GCP-Cloud-Function-anonymously-or-publicly-accessible

Severity: High

Description: This control ensures Cloud Function is not accessible publicly or anonymously. It is recommended that IAM policy on Cloud Functions does not allow anonymous and/or public access.

Remediation Steps:

Perform following to update service account for cloud functions :

1. Sign in to GCP Console https://console.cloud.google.com.

2. Go to Cloud Functions in GCP Console. 

3. Mark the check box on the affected function.

4. In the permissions Blade in the RHS menu, expand every role displayed.

5. Click Delete button in front of allUsers and/or allAuthenticatedUsers to remove that role assignment.

Important:

Reference:

• GCP Cloud Functions Best Practice control

• https://cloud.google.com/sdk/gcloud/reference/functions/set-iam-policy

• https://cloud.google.com/functions/docs/