feat(terraform): PC-Policy-Team: Ensure GCP compute firewall ingress does not allow unrestricted access to all ports

[NandhiniC-PAN]

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Checkov Title: Ensure GCP compute firewall ingress does not allow unrestricted access to all ports

PC Title - GCP Firewall with Inbound rule overly permissive to All Traffic

PC Policy ID - ff6a9cca-8bc5-4a72-9235-ec7b65c547d5

Compliance Standard - PIPEDA, CCPA 2018, MITRE ATT&CK v6.3, NIST 800-53 Rev 5, Copy of CCPA 2018-0417, NIST 800-53 Rev4, ISO 27001:2013, APRA (CPS 234) Information Security, Cybersecurity Maturity Model Certification (CMMC) v.1.02, Brazilian Data Protection Law (LGPD), MITRE ATT&CK v8.2, NIST SP 800-171 Revision 2, PCI DSS v3.2.1, NIST SP 800-172, HITRUST v.9.4.2, NIST CSF, Fedramp (Moderate), CSA CCM v.4.0.1, NIST CSF (中文), ISO/IEC 27002:2013, ISO/IEC 27017:2015, New Zealand Information Security Manual (NZISM v3.4), ISO/IEC 27018:2019, MITRE ATT&CK v10.0, Copy of (AESCSF)-IR, CIS Controls v7.1, CIS Controls v8, FFIEC, PCI DSS v4.0, ACSC Information Security Manual (ISM)

Remediation Steps:

GCP Console

If the Firewall rule reported indeed need to restrict all traffic, follow the instructions below:

1. Login to GCP Console
2. Go to VPC Network
3. Go to the Firewall rules
4. Click on the reported Firewall rule
5. Click Edit
6. Modify Source IP ranges to specific IP and modify Protocols and ports to specific protocol and port
7. Click Save

CLI Command

gcloud compute --project=${account} firewall-rules update ${resourceName} --disabled

This CLI command requires 'compute.firewalls.update' and 'compute.networks.updatePolicy' permission. Successful execution will disable this firewall rule blocking overly permissive internet traffic.

[gruebel]

good job, added a few comments

[gruebel]

thanks, great work. the failing test is the result of the other PR not merged yet 😄

[NandhiniC-PAN]

Thanks for the assistance @gruebel :)