Ensure that only compliant load balancer types can be used to create Google Cloud load balancers for the GCP projects and folders within your organization. The list of allowed load balancer types can only include values from the following list: INTERNAL_TCP_UDP, INTERNAL_HTTP_HTTPS, EXTERNAL_NETWORK_TCP_UDP, EXTERNAL_TCP_PROXY, EXTERNAL_SSL_PROXY, EXTERNAL_HTTP_HTTPS. To include all internal or all external load balancer types, use the in: prefix followed by INTERNAL or EXTERNAL. Every load balancer type to be allowed must be defined explicitly in the conformity rule settings, on the Trend Micro Cloud One™ – Conformity account console.
By default, creation of all types of Google Cloud load balancers is allowed. However, strict internal compliance requirements may prohibit the creation of load balancers of any type. By enforcing the "Restrict Load Balancer Creation Based on Load Balancer Types" constraint policy, you can easily control which types of load balancers can be deployed within your GCP organization.
Audit
To determine if the creation of load balancers at the GCP organization level is restricted based on the load balancer types, perform the following operations:
Remediation / Resolution
To enforce the creation of Google Cloud load balancers of certain (compliant) types only, enable and configure the "Restrict Load Balancer Creation Based on Load Balancer Types" organization policy by performing the following operations:
References
- Google Cloud Platform (GCP) Documentation
- Choosing a load balancer
- Organization policy constraints
- Creating and managing organization policies
- GCP Command Line Interface (CLI) Documentation
- gcloud organizations list
- gcloud alpha resource-manager org-policies describe
- gcloud beta resource-manager org-policies set-policy
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Restrict Load Balancer Creation Based on Load Balancer Types
Risk Level: Medium