From b6b0e07a1722c6460320dad8134a1b9e468616ce Mon Sep 17 00:00:00 2001 From: Madhushree Ray Date: Thu, 5 Sep 2024 16:45:43 +0530 Subject: [PATCH] Fix titles for GCP Policy packs (#822) --- .../README.md | 2 +- .../main.tf | 2 +- .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../enforce_instances_to_not_use_unapproved_images/main.tf | 5 ----- .../README.md | 4 ++-- .../enforce_instances_use_only_approved_images/main.tf | 5 +++++ .../policies.tf | 0 .../providers.tf | 0 policy_packs/gcp/guardrails/enable_event_handlers/README.md | 2 +- policy_packs/gcp/guardrails/enable_event_handlers/main.tf | 2 +- policy_packs/gcp/guardrails/enable_event_poller/README.md | 2 +- policy_packs/gcp/guardrails/enable_event_poller/main.tf | 2 +- .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../kms/check_crypto_keys_are_rotated_regularly/README.md | 2 +- .../README.md | 2 +- .../main.tf | 2 +- .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../README.md | 2 +- .../main.tf | 2 +- .../README.md | 4 ++-- .../main.tf | 4 ++-- .../policies.tf | 0 .../providers.tf | 0 .../README.md | 2 +- .../main.tf | 2 +- .../gcp/storage/enforce_uniform_access_on_buckets/README.md | 2 +- .../gcp/storage/enforce_uniform_access_on_buckets/main.tf | 2 +- 64 files changed, 66 insertions(+), 66 deletions(-) rename policy_packs/gcp/computeengine/{enforce_disks_to_be_attached_to_instances => enforce_disks_are_attached_to_instances}/README.md (95%) rename policy_packs/gcp/computeengine/{enforce_disks_to_be_attached_to_instances => enforce_disks_are_attached_to_instances}/main.tf (60%) rename policy_packs/gcp/computeengine/{enforce_disks_to_be_attached_to_instances => enforce_disks_are_attached_to_instances}/policies.tf (100%) rename policy_packs/gcp/computeengine/{enforce_disks_to_be_attached_to_instances => enforce_disks_are_attached_to_instances}/providers.tf (100%) rename policy_packs/gcp/computeengine/{enforce_disks_to_not_be_older_than_7_days => enforce_disks_are_not_older_than_7_days}/README.md (95%) rename policy_packs/gcp/computeengine/{enforce_disks_to_not_be_older_than_7_days => enforce_disks_are_not_older_than_7_days}/main.tf (59%) rename policy_packs/gcp/computeengine/{enforce_disks_to_not_be_older_than_7_days => enforce_disks_are_not_older_than_7_days}/policies.tf (100%) rename policy_packs/gcp/computeengine/{enforce_disks_to_not_be_older_than_7_days => enforce_disks_are_not_older_than_7_days}/providers.tf (100%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_be_older_than_7_days => enforce_instances_are_not_older_than_7_days}/README.md (95%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_be_older_than_7_days => enforce_instances_are_not_older_than_7_days}/main.tf (59%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_be_older_than_7_days => enforce_instances_are_not_older_than_7_days}/policies.tf (100%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_be_older_than_7_days => enforce_instances_are_not_older_than_7_days}/providers.tf (100%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_external_ip_address => enforce_instances_do_not_use_external_ip_address}/README.md (96%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_external_ip_address => enforce_instances_do_not_use_external_ip_address}/main.tf (69%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_external_ip_address => enforce_instances_do_not_use_external_ip_address}/policies.tf (100%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_external_ip_address => enforce_instances_do_not_use_external_ip_address}/providers.tf (100%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_specific_machine_types => enforce_instances_do_not_use_specific_machine_types}/README.md (96%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_specific_machine_types => enforce_instances_do_not_use_specific_machine_types}/main.tf (75%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_specific_machine_types => enforce_instances_do_not_use_specific_machine_types}/policies.tf (100%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_specific_machine_types => enforce_instances_do_not_use_specific_machine_types}/providers.tf (100%) delete mode 100644 policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/main.tf rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_unapproved_images => enforce_instances_use_only_approved_images}/README.md (95%) create mode 100644 policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/main.tf rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_unapproved_images => enforce_instances_use_only_approved_images}/policies.tf (100%) rename policy_packs/gcp/computeengine/{enforce_instances_to_not_use_unapproved_images => enforce_instances_use_only_approved_images}/providers.tf (100%) rename policy_packs/gcp/iam/{enforce_user_service_accounts_to_not_have_admin_privileges => enforce_user_service_accounts_do_not_have_admin_privileges}/README.md (96%) rename policy_packs/gcp/iam/{enforce_user_service_accounts_to_not_have_admin_privileges => enforce_user_service_accounts_do_not_have_admin_privileges}/main.tf (61%) rename policy_packs/gcp/iam/{enforce_user_service_accounts_to_not_have_admin_privileges => enforce_user_service_accounts_do_not_have_admin_privileges}/policies.tf (100%) rename policy_packs/gcp/iam/{enforce_user_service_accounts_to_not_have_admin_privileges => enforce_user_service_accounts_do_not_have_admin_privileges}/providers.tf (100%) rename policy_packs/gcp/network/{check_https_is_enforced_for_load_balancers => check_load_balancers_enforce_https}/README.md (94%) rename policy_packs/gcp/network/{check_https_is_enforced_for_load_balancers => check_load_balancers_enforce_https}/main.tf (54%) rename policy_packs/gcp/network/{check_https_is_enforced_for_load_balancers => check_load_balancers_enforce_https}/policies.tf (100%) rename policy_packs/gcp/network/{check_https_is_enforced_for_load_balancers => check_load_balancers_enforce_https}/providers.tf (100%) rename policy_packs/gcp/network/{enforce_default_vpc_network_is_not_used_for_projects => enforce_default_vpc_network_is_not_used_in_projects}/README.md (97%) rename policy_packs/gcp/network/{enforce_default_vpc_network_is_not_used_for_projects => enforce_default_vpc_network_is_not_used_in_projects}/main.tf (75%) rename policy_packs/gcp/network/{enforce_default_vpc_network_is_not_used_for_projects => enforce_default_vpc_network_is_not_used_in_projects}/policies.tf (100%) rename policy_packs/gcp/network/{enforce_default_vpc_network_is_not_used_for_projects => enforce_default_vpc_network_is_not_used_in_projects}/providers.tf (100%) rename policy_packs/gcp/network/{enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic => enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic}/README.md (96%) rename policy_packs/gcp/network/{enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic => enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic}/main.tf (80%) rename policy_packs/gcp/network/{enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic => enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic}/policies.tf (100%) rename policy_packs/gcp/network/{enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic => enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic}/providers.tf (100%) rename policy_packs/gcp/network/{enforce_firewall_to_not_allow_egress_access => enforce_firewall_to_block_egress_access}/README.md (96%) rename policy_packs/gcp/network/{enforce_firewall_to_not_allow_egress_access => enforce_firewall_to_block_egress_access}/main.tf (54%) rename policy_packs/gcp/network/{enforce_firewall_to_not_allow_egress_access => enforce_firewall_to_block_egress_access}/policies.tf (100%) rename policy_packs/gcp/network/{enforce_firewall_to_not_allow_egress_access => enforce_firewall_to_block_egress_access}/providers.tf (100%) rename policy_packs/gcp/storage/{enforce_buckets_to_not_be_older_than_7_days => enforce_buckets_are_not_older_than_7_days}/README.md (96%) rename policy_packs/gcp/storage/{enforce_buckets_to_not_be_older_than_7_days => enforce_buckets_are_not_older_than_7_days}/main.tf (60%) rename policy_packs/gcp/storage/{enforce_buckets_to_not_be_older_than_7_days => enforce_buckets_are_not_older_than_7_days}/policies.tf (100%) rename policy_packs/gcp/storage/{enforce_buckets_to_not_be_older_than_7_days => enforce_buckets_are_not_older_than_7_days}/providers.tf (100%) diff --git a/policy_packs/gcp/computeengine/enforce_block_project_wide_ssh_keys_is_enabled_for_instances/README.md b/policy_packs/gcp/computeengine/enforce_block_project_wide_ssh_keys_is_enabled_for_instances/README.md index 881dff188..2764b7b65 100644 --- a/policy_packs/gcp/computeengine/enforce_block_project_wide_ssh_keys_is_enabled_for_instances/README.md +++ b/policy_packs/gcp/computeengine/enforce_block_project_wide_ssh_keys_is_enabled_for_instances/README.md @@ -4,7 +4,7 @@ primary_category: "security" type: "featured" --- -# Enforce Enable Block Project-Wide SSH Keys for GCP Compute Engine Instances +# Enforce Block Project-Wide SSH Keys for GCP Compute Engine Instances Enforcing the enablement of block project-wide SSH keys for GCP Compute Engine instances is important because it restricts the use of universally accessible SSH keys, thereby reducing the risk of unauthorized access. This measure ensures that only instance-specific SSH keys are used, enhancing the security and control over individual instance access. diff --git a/policy_packs/gcp/computeengine/enforce_block_project_wide_ssh_keys_is_enabled_for_instances/main.tf b/policy_packs/gcp/computeengine/enforce_block_project_wide_ssh_keys_is_enabled_for_instances/main.tf index 20cec569d..e812521df 100644 --- a/policy_packs/gcp/computeengine/enforce_block_project_wide_ssh_keys_is_enabled_for_instances/main.tf +++ b/policy_packs/gcp/computeengine/enforce_block_project_wide_ssh_keys_is_enabled_for_instances/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce Enable Block Project-Wide SSH Keys for GCP Compute Engine Instances" + title = "Enforce Block Project-Wide SSH Keys for GCP Compute Engine Instances" description = "Restrict the use of universally accessible SSH keys, thereby reducing the risk of unauthorized access." akas = ["gcp_computeengine_enforce_block_project_wide_ssh_keys_is_enabled_for_instances"] } diff --git a/policy_packs/gcp/computeengine/enforce_disks_to_be_attached_to_instances/README.md b/policy_packs/gcp/computeengine/enforce_disks_are_attached_to_instances/README.md similarity index 95% rename from policy_packs/gcp/computeengine/enforce_disks_to_be_attached_to_instances/README.md rename to policy_packs/gcp/computeengine/enforce_disks_are_attached_to_instances/README.md index 085380293..1cad5f2a2 100644 --- a/policy_packs/gcp/computeengine/enforce_disks_to_be_attached_to_instances/README.md +++ b/policy_packs/gcp/computeengine/enforce_disks_are_attached_to_instances/README.md @@ -3,7 +3,7 @@ categories: ["cost controls", "compute", "security", "storage"] primary_category: "cost controls" --- -# Enforce GCP Compute Engine Disks to Be Attached to Instances +# Enforce GCP Compute Engine Disks Are Attached to Instances Enforcing GCP Compute Engine disks to be attached to instances is important for optimizing resource utilization and cost management. This control ensures that all allocated storage is actively used and monitored, reducing the risk of unnecessary expenses and potential security vulnerabilities associated with unattached disks. @@ -13,7 +13,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can ## Documentation -- **[Review Policy settings →](https://hub.guardrails.turbot.com/policy-packs/enforce_disks_to_be_attached_to_instances/settings)** +- **[Review Policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_disks_are_attached_to_instances/settings)** ## Getting Started diff --git a/policy_packs/gcp/computeengine/enforce_disks_to_be_attached_to_instances/main.tf b/policy_packs/gcp/computeengine/enforce_disks_are_attached_to_instances/main.tf similarity index 60% rename from policy_packs/gcp/computeengine/enforce_disks_to_be_attached_to_instances/main.tf rename to policy_packs/gcp/computeengine/enforce_disks_are_attached_to_instances/main.tf index 2f594532b..15e4c2d27 100644 --- a/policy_packs/gcp/computeengine/enforce_disks_to_be_attached_to_instances/main.tf +++ b/policy_packs/gcp/computeengine/enforce_disks_are_attached_to_instances/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce GCP Compute Engine Disks to Be Attached to Instances" + title = "Enforce GCP Compute Engine Disks Are Attached to Instances" description = "Ensure that all allocated storage is actively used and monitored, reducing the risk of unnecessary expenses and potential security vulnerabilities associated with unattached disks." - akas = ["gcp_computeengine_enforce_disks_to_be_attached_to_instances"] + akas = ["gcp_computeengine_enforce_disks_are_attached_to_instances"] } diff --git a/policy_packs/gcp/computeengine/enforce_disks_to_be_attached_to_instances/policies.tf b/policy_packs/gcp/computeengine/enforce_disks_are_attached_to_instances/policies.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_disks_to_be_attached_to_instances/policies.tf rename to policy_packs/gcp/computeengine/enforce_disks_are_attached_to_instances/policies.tf diff --git a/policy_packs/gcp/computeengine/enforce_disks_to_be_attached_to_instances/providers.tf b/policy_packs/gcp/computeengine/enforce_disks_are_attached_to_instances/providers.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_disks_to_be_attached_to_instances/providers.tf rename to policy_packs/gcp/computeengine/enforce_disks_are_attached_to_instances/providers.tf diff --git a/policy_packs/gcp/computeengine/enforce_disks_to_not_be_older_than_7_days/README.md b/policy_packs/gcp/computeengine/enforce_disks_are_not_older_than_7_days/README.md similarity index 95% rename from policy_packs/gcp/computeengine/enforce_disks_to_not_be_older_than_7_days/README.md rename to policy_packs/gcp/computeengine/enforce_disks_are_not_older_than_7_days/README.md index 9ca2c0f55..730c78de2 100644 --- a/policy_packs/gcp/computeengine/enforce_disks_to_not_be_older_than_7_days/README.md +++ b/policy_packs/gcp/computeengine/enforce_disks_are_not_older_than_7_days/README.md @@ -3,7 +3,7 @@ categories: ["compute", "cost controls"] primary_category: "cost controls" --- -# Enforce GCP Compute Engine Disks to Not Be Older Than 7 Days +# Enforce GCP Compute Engine Disks Are Not Older Than 7 Days Enforcing GCP Compute Engine Disks to not be older than 7 days is critical to ensure that data storage is continuously refreshed and aligned with the latest security and performance standards. This practice helps prevent the accumulation of outdated and potentially vulnerable disks, thereby enhancing overall data integrity and security. @@ -11,7 +11,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Delete disks that are older than 7 days -- **[Review Policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_disks_to_not_be_older_than_7_days/settings)** +- **[Review Policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_disks_are_not_older_than_7_days/settings)** ## Getting Started diff --git a/policy_packs/gcp/computeengine/enforce_disks_to_not_be_older_than_7_days/main.tf b/policy_packs/gcp/computeengine/enforce_disks_are_not_older_than_7_days/main.tf similarity index 59% rename from policy_packs/gcp/computeengine/enforce_disks_to_not_be_older_than_7_days/main.tf rename to policy_packs/gcp/computeengine/enforce_disks_are_not_older_than_7_days/main.tf index c2603a6e4..8bf77c2b3 100644 --- a/policy_packs/gcp/computeengine/enforce_disks_to_not_be_older_than_7_days/main.tf +++ b/policy_packs/gcp/computeengine/enforce_disks_are_not_older_than_7_days/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce GCP Compute Engine Disks to Not Be Older Than 7 Days" + title = "Enforce GCP Compute Engine Disks Are Not Older Than 7 Days" description = "Enforcing disks to not be older than 7 days is critical to ensure that data storage is continuously refreshed and aligned with the latest security and performance standards." - akas = ["gcp_computeengine_enforce_disks_to_not_be_older_than_7_days"] + akas = ["gcp_computeengine_enforce_disks_are_not_older_than_7_days"] } diff --git a/policy_packs/gcp/computeengine/enforce_disks_to_not_be_older_than_7_days/policies.tf b/policy_packs/gcp/computeengine/enforce_disks_are_not_older_than_7_days/policies.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_disks_to_not_be_older_than_7_days/policies.tf rename to policy_packs/gcp/computeengine/enforce_disks_are_not_older_than_7_days/policies.tf diff --git a/policy_packs/gcp/computeengine/enforce_disks_to_not_be_older_than_7_days/providers.tf b/policy_packs/gcp/computeengine/enforce_disks_are_not_older_than_7_days/providers.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_disks_to_not_be_older_than_7_days/providers.tf rename to policy_packs/gcp/computeengine/enforce_disks_are_not_older_than_7_days/providers.tf diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_be_older_than_7_days/README.md b/policy_packs/gcp/computeengine/enforce_instances_are_not_older_than_7_days/README.md similarity index 95% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_be_older_than_7_days/README.md rename to policy_packs/gcp/computeengine/enforce_instances_are_not_older_than_7_days/README.md index aedb93f75..155d58d02 100644 --- a/policy_packs/gcp/computeengine/enforce_instances_to_not_be_older_than_7_days/README.md +++ b/policy_packs/gcp/computeengine/enforce_instances_are_not_older_than_7_days/README.md @@ -3,7 +3,7 @@ categories: ["compute", "cost controls"] primary_category: "cost controls" --- -# Enforce GCP Compute Engine Instances to Not Be Older Than 7 Days +# Enforce GCP Compute Engine Instances Are Not Older Than 7 Days Enforcing GCP Compute Engine Instances to not be older than 7 days is important to ensure that instances are regularly updated and patched, minimizing the risk of vulnerabilities and security exploits. This practice promotes a secure and resilient infrastructure by ensuring that all instances run the latest software versions and configurations. @@ -11,7 +11,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Terminate instances that are older than 7 days -- **[Review Policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_instances_to_not_be_older_than_7_days/settings)** +- **[Review Policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_instances_are_not_older_than_7_days/settings)** ## Getting Started diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_be_older_than_7_days/main.tf b/policy_packs/gcp/computeengine/enforce_instances_are_not_older_than_7_days/main.tf similarity index 59% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_be_older_than_7_days/main.tf rename to policy_packs/gcp/computeengine/enforce_instances_are_not_older_than_7_days/main.tf index c6e831945..0b8b92dc1 100644 --- a/policy_packs/gcp/computeengine/enforce_instances_to_not_be_older_than_7_days/main.tf +++ b/policy_packs/gcp/computeengine/enforce_instances_are_not_older_than_7_days/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce GCP Compute Engine Instances to Not Be Older Than 7 Days" + title = "Enforce GCP Compute Engine Instances Are Not Older Than 7 Days" description = "Enforcing instances to not be older than 7 days is important to ensure that instances are regularly updated and patched, minimizing the risk of vulnerabilities and security exploits." - akas = ["gcp_computeengine_enforce_instances_to_not_be_older_than_7_days"] + akas = ["gcp_computeengine_enforce_instances_are_not_older_than_7_days"] } diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_be_older_than_7_days/policies.tf b/policy_packs/gcp/computeengine/enforce_instances_are_not_older_than_7_days/policies.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_be_older_than_7_days/policies.tf rename to policy_packs/gcp/computeengine/enforce_instances_are_not_older_than_7_days/policies.tf diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_be_older_than_7_days/providers.tf b/policy_packs/gcp/computeengine/enforce_instances_are_not_older_than_7_days/providers.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_be_older_than_7_days/providers.tf rename to policy_packs/gcp/computeengine/enforce_instances_are_not_older_than_7_days/providers.tf diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_external_ip_address/README.md b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_external_ip_address/README.md similarity index 96% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_external_ip_address/README.md rename to policy_packs/gcp/computeengine/enforce_instances_do_not_use_external_ip_address/README.md index 1a06da806..7af806bec 100644 --- a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_external_ip_address/README.md +++ b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_external_ip_address/README.md @@ -3,7 +3,7 @@ categories: ["security", "networking"] primary_category: "security" --- -# Enforce GCP Compute Engine Instances to Not Use External IP Addresses +# Enforce GCP Compute Engine Instances Do Not Use External IP Addresses Enforcing GCP Compute Engine instances to not use external IP addresses is vital for reducing the attack surface and enhancing security. By restricting instances to internal IP addresses, it minimizes exposure to the internet, thereby protecting sensitive data and systems from unauthorized access and potential threats. @@ -11,7 +11,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Enforce no external IP addresses are used -**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_instances_to_not_use_external_ip_address/settings)** +**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_instances_do_not_use_external_ip_address/settings)** ## Getting Started diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_external_ip_address/main.tf b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_external_ip_address/main.tf similarity index 69% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_external_ip_address/main.tf rename to policy_packs/gcp/computeengine/enforce_instances_do_not_use_external_ip_address/main.tf index d15564865..a9f3fd6ca 100644 --- a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_external_ip_address/main.tf +++ b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_external_ip_address/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce GCP Compute Engine Instances to Not Use External IP Addresses" + title = "Enforce GCP Compute Engine Instances Do Not Use External IP Addresses" description = "Limiting instances to internal IP addresses only minimizes exposure to the internet, thereby protecting sensitive data and systems from unauthorized access and potential threats." - akas = ["gcp_computeengine_enforce_instances_to_not_use_external_ip_address"] + akas = ["gcp_computeengine_enforce_instances_do_not_use_external_ip_address"] } diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_external_ip_address/policies.tf b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_external_ip_address/policies.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_external_ip_address/policies.tf rename to policy_packs/gcp/computeengine/enforce_instances_do_not_use_external_ip_address/policies.tf diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_external_ip_address/providers.tf b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_external_ip_address/providers.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_external_ip_address/providers.tf rename to policy_packs/gcp/computeengine/enforce_instances_do_not_use_external_ip_address/providers.tf diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_specific_machine_types/README.md b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_specific_machine_types/README.md similarity index 96% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_specific_machine_types/README.md rename to policy_packs/gcp/computeengine/enforce_instances_do_not_use_specific_machine_types/README.md index d3123f315..fdfe8616d 100644 --- a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_specific_machine_types/README.md +++ b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_specific_machine_types/README.md @@ -3,7 +3,7 @@ categories: ["compute", "cost controls", "security"] primary_category: "cost controls" --- -# Enforce GCP Compute Engine Instances to Not Use Specific Machine Types +# Enforce GCP Compute Engine Instances Do Not Use Specific Machine Types Enforcing GCP Compute Engine Instances to not use specific machine types is important to ensure compliance with organizational policies and cost management strategies. This control helps prevent the use of machine types that may be unsuitable for certain workloads, excessively costly, or lacking necessary security features, thereby optimizing resource utilization and maintaining a secure environment. @@ -13,7 +13,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Set unapproved list of instance family - Terminate instances that are not approved for use due to unapproved size or family -**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_instances_to_not_use_specific_machine_types/settings)** +**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_instances_do_not_use_specific_machine_types/settings)** ## Getting Started diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_specific_machine_types/main.tf b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_specific_machine_types/main.tf similarity index 75% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_specific_machine_types/main.tf rename to policy_packs/gcp/computeengine/enforce_instances_do_not_use_specific_machine_types/main.tf index 9c622006c..f33bef749 100644 --- a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_specific_machine_types/main.tf +++ b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_specific_machine_types/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce GCP Compute Engine Instances to Not Use Specific Machine Types" + title = "Enforce GCP Compute Engine Instances Do Not Use Specific Machine Types" description = "Enforce instances to not use specific machine types helps prevent the use of machine types that may be unsuitable for certain workloads, excessively costly, or lacking necessary security features, thereby optimizing resource utilization and maintaining a secure environment." - akas = ["gcp_computeengine_enforce_instances_to_not_use_specific_machine_types"] + akas = ["gcp_computeengine_enforce_instances_do_not_use_specific_machine_types"] } diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_specific_machine_types/policies.tf b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_specific_machine_types/policies.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_specific_machine_types/policies.tf rename to policy_packs/gcp/computeengine/enforce_instances_do_not_use_specific_machine_types/policies.tf diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_specific_machine_types/providers.tf b/policy_packs/gcp/computeengine/enforce_instances_do_not_use_specific_machine_types/providers.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_specific_machine_types/providers.tf rename to policy_packs/gcp/computeengine/enforce_instances_do_not_use_specific_machine_types/providers.tf diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/main.tf b/policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/main.tf deleted file mode 100644 index 5aca5fa6e..000000000 --- a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/main.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_policy_pack" "main" { - title = "Enforce GCP Compute Engine Instances to Not Use Unapproved Images" - description = "Ensure that all instances adhere to organizational standards, reducing the risk of vulnerabilities." - akas = ["gcp_computeengine_enforce_instances_to_not_use_unapproved_images"] -} diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/README.md b/policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/README.md similarity index 95% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/README.md rename to policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/README.md index 62a84f5ce..72a52eaad 100644 --- a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/README.md +++ b/policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/README.md @@ -3,7 +3,7 @@ categories: ["compute", "security"] primary_category: "security" --- -# Enforce GCP Compute Engine Instances to Not Use Unapproved Images +# Enforce GCP Compute Engine Instances Use Only Approved Images Enforcing GCP Compute Engine instances to not use unapproved images is crucial for maintaining security, compliance, and consistency across the infrastructure. It ensures that all instances adhere to organizational standards, reducing the risk of vulnerabilities, unauthorized software, and potential breaches. @@ -12,7 +12,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Set list of approved image IDs - Stop/Terminate instances that use unapproved images -**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_instances_to_not_use_unapproved_images/settings)** +**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_computeengine_enforce_instances_use_only_approved_images/settings)** ## Getting Started diff --git a/policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/main.tf b/policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/main.tf new file mode 100644 index 000000000..7a76b3884 --- /dev/null +++ b/policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/main.tf @@ -0,0 +1,5 @@ +resource "turbot_policy_pack" "main" { + title = "Enforce GCP Compute Engine Instances Use Only Approved Images" + description = "Ensure that all instances adhere to organizational standards, reducing the risk of vulnerabilities." + akas = ["gcp_computeengine_enforce_instances_use_only_approved_images"] +} diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/policies.tf b/policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/policies.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/policies.tf rename to policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/policies.tf diff --git a/policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/providers.tf b/policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/providers.tf similarity index 100% rename from policy_packs/gcp/computeengine/enforce_instances_to_not_use_unapproved_images/providers.tf rename to policy_packs/gcp/computeengine/enforce_instances_use_only_approved_images/providers.tf diff --git a/policy_packs/gcp/guardrails/enable_event_handlers/README.md b/policy_packs/gcp/guardrails/enable_event_handlers/README.md index 2311fb99d..8a4f08fe0 100644 --- a/policy_packs/gcp/guardrails/enable_event_handlers/README.md +++ b/policy_packs/gcp/guardrails/enable_event_handlers/README.md @@ -4,7 +4,7 @@ primary_category: "logging" type: "featured" --- -# Enable Event Handlers for GCP Projects in Guardrails +# Enable Event Handlers for GCP Projects The Guardrails Event Handlers are responsible for conveying events from GCP Logging back to Guardrails for processing. This is a requirement for Guardrails to process and respond in real-time. diff --git a/policy_packs/gcp/guardrails/enable_event_handlers/main.tf b/policy_packs/gcp/guardrails/enable_event_handlers/main.tf index f6ac743d7..960171d7d 100644 --- a/policy_packs/gcp/guardrails/enable_event_handlers/main.tf +++ b/policy_packs/gcp/guardrails/enable_event_handlers/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { akas = ["gcp_guardrails_enable_event_handlers"] - title = "Enable Event Handlers for GCP Projects in Guardrails" + title = "Enable Event Handlers for GCP Projects" description = "The Guardrails Event Handlers are responsible for conveying events from GCP Logging back to Guardrails for processing. This is a requirement for Guardrails to process and respond in real-time." } diff --git a/policy_packs/gcp/guardrails/enable_event_poller/README.md b/policy_packs/gcp/guardrails/enable_event_poller/README.md index 2dbad6ed1..6266ab275 100644 --- a/policy_packs/gcp/guardrails/enable_event_poller/README.md +++ b/policy_packs/gcp/guardrails/enable_event_poller/README.md @@ -3,7 +3,7 @@ categories: ["logging", "networking"] primary_category: "logging" --- -# Enable Event Poller for GCP Projects in Guardrails +# Enable Event Poller for GCP Projects The Guardrails Event Poller are responsible polling GCP Logging at intervals specified and retrieves the latest events for processing. diff --git a/policy_packs/gcp/guardrails/enable_event_poller/main.tf b/policy_packs/gcp/guardrails/enable_event_poller/main.tf index a22ef9126..3b68beef5 100644 --- a/policy_packs/gcp/guardrails/enable_event_poller/main.tf +++ b/policy_packs/gcp/guardrails/enable_event_poller/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { akas = ["gcp_guardrails_enable_event_poller"] - title = "Enable Event Poller for GCP Projects in Guardrails" + title = "Enable Event Poller for GCP Projects" description = "The Guardrails Event Poller are responsible polling GCP Logging at intervals specified and retrieves the latest events for processing." } diff --git a/policy_packs/gcp/iam/enforce_user_service_accounts_to_not_have_admin_privileges/README.md b/policy_packs/gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges/README.md similarity index 96% rename from policy_packs/gcp/iam/enforce_user_service_accounts_to_not_have_admin_privileges/README.md rename to policy_packs/gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges/README.md index 50e3716e8..8f7bdb86b 100644 --- a/policy_packs/gcp/iam/enforce_user_service_accounts_to_not_have_admin_privileges/README.md +++ b/policy_packs/gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges/README.md @@ -4,7 +4,7 @@ primary_category: "access management" type: "featured" --- -# Enforce GCP IAM User-Managed Service Accounts to Not Have Admin Privileges +# Enforce GCP IAM User-Managed Service Accounts Do Not Have Admin Privileges Enforcing that GCP IAM user-managed service accounts do not have admin privileges is essential for maintaining the principle of least privilege. This minimizes the risk of unauthorized access and potential misuse of administrative capabilities, enhancing security by ensuring that service accounts only have the permissions necessary to perform their specific tasks. @@ -12,7 +12,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Delete service accounts that have `roles/owner`, `roles/admin` or `roles/editor` privileges -**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_iam_enforce_user_service_accounts_to_not_have_admin_privileges/settings)** +**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_iam_enforce_user_service_accounts_do_not_have_admin_privileges/settings)** ## Getting Started diff --git a/policy_packs/gcp/iam/enforce_user_service_accounts_to_not_have_admin_privileges/main.tf b/policy_packs/gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges/main.tf similarity index 61% rename from policy_packs/gcp/iam/enforce_user_service_accounts_to_not_have_admin_privileges/main.tf rename to policy_packs/gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges/main.tf index 7cb0dce77..187c720a2 100644 --- a/policy_packs/gcp/iam/enforce_user_service_accounts_to_not_have_admin_privileges/main.tf +++ b/policy_packs/gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce GCP IAM User-Managed Service Accounts to Not Have Admin Privileges" + title = "Enforce GCP IAM User-Managed Service Accounts Do Not Have Admin Privileges" description = "Minimize the risk of unauthorized access and potential misuse of administrative capabilities." - akas = ["gcp_iam_enforce_user_service_accounts_to_not_have_admin_privileges"] + akas = ["gcp_iam_enforce_user_service_accounts_do_not_have_admin_privileges"] } diff --git a/policy_packs/gcp/iam/enforce_user_service_accounts_to_not_have_admin_privileges/policies.tf b/policy_packs/gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges/policies.tf similarity index 100% rename from policy_packs/gcp/iam/enforce_user_service_accounts_to_not_have_admin_privileges/policies.tf rename to policy_packs/gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges/policies.tf diff --git a/policy_packs/gcp/iam/enforce_user_service_accounts_to_not_have_admin_privileges/providers.tf b/policy_packs/gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges/providers.tf similarity index 100% rename from policy_packs/gcp/iam/enforce_user_service_accounts_to_not_have_admin_privileges/providers.tf rename to policy_packs/gcp/iam/enforce_user_service_accounts_do_not_have_admin_privileges/providers.tf diff --git a/policy_packs/gcp/kms/check_crypto_keys_are_rotated_regularly/README.md b/policy_packs/gcp/kms/check_crypto_keys_are_rotated_regularly/README.md index 3aa92c291..9b754b762 100644 --- a/policy_packs/gcp/kms/check_crypto_keys_are_rotated_regularly/README.md +++ b/policy_packs/gcp/kms/check_crypto_keys_are_rotated_regularly/README.md @@ -3,7 +3,7 @@ categories: ["data protection", "security"] primary_category: "data protection" --- -# Enforce GCP KMS Crypto Keys to be rotated on regular basis +# Check If GCP KMS Crypto Keys Are Rotated Regularly KMS Crypto Keys should be rotated on regular basis. A rotation schedule defines the frequency of rotation, and optionally the date and time when the first rotation occurs. The rotation schedule can be based on either the key's age or the number or volume of messages encrypted with a key version. Enforcing regular rotation of GCP KMS crypto keys is essential for maintaining the security and integrity of encrypted data. Regular key rotation mitigates the risk of key compromise, ensuring that even if a key is exposed, its usage window is limited, thereby enhancing overall security and ensuring compliance with best practices and regulatory requirements. diff --git a/policy_packs/gcp/kubernetesengine/enforce_encryption_for_secrets_is_enabled_for_clusters/README.md b/policy_packs/gcp/kubernetesengine/enforce_encryption_for_secrets_is_enabled_for_clusters/README.md index 08951786c..7a6d18b70 100644 --- a/policy_packs/gcp/kubernetesengine/enforce_encryption_for_secrets_is_enabled_for_clusters/README.md +++ b/policy_packs/gcp/kubernetesengine/enforce_encryption_for_secrets_is_enabled_for_clusters/README.md @@ -4,7 +4,7 @@ primary_category: "data protection" type: "featured" --- -# Enforce Encryption for Secrets is Enabled for GCP GKE Clusters +# Enforce Encryption for Secrets Is Enabled for GCP GKE Clusters Enforcing encryption for secrets in GCP GKE clusters is critical for protecting sensitive information stored within the cluster. This measure ensures that secrets, such as passwords and API keys, are encrypted, safeguarding them from unauthorized access and potential breaches, and ensuring compliance with security best practices and regulatory requirements. diff --git a/policy_packs/gcp/kubernetesengine/enforce_encryption_for_secrets_is_enabled_for_clusters/main.tf b/policy_packs/gcp/kubernetesengine/enforce_encryption_for_secrets_is_enabled_for_clusters/main.tf index 15a47d6ce..39aff33b7 100644 --- a/policy_packs/gcp/kubernetesengine/enforce_encryption_for_secrets_is_enabled_for_clusters/main.tf +++ b/policy_packs/gcp/kubernetesengine/enforce_encryption_for_secrets_is_enabled_for_clusters/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce Encryption for Secrets is Enabled for GCP GKE Clusters" + title = "Enforce Encryption for Secrets Is Enabled for GCP GKE Clusters" description = "Ensure that secrets, such as passwords and API keys, are encrypted, thereby safeguarding them from unauthorized access and potential breaches." akas = ["gcp_kubernetesengine_enforce_encryption_for_secrets_is_enabled_for_clusters"] } diff --git a/policy_packs/gcp/network/check_https_is_enforced_for_load_balancers/README.md b/policy_packs/gcp/network/check_load_balancers_enforce_https/README.md similarity index 94% rename from policy_packs/gcp/network/check_https_is_enforced_for_load_balancers/README.md rename to policy_packs/gcp/network/check_load_balancers_enforce_https/README.md index 7f8958463..f1f7dc17d 100644 --- a/policy_packs/gcp/network/check_https_is_enforced_for_load_balancers/README.md +++ b/policy_packs/gcp/network/check_load_balancers_enforce_https/README.md @@ -3,7 +3,7 @@ categories: ["networking", "security"] primary_category: "networking" --- -# Check If GCP Network Load Balancers Enforce HTTPS to Manage Encrypted Web Traffic +# Check GCP Network Load Balancers Enforce HTTPS for Encrypted Web Traffic Ensure that GCP Network Load Balancers are configured to use valid SSL/TLS certificates in order to handle encrypted web traffic. SSL certificate resources contain SSL certificate information that the load balancer uses to terminate SSL/TLS when HTTPS clients connect to it. This practice guarantees that data transmitted between clients and load-balanced applications is encrypted, protecting it from interception and unauthorized access, thereby enhancing security and compliance with regulatory requirements and best practices. @@ -11,7 +11,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Check and alarm if the URL map for load balancers is configured to use target https proxy -**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_network_check_https_is_enforced_for_load_balancers/settings)** +**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_network_check_load_balancers_enforce_https/settings)** ## Getting Started diff --git a/policy_packs/gcp/network/check_https_is_enforced_for_load_balancers/main.tf b/policy_packs/gcp/network/check_load_balancers_enforce_https/main.tf similarity index 54% rename from policy_packs/gcp/network/check_https_is_enforced_for_load_balancers/main.tf rename to policy_packs/gcp/network/check_load_balancers_enforce_https/main.tf index 1e0443ef8..0fd364b10 100644 --- a/policy_packs/gcp/network/check_https_is_enforced_for_load_balancers/main.tf +++ b/policy_packs/gcp/network/check_load_balancers_enforce_https/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Check If GCP Network Load Balancers Enforce HTTPS to Manage Encrypted Web Traffic" + title = "Check GCP Network Load Balancers Enforce HTTPS for Encrypted Web Traffic" description = "Ensure that the data transmitted between clients and load-balanced applications is encrypted, protecting it from interception and unauthorized access." - akas = ["gcp_network_check_https_is_enforced_for_load_balancers"] + akas = ["gcp_network_check_load_balancers_enforce_https"] } diff --git a/policy_packs/gcp/network/check_https_is_enforced_for_load_balancers/policies.tf b/policy_packs/gcp/network/check_load_balancers_enforce_https/policies.tf similarity index 100% rename from policy_packs/gcp/network/check_https_is_enforced_for_load_balancers/policies.tf rename to policy_packs/gcp/network/check_load_balancers_enforce_https/policies.tf diff --git a/policy_packs/gcp/network/check_https_is_enforced_for_load_balancers/providers.tf b/policy_packs/gcp/network/check_load_balancers_enforce_https/providers.tf similarity index 100% rename from policy_packs/gcp/network/check_https_is_enforced_for_load_balancers/providers.tf rename to policy_packs/gcp/network/check_load_balancers_enforce_https/providers.tf diff --git a/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_for_projects/README.md b/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_in_projects/README.md similarity index 97% rename from policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_for_projects/README.md rename to policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_in_projects/README.md index e02db8725..04915314f 100644 --- a/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_for_projects/README.md +++ b/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_in_projects/README.md @@ -3,7 +3,7 @@ categories: ["networking", "security"] primary_category: "networking" --- -# Enforce Default VPC Network to Not Be Used Within GCP Projects +# Enforce Default VPC Network Is Not Used in GCP Projects Enforcing that the default VPC network is not used within GCP projects is essential for maintaining a secure and customized network environment. This practice encourages the creation of tailored VPC networks with specific configurations and security controls, reducing the risk of misconfigurations and enhancing overall network security and compliance with best practices. @@ -11,7 +11,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Remove default networks that are used within projects -**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_network_enforce_default_vpc_network_is_not_used_for_projects/settings)** +**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_network_enforce_default_vpc_network_is_not_used_in_projects/settings)** ## Getting Started diff --git a/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_for_projects/main.tf b/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_in_projects/main.tf similarity index 75% rename from policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_for_projects/main.tf rename to policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_in_projects/main.tf index 8b994c1b4..01843a705 100644 --- a/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_for_projects/main.tf +++ b/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_in_projects/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce Default VPC Network Is Not Used Within GCP Projects" + title = "Enforce Default VPC Network Is Not Used in GCP Projects" description = "Encourage the creation of tailored VPC networks with specific configurations and security controls, reducing the risk of misconfigurations and enhancing overall network security." - akas = ["gcp_network_enforce_default_vpc_network_is_not_used_for_projects"] + akas = ["gcp_network_enforce_default_vpc_network_is_not_used_in_projects"] } diff --git a/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_for_projects/policies.tf b/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_in_projects/policies.tf similarity index 100% rename from policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_for_projects/policies.tf rename to policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_in_projects/policies.tf diff --git a/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_for_projects/providers.tf b/policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_in_projects/providers.tf similarity index 100% rename from policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_for_projects/providers.tf rename to policy_packs/gcp/network/enforce_default_vpc_network_is_not_used_in_projects/providers.tf diff --git a/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/README.md b/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/README.md similarity index 96% rename from policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/README.md rename to policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/README.md index 8d8f3726b..1d865efc3 100644 --- a/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/README.md +++ b/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/README.md @@ -3,7 +3,7 @@ categories: ["networking", "security"] primary_category: "networking" --- -# Enforce GCP VPC Network Firewall Rules with Port Ranges to Not Allow Incoming Traffic +# Enforce GCP VPC Network Firewall Rules with Port Ranges to Block Incoming Traffic Ensure that your Google Cloud VPC network firewall rules don't have range of ports configured to allow inbound traffic, in order to protect associated virtual machine instances against Denial-of-Service (DoS) attacks or brute-force attacks. To follow cloud security best practices, it is strongly recommended to open only specific ports within your firewall rules, based on your application requirements. @@ -12,7 +12,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Revoke firewall rules that allow incoming traffic from all IP addresses - Revoke firewall rules that have port range size of greater than 1 -**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_network_enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/settings)** +**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_network_enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/settings)** ## Getting Started diff --git a/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/main.tf b/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/main.tf similarity index 80% rename from policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/main.tf rename to policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/main.tf index 9fe3bb2b0..4c19c627f 100644 --- a/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/main.tf +++ b/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce GCP VPC Network Firewall Rules with Port Ranges to Not Allow Incoming Traffic" + title = "Enforce GCP VPC Network Firewall Rules with Port Ranges to Block Incoming Traffic" description = "Ensure that only necessary and specific ports are open for inbound traffic, minimizing the risk of unauthorized access and potential attacks." - akas = ["gcp_network_enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic"] + akas = ["gcp_network_enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic"] } diff --git a/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/policies.tf b/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/policies.tf similarity index 100% rename from policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/policies.tf rename to policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/policies.tf diff --git a/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/providers.tf b/policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/providers.tf similarity index 100% rename from policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_not_allow_incoming_traffic/providers.tf rename to policy_packs/gcp/network/enforce_firewall_rules_with_port_ranges_to_block_incoming_traffic/providers.tf diff --git a/policy_packs/gcp/network/enforce_firewall_to_not_allow_egress_access/README.md b/policy_packs/gcp/network/enforce_firewall_to_block_egress_access/README.md similarity index 96% rename from policy_packs/gcp/network/enforce_firewall_to_not_allow_egress_access/README.md rename to policy_packs/gcp/network/enforce_firewall_to_block_egress_access/README.md index 4e586566f..4a21857ca 100644 --- a/policy_packs/gcp/network/enforce_firewall_to_not_allow_egress_access/README.md +++ b/policy_packs/gcp/network/enforce_firewall_to_block_egress_access/README.md @@ -3,7 +3,7 @@ categories: ["data protection", "networking", "security"] primary_category: "networking" --- -# Enforce GCP Network Firewall to Not Allow Any Egress Access +# Enforce GCP Network Firewall to Block All Egress Access Enforcing GCP network firewalls to not allow any egress access is essential for maintaining a highly secure environment. This measure ensures that no outbound traffic is permitted, preventing data exfiltration and unauthorized communication with external systems, thereby reducing the risk of data breaches and ensuring compliance with strict security policies and regulatory requirements. @@ -11,7 +11,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Delete firewall network that contain egress allowed rules -**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_network_enforce_firewall_to_not_allow_egress_access/settings)** +**[Review policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_network_enforce_firewall_to_block_egress_access/settings)** ## Getting Started diff --git a/policy_packs/gcp/network/enforce_firewall_to_not_allow_egress_access/main.tf b/policy_packs/gcp/network/enforce_firewall_to_block_egress_access/main.tf similarity index 54% rename from policy_packs/gcp/network/enforce_firewall_to_not_allow_egress_access/main.tf rename to policy_packs/gcp/network/enforce_firewall_to_block_egress_access/main.tf index 91e2a2743..389533ff9 100644 --- a/policy_packs/gcp/network/enforce_firewall_to_not_allow_egress_access/main.tf +++ b/policy_packs/gcp/network/enforce_firewall_to_block_egress_access/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce GCP Network Firewall to Not Allow Any Egress Access" + title = "Enforce GCP Network Firewall to Block All Egress Access" description = "Ensure that no outbound traffic is permitted, preventing data exfiltration and unauthorized communication with external systems." - akas = ["gcp_network_enforce_firewall_to_not_allow_egress_access"] + akas = ["gcp_network_enforce_firewall_to_block_egress_access"] } diff --git a/policy_packs/gcp/network/enforce_firewall_to_not_allow_egress_access/policies.tf b/policy_packs/gcp/network/enforce_firewall_to_block_egress_access/policies.tf similarity index 100% rename from policy_packs/gcp/network/enforce_firewall_to_not_allow_egress_access/policies.tf rename to policy_packs/gcp/network/enforce_firewall_to_block_egress_access/policies.tf diff --git a/policy_packs/gcp/network/enforce_firewall_to_not_allow_egress_access/providers.tf b/policy_packs/gcp/network/enforce_firewall_to_block_egress_access/providers.tf similarity index 100% rename from policy_packs/gcp/network/enforce_firewall_to_not_allow_egress_access/providers.tf rename to policy_packs/gcp/network/enforce_firewall_to_block_egress_access/providers.tf diff --git a/policy_packs/gcp/orgpolicy/check_default_vpc_creation_is_disabled_for_projects/README.md b/policy_packs/gcp/orgpolicy/check_default_vpc_creation_is_disabled_for_projects/README.md index 640ece741..bb95c06aa 100644 --- a/policy_packs/gcp/orgpolicy/check_default_vpc_creation_is_disabled_for_projects/README.md +++ b/policy_packs/gcp/orgpolicy/check_default_vpc_creation_is_disabled_for_projects/README.md @@ -3,7 +3,7 @@ categories: ["networking", "security"] primary_category: "networking" --- -# Check If Creation of Default VPC Network Is Disabled for GCP Projects +# Check Creation of Default VPC Network Is Disabled for GCP Projects Checking if the creation of the default VPC network is disabled at the GCP project level is important for enforcing a secure and customized network architecture. This practice ensures that all projects within the organization use purpose-built VPC networks with specific configurations and security controls, reducing the risk of misconfigurations and enhancing overall network security and compliance with best practices. diff --git a/policy_packs/gcp/orgpolicy/check_default_vpc_creation_is_disabled_for_projects/main.tf b/policy_packs/gcp/orgpolicy/check_default_vpc_creation_is_disabled_for_projects/main.tf index 3869714ec..c691567e2 100644 --- a/policy_packs/gcp/orgpolicy/check_default_vpc_creation_is_disabled_for_projects/main.tf +++ b/policy_packs/gcp/orgpolicy/check_default_vpc_creation_is_disabled_for_projects/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Check If Creation of Default VPC Network Is Disabled for GCP Projects" + title = "Check Creation of Default VPC Network Is Disabled for GCP Projects" description = "Ensure that each project within the organization uses purpose-built VPC networks with specific configurations and security controls, reducing the risk of misconfigurations." akas = ["gcp_orgpolicy_check_default_vpc_creation_is_disabled_for_projects"] } diff --git a/policy_packs/gcp/storage/enforce_buckets_to_not_be_older_than_7_days/README.md b/policy_packs/gcp/storage/enforce_buckets_are_not_older_than_7_days/README.md similarity index 96% rename from policy_packs/gcp/storage/enforce_buckets_to_not_be_older_than_7_days/README.md rename to policy_packs/gcp/storage/enforce_buckets_are_not_older_than_7_days/README.md index 82e7f6e4c..d624750af 100644 --- a/policy_packs/gcp/storage/enforce_buckets_to_not_be_older_than_7_days/README.md +++ b/policy_packs/gcp/storage/enforce_buckets_are_not_older_than_7_days/README.md @@ -3,7 +3,7 @@ categories: ["cost controls", "storage"] primary_category: "cost controls" --- -# Enforce GCP Storage Buckets to Not Be Older Than 7 Days +# Enforce GCP Storage Buckets Are Not Older Than 7 Days Enforcing that GCP storage buckets are not older than 7 days is crucial for maintaining an up-to-date and secure storage environment. This practice ensures that only recently created buckets are in use, reducing the risk of using outdated configurations and improving data security and compliance with best practices. @@ -11,7 +11,7 @@ This [policy pack](https://turbot.com/guardrails/docs/concepts/policy-packs) can - Delete buckets that are older than 7 days -- **[Review Policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_storage_enforce_buckets_to_not_be_older_than_7_days/settings)** +- **[Review Policy settings →](https://hub.guardrails.turbot.com/policy-packs/gcp_storage_enforce_buckets_are_not_older_than_7_days/settings)** ## Getting Started diff --git a/policy_packs/gcp/storage/enforce_buckets_to_not_be_older_than_7_days/main.tf b/policy_packs/gcp/storage/enforce_buckets_are_not_older_than_7_days/main.tf similarity index 60% rename from policy_packs/gcp/storage/enforce_buckets_to_not_be_older_than_7_days/main.tf rename to policy_packs/gcp/storage/enforce_buckets_are_not_older_than_7_days/main.tf index a623dbaaf..719e74938 100644 --- a/policy_packs/gcp/storage/enforce_buckets_to_not_be_older_than_7_days/main.tf +++ b/policy_packs/gcp/storage/enforce_buckets_are_not_older_than_7_days/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce GCP Storage Buckets to Not Be Older Than 7 Days" + title = "Enforce GCP Storage Buckets Are Not Older Than 7 Days" description = "Ensure that only recently created buckets are in use, reducing the risk of using outdated configurations and improving data security and compliance with best practices" - akas = ["gcp_storage_enforce_buckets_to_not_be_older_than_7_days"] + akas = ["gcp_storage_enforce_buckets_are_not_older_than_7_days"] } diff --git a/policy_packs/gcp/storage/enforce_buckets_to_not_be_older_than_7_days/policies.tf b/policy_packs/gcp/storage/enforce_buckets_are_not_older_than_7_days/policies.tf similarity index 100% rename from policy_packs/gcp/storage/enforce_buckets_to_not_be_older_than_7_days/policies.tf rename to policy_packs/gcp/storage/enforce_buckets_are_not_older_than_7_days/policies.tf diff --git a/policy_packs/gcp/storage/enforce_buckets_to_not_be_older_than_7_days/providers.tf b/policy_packs/gcp/storage/enforce_buckets_are_not_older_than_7_days/providers.tf similarity index 100% rename from policy_packs/gcp/storage/enforce_buckets_to_not_be_older_than_7_days/providers.tf rename to policy_packs/gcp/storage/enforce_buckets_are_not_older_than_7_days/providers.tf diff --git a/policy_packs/gcp/storage/enforce_encryption_at_rest_is_enabled_for_buckets/README.md b/policy_packs/gcp/storage/enforce_encryption_at_rest_is_enabled_for_buckets/README.md index 526853ef6..048128cdd 100644 --- a/policy_packs/gcp/storage/enforce_encryption_at_rest_is_enabled_for_buckets/README.md +++ b/policy_packs/gcp/storage/enforce_encryption_at_rest_is_enabled_for_buckets/README.md @@ -3,7 +3,7 @@ categories: ["data protection", "security", "storage"] primary_category: "security" --- -# Enforce Encryption at Rest is Enabled for GCP Storage Buckets +# Enforce Encryption at Rest Is Enabled for GCP Storage Buckets Enforcing Encryption at Rest for GCP Storage Buckets is essential to protect sensitive data from unauthorized access and potential breaches by ensuring that all data is automatically encrypted before being stored. This measure safeguards data confidentiality and integrity, even if physical security measures are compromised. diff --git a/policy_packs/gcp/storage/enforce_encryption_at_rest_is_enabled_for_buckets/main.tf b/policy_packs/gcp/storage/enforce_encryption_at_rest_is_enabled_for_buckets/main.tf index 61bc58d15..d09c8866b 100644 --- a/policy_packs/gcp/storage/enforce_encryption_at_rest_is_enabled_for_buckets/main.tf +++ b/policy_packs/gcp/storage/enforce_encryption_at_rest_is_enabled_for_buckets/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce Encryption at Rest is Enabled for GCP Storage Buckets" + title = "Enforce Encryption at Rest Is Enabled for GCP Storage Buckets" description = "Enforcing encryption at rest for GCP Storage Buckets is essential to protect sensitive data from unauthorized access and potential breaches by ensuring that all data is automatically encrypted before being stored." akas = ["gcp_storage_enforce_encryption_at_rest_is_enabled_for_buckets"] } diff --git a/policy_packs/gcp/storage/enforce_uniform_access_on_buckets/README.md b/policy_packs/gcp/storage/enforce_uniform_access_on_buckets/README.md index d1882529e..960b98cb8 100644 --- a/policy_packs/gcp/storage/enforce_uniform_access_on_buckets/README.md +++ b/policy_packs/gcp/storage/enforce_uniform_access_on_buckets/README.md @@ -3,7 +3,7 @@ categories: ["data protection", "security", "storage"] primary_category: "data protection" --- -# Enforce Uniform Access is Enabled for GCP Storage Buckets +# Enforce Uniform Access Is Enabled for GCP Storage Buckets Enforcing Uniform Access for GCP Storage Buckets is crucial to ensure consistent and centralized management of access permissions, reducing the risk of unauthorized access and potential data breaches. This control helps streamline the administration of security policies, ensuring all objects within a bucket inherit the same access controls, thus maintaining data integrity and security. diff --git a/policy_packs/gcp/storage/enforce_uniform_access_on_buckets/main.tf b/policy_packs/gcp/storage/enforce_uniform_access_on_buckets/main.tf index 5927ae85f..6755bc65e 100644 --- a/policy_packs/gcp/storage/enforce_uniform_access_on_buckets/main.tf +++ b/policy_packs/gcp/storage/enforce_uniform_access_on_buckets/main.tf @@ -1,5 +1,5 @@ resource "turbot_policy_pack" "main" { - title = "Enforce Uniform Access is Enabled for GCP Storage Buckets" + title = "Enforce Uniform Access Is Enabled for GCP Storage Buckets" description = "Ensure consistent and centralized management of access permissions, reducing the risk of unauthorized access and potential data breaches." akas = ["gcp_storage_enforce_uniform_access_on_buckets"] }