Resource Type: GCP > Compute Engine > Instance
The Instance resource type represents a virtual machine (VM) on Google Cloud Platform, which can be used to deploy and manage virtual machines within the Compute Engine service.
Resource Context
Instance is a part of the Compute Engine service.
Each Instance lives under a Zone.
Controls
The primary controls for GCP > Compute Engine > Instance are:
- Active
- Approved
- Block Project Wide SSH Keys
- CMDB
- Deletion Protection
- Discovery
- Disks Auto Delete
- External IP Addresses
- Labels
- Policy
- Schedule
- Serial Port Access
- ServiceNow
- Shielded Instance Configuration
- Usage
It is also targeted by these controls:
- GCP > CIS v1 > 4 Virtual Machines > 4.01 Ensure that instances are not configured to use the default service account with full access to all Cloud APIs (Scored)
- GCP > CIS v1 > 4 Virtual Machines > 4.02 Ensure "Block Project-wide SSH keys" enabled for VM instances (Scored)
- GCP > CIS v1 > 4 Virtual Machines > 4.04 Ensure 'Enable connecting to serial ports' is not enabled for VM Instance (Scored)
- GCP > CIS v1 > 4 Virtual Machines > 4.05 Ensure that IP forwarding is not enabled on Instances (Not Scored)
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
- GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
Quick Actions
- Delete from GCP
- Disable Deletion Protection
- Enable Deletion Protection
- Set Labels
- Skip alarm for Active control
- Skip alarm for Active control [90 days]
- Skip alarm for Approved control
- Skip alarm for Approved control [90 days]
- Skip alarm for Labels control
- Skip alarm for Labels control [90 days]
- Start Instance
- Stop Instance
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/gcp-computeengine#/resource/types/instance
- tmod:@turbot/turbot#/resource/categories/compute
- turbot graphql resource --id "tmod:@turbot/gcp-computeengine#/resource/types/instance"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/gcp-computeengine#/resource/types/instance';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/gcp-computeengine#/resource/types/instance"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/gcp-computeengine#/resource/types/instance' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query