySQL Latest Version
SQL - MySQL Local Infile Disabled
SQL - MySQL Skip Show Database Enabled
SQL - MySQL Slow Query Log Enabled
SQL - PostgreSQL Latest Version
SQL - PostgreSQL Log Checkpoints Enabled
SQL - PostgreSQL Log Connections Flag Enabled
SQL - PostgreSQL Log Disconnections Flag Enabled
SQL - PostgreSQL Log Error Verbosity
SQL - PostgreSQL Log Hostname Flag Enabled
SQL - PostgreSQL Log Lock Waits Flag Enabled
SQL - PostgreSQL Log Min Duration Statement
SQL - PostgreSQL Log Min Error Statement
SQL - PostgreSQL Log Min Messages
SQL - PostgreSQL Log Statement
SQL - PostgreSQL Log Temp Files
SQL - PostgreSQL Max Connections
SQL - PostgreSQL Pg Audit Flag Enabled
SQL - SQL CMK Encryption
SQL - SQL Contained Database Authentication
SQL - SQL Cross DB Ownership Chaining
SQL - SQL Instance Labels Added
SQL - SQL No Public IPs
SQL - SQL Server Contained Database Authentication Flag Disabled
SQL - SQL Server External Scripts Flag Disabled
SQL - SQL Server Remote Access Flag Disabled
SQL - SQL Server Trace Flag Disabled
SQL - SQL Server User Connections Flag
SQL - SQL Server User Options Flag Disabled
SQL - SSL Certificate Rotation
SQL - Storage Auto Increase Enabled
Storage - Bucket Encryption
Storage - Bucket Labels Added
Storage - Bucket Lifecycle Configured
Storage - Bucket Logging
Storage - Bucket Uniform Level Access
Storage - Bucket Versioning
Storage - Storage Bucket All Users Policy
Storage - Storage Bucket Retention Policy
VPC Network - Default VPC Exists
VPC Network - Default VPC In Use
VPC Network - Excessive Firewall Rules
VPC Network - Firewall Logging Metadata
VPC Network - Flow Logs Enabled
VPC Network - Instance Default Network
VPC Network - Legacy Network Exists
VPC Network - Multiple Subnets
VPC Network - Open All Ports
VPC Network - Open Cassandra
VPC Network - Open Cassandra Client
VPC Network - Open Cassandra Internode
VPC Network - Open Cassandra Monitoring
VPC Network - Open Cassandra Thrift
VPC Network - Open CIFS
VPC Network - Open Custom Ports
VPC Network - Open DNS
VPC Network - Open Docker
VPC Network - Open Elasticsearch
VPC Network - Open FTP
VPC Network - Open Hadoop HDFS NameNode Metadata Service
VPC Network - Open Hadoop HDFS NameNode WebUI
VPC Network - Open HTTP
VPC Network - Open Internal web
VPC Network - Open Kibana
VPC Network - Open LDAP
VPC Network - Open LDAPS
VPC Network - Open Memcached
VPC Network - Open MongoDB
VPC Network - Open MSSQL
VPC Network - Open MySQL
VPC Network - Open NetBIOS
VPC Network - Open Oracle
VPC Network - Open Oracle Auto Data Warehouse
VPC Network - Open PostgreSQL
VPC Network - Open RDP
VPC Network - Open Redis
VPC Network - Open RPC
VPC Network - Open Salt
VPC Network - Open SMBoTCP
VPC Network - Open SMTP
VPC Network - Open SNMP
VPC Network - Open SQLServer
VPC Network - Open SSH
VPC Network - Open Telnet
VPC Network - Open VNC Client
VPC Network - Open VNC Server
VPC Network - Private Access Enabled
VPC Network - VPC DNS Logging Enabled

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.