Control: GCP > Network > Target SSL Proxy > SSL Policy

Determine the action to take when an GCP Network target SSL proxy is not using an allowed SSL policy.

If a target SSL proxy is not using an allowed SSL policy and this policy is set to Enforce: Set to default if SSL policy not in allowed list, the target SSL proxy will be updated to use the SSL policy selected in the GCP > Network > Target SSL Proxy > SSL Policy > Default policy.

If the SSL policy in the GCP > Network > Target SSL Proxy > SSL Policy > Default policy is not allowed in the GCP > Network > Target SSL Proxy > SSL Policy > Allowed policy, Guardrails will not attempt to set the SSL policy to prevent continuous updates.

Resource Types

This control targets the following resource types:

GCP > Network > Target SSL Proxy

Policies

The following policies can be used to configure this control:

GCP > Network > Target SSL Proxy > SSL Policy

This control type relies on these other policies when running actions:

Permissions

Cloud permissions used by this control and its actions:

compute.targetSslProxies.setSslPolicy

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-network#/control/types/targetSslProxySslPolicy

Category URI

tmod:@turbot/turbot#/control/categories/security

GraphQL

query controlType(id: "tmod:@turbot/gcp-network#/control/types/targetSslProxySslPolicy") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-network#/control/types/targetSslProxySslPolicy'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-network#/control/types/targetSslProxySslPolicy"