Table: gcp_compute_target_https_proxy - Query GCP Compute Engine Target HTTPS Proxies using SQL
A Target HTTPS Proxy is a component of GCP Compute Engine used for directing incoming HTTPS traffic to a URL map. It is associated with one or more SSL certificates for secure connections and a URL map that routes the traffic. Target HTTPS Proxies are regional resources and are required by external HTTP(S) load balancers.
Table Usage Guide
The gcp_compute_target_https_proxy table provides insights into Target HTTPS Proxies within Google Cloud Compute Engine. As a network engineer, explore proxy-specific details through this table, including associated SSL certificates, URL maps, and regional settings. Utilize it to uncover information about proxies, such as their configurations, the SSL/TLS settings, and the routing of HTTPS traffic.
Examples
Basic info
Explore the configuration of your HTTPS proxy settings in Google Cloud Platform (GCP) to identify potential issues or areas for improvement. This query will assist you in gaining insights into the binding status of your proxies, enhancing your network's performance and security.
select name, id, self_link, proxy_bindfrom gcp_compute_target_https_proxy;select name, id, self_link, proxy_bindfrom gcp_compute_target_https_proxy;Get SSL policy details for each target HTTPS proxy
Analyze the settings to understand the SSL policy associated with each target HTTPS proxy in your Google Cloud Compute environment. This could be beneficial for maintaining security standards and protocols across your digital assets.
select name, id, ssl_policyfrom gcp_compute_target_https_proxy;select name, id, ssl_policyfrom gcp_compute_target_https_proxy;Control examples
- All Controls > Compute > Compute Target HTTPS proxy QUIC protocol should be enabled
- All Controls > Compute > Compute Target HTTPS proxy should use custom SSL policy
- All Controls > Compute > Ensure HTTPS target use latest TLS version
- CIS v1.2.0 > 3 Networking > 3.9 Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites
- CIS v1.3.0 > 3 Networking > 3.9 Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites
- CIS v2.0.0 > 3 Networking > 3.9 Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites
- CIS v3.0.0 > 3 Networking > 3.9 Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites
- Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites
Schema for gcp_compute_target_https_proxy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| authorization_policy | text | Specifies an URL referring to a networksecurity. | |
| creation_timestamp | timestamp with time zone | Specifies the time when the resource is created. | |
| description | text | A user defined description for the resource. | |
| id | bigint | A server-defined unique identifier for the resource. | |
| kind | text | Type of the resource. Always compute#targetHttpsProxy for target HTTPS proxies. | |
| location | text | The GCP multi-region, region, or zone in which the resource is located. | |
| location_type | text | Location type where the target https proxy resides. | |
| name | text | = | Name of the resource. Provided by the client when the resource is created. |
| project | text | =, !=, ~~, ~~*, !~~, !~~* | The GCP Project in which the resource is located. |
| proxy_bind | boolean | !=, = | This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. |
| quic_override | text | Specifies the QUIC override policy for this TargetHttpsProxy resource. | |
| region | text | An URL of the region where the regional TargetHttpsProxy resides. | |
| self_link | text | Server-defined URL for the resource. | |
| server_tls_policy | text | An URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| ssl_certificates | jsonb | A list of URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. | |
| ssl_policy | text | An URL of SslPolicy resource that will be associated with the TargetHttpsProxy resource. | |
| title | text | Title of the resource. | |
| url_map | text | A fully-qualified or valid partial URL to the UrlMap resource that defines the mapping from URL to the BackendService. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcpYou can pass the configuration to the command with the --config argument:
steampipe_export_gcp --config '<your_config>' gcp_compute_target_https_proxy