Compute Instance Is Publicly Accessible

  • Query id: 8212e2d7-e683-49bc-bf78-d6799075c5a7
  • Query name: Compute Instance Is Publicly Accessible
  • Platform: GoogleDeploymentManager
  • Severity: High
  • Category: Networking and Firewall
  • URL: Github

Description

Compute instances shouldn't be accessible from the Internet.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
- name: instance
  type: compute.v1.instance
  properties:
    scheduling:
      automaticRestart: true
    networkInterfaces:
      - accessConfigs:
        - name: External NAT
          type: ONE_TO_ONE_NAT
        network: network

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
- name: instance2
  type: compute.v1.instance
  properties:
    scheduling:
      automaticRestart: true
    networkInterfaces:
      network: network