Google Compute Subnetwork Logging Disabled

• Query id: 40430747-442d-450a-a34f-dc57149f4609
• Query name: Google Compute Subnetwork Logging Disabled
• Platform: Terraform
• Severity: Medium
• Category: Observability
• URL: Github

Description

This query checks if logs are enabled for a Google Compute Subnetwork resource.
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file

resource "google_compute_subnetwork" "positive1" {
  name          = "log-test-subnetwork"
  ip_cidr_range = "10.2.0.0/16"
  region        = "us-central1"
  network       = google_compute_network.custom-test.id
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "google_compute_subnetwork" "negative1" {
  name          = "log-test-subnetwork"
  ip_cidr_range = "10.2.0.0/16"
  region        = "us-central1"
  network       = google_compute_network.custom-test.id

  log_config {
    aggregation_interval = "INTERVAL_10_MIN"
    flow_sampling        = 0.5
    metadata             = "INCLUDE_ALL_METADATA"
  }
}