Google Compute Subnetwork Logging Disabled
- Query id: 40430747-442d-450a-a34f-dc57149f4609
- Query name: Google Compute Subnetwork Logging Disabled
- Platform: Terraform
- Severity: Medium
- Category: Observability
- URL: Github
Description¶
This query checks if logs are enabled for a Google Compute Subnetwork resource.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_compute_subnetwork" "positive1" {
name = "log-test-subnetwork"
ip_cidr_range = "10.2.0.0/16"
region = "us-central1"
network = google_compute_network.custom-test.id
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "google_compute_subnetwork" "negative1" {
name = "log-test-subnetwork"
ip_cidr_range = "10.2.0.0/16"
region = "us-central1"
network = google_compute_network.custom-test.id
log_config {
aggregation_interval = "INTERVAL_10_MIN"
flow_sampling = 0.5
metadata = "INCLUDE_ALL_METADATA"
}
}