Compute Instance Is Publicly Accessible
- Query id: 8212e2d7-e683-49bc-bf78-d6799075c5a7
- Query name: Compute Instance Is Publicly Accessible
- Platform: GoogleDeploymentManager
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
Compute instances shouldn't be accessible from the Internet.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
resources:
- name: instance
type: compute.v1.instance
properties:
scheduling:
automaticRestart: true
networkInterfaces:
- accessConfigs:
- name: External NAT
type: ONE_TO_ONE_NAT
network: network