Gcp
Best practice
gcp-gke-nodepool-auto-repair-enabled
gcp-gke-nodepool-auto-repair-enabled
Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters
gcp-postgresql-log-lock-waits
gcp-postgresql-log-lock-waits
Ensure PostgreSQL database ‘log_lock_waits’ flag is set to ‘on’
gcp-mysql-local-in-file-off
gcp-mysql-local-in-file-off
Ensure MySQL database ‘local_infile’ flag is set to ‘off’
gcp-gke-use-cos-image
gcp-gke-use-cos-image
Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image
gcp-compute-template-shielded-vm
gcp-compute-template-shielded-vm
Ensure Compute instances are launched with Shielded VM enabled
gcp-gke-alias-ip-enabled
gcp-gke-alias-ip-enabled
Ensure Kubernetes Cluster is created with Alias IP ranges enabled
gcp-storage-versioning-enabled
gcp-storage-versioning-enabled
Ensure Cloud storage has versioning enabled
gcp-compute-shielded-vm
gcp-compute-shielded-vm
Ensure Compute instances are launched with Shielded VM enabled
gcp-postgresql-log-disconnection
gcp-postgresql-log-disconnection
Ensure PostgreSQL database ‘log_disconnections’ flag is set to ‘on’
gcp-gke-enable-shielded-nodes
gcp-gke-enable-shielded-nodes
Ensure Shielded GKE Nodes are Enabled
gcp-gke-nodepool-metadata-server-enabled
gcp-gke-nodepool-metadata-server-enabled
Ensure the GKE Metadata Server is Enabled
gcp-postgresql-log-min-message
gcp-postgresql-log-min-message
Ensure PostgreSQL database ‘log_min_messages’ flag is set to a valid value
gcp-postgresql-log-temp
gcp-postgresql-log-temp
Ensure PostgreSQL database ‘log_temp_files’ flag is set to ‘0’
gcp-postgresql-log-checkpoints
gcp-postgresql-log-checkpoints
Ensure PostgreSQL database ‘log_checkpoints’ flag is set to ‘on’
gcp-gke-sql-backup-configuration-enabled
gcp-gke-sql-backup-configuration-enabled
Ensure all Cloud SQL database instance have backup configuration enabled
gcp-gke-binary-authorization
gcp-gke-binary-authorization
gcp-postgresql-log-connection
gcp-postgresql-log-connection
Ensure PostgreSQL database ‘log_connections’ flag is set to ‘on’
gcp-postgresql-log-min-duration
gcp-postgresql-log-min-duration
Ensure PostgreSQL database ‘log_min_duration_statement’ flag is set to ‘-1’
gcp-dnssec-enabled
gcp-dnssec-enabled
Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC
gcp-gke-metadata-server-enabled
gcp-gke-metadata-server-enabled
Ensure the GKE Metadata Server is Enabled
gcp-gke-nodepool-auto-upgrade-enabled
gcp-gke-nodepool-auto-upgrade-enabled
Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters
gcp-ipv6-private-google-enabled
gcp-ipv6-private-google-enabled
Ensure that Private google access is enabled for IPV6
gcp-gke-nodepool-secure-boot-for-shielded-nodes
gcp-gke-nodepool-secure-boot-for-shielded-nodes
Ensure Secure Boot for Shielded GKE Nodes is Enabled
gcp-gke-has-labels
gcp-gke-has-labels
Ensure Kubernetes Clusters are configured with Labels