Compute Instance Is Publicly Accessible
- Query id: 829f1c60-2bab-44c6-8a21-5cd9d39a2c82
- Query name: Compute Instance Is Publicly Accessible
- Platform: Ansible
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
Compute instances shouldn't be accessible from the Internet.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: create a instance
google.cloud.gcp_compute_instance:
name: test_object
network_interfaces:
- network: "{{ network }}"
access_configs:
- name: External NAT
nat_ip: "{{ address }}"
type: ONE_TO_ONE_NAT
zone: us-central1-a
project: test_project
auth_kind: serviceaccount
state: present