Alert for Cloud Run deployments that bypass Binary Authorization

google / exposure-notifications-server

Exposure Notification Reference Server | Covid-19 Exposure Notifications

https://www.google.com/covid19/exposurenotifications/

Apache License 2.0

2.43k stars 311 forks source link

Alert for Cloud Run deployments that bypass Binary Authorization #1533

Closed sethvargo closed 3 years ago

sethvargo commented 3 years ago

Release Note

Add alerts for when a Cloud Run service is deployed using breakglass (without Binary Authorization). Like the `HumanAccessedSecret` alert, there may be legitimate reasons for a human to perform this operation, but it should be carefully checked and audited. Due to eventual consistency, the initial Terraform apply may fail due to missing metric. After 5 minutes, you can run the Terraform apply again to converge.