Checks whether a Function Compute service restricts access to a specified VPC.
Scenarios
Restrict your Function Compute service to allow calls only from a specified VPC to reduce security risks. Verify that this does not disrupt your workloads.
Risk level
Default risk level: High.
Adjustable per your requirements.
Detection logic
-
Compliant: the service allows calls only from a specified VPC.
-
Non-compliant: the service allows public network calls. Remediation.
Rule details
|
Parameter |
Description |
|
Rule name |
Set a Function Compute service to allow calls only from a specified VPC |
|
Rule ID |
fc-service-vpc-binding |
|
Tag |
FC, Service |
|
Automated remediation |
Not supported |
|
Triggering mechanism |
Configuration changes and scheduled execution |
|
Trigger frequency |
24 hours |
|
Supported resource types |
Function Compute triggers |
|
Rule parameters |
None |
Remediation
Restrict the Function Compute service to allow calls only from a specified VPC. Configure network settings.