Compute Instance Is Publicly Accessible

• Query id: 8212e2d7-e683-49bc-bf78-d6799075c5a7
• Query name: Compute Instance Is Publicly Accessible
• Platform: GoogleDeploymentManager
• Severity: Medium
• Category: Networking and Firewall
• URL: Github

Description

Compute instances shouldn't be accessible from the Internet.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

resources:
- name: instance
  type: compute.v1.instance
  properties:
    scheduling:
      automaticRestart: true
    networkInterfaces:
      - accessConfigs:
        - name: External NAT
          type: ONE_TO_ONE_NAT
        network: network

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

resources:
- name: instance2
  type: compute.v1.instance
  properties:
    scheduling:
      automaticRestart: true
    networkInterfaces:
      network: network