turbot/steampipe-mod-gcp-compliance

Add CIS check for Section 2.12

Closed this issue · 0 comments

Subhajit97 commented

2.12 Ensure that Cloud DNS logging is enabled for all VPC networks (Automated)

Audit:

From Command Line:

  1. List all VPCs networks in a project:
gcloud compute networks list --format="table[box,title='All VPC
Networks'](name:label='VPC Network Name')"
  1. List all DNS policies, logging enablement, and associated VPC networks:
gcloud dns policies list --flatten="networks[]" --
format="table[box,title='All DNS Policies By VPC Network'](name:label='Policy
Name',enableLogging:label='LoggingEnabled':align=center,networks.networkUrl.basename():label='VPC Network
Name')"

Each VPC Network should be associated with a DNS policy with logging enabled.