Resource Type: GCP > Compute Engine > Instance

The Instance resource type represents a virtual machine (VM) on Google Cloud Platform, which can be used to deploy and manage virtual machines within the Compute Engine service.

Resource Context

Instance is a part of the Compute Engine service.

Each Instance lives under a Zone.

Controls

The primary controls for GCP > Compute Engine > Instance are:

It is also targeted by these controls:

GCP > CIS v1 > 4 Virtual Machines > 4.01 Ensure that instances are not configured to use the default service account with full access to all Cloud APIs (Scored)
GCP > CIS v1 > 4 Virtual Machines > 4.02 Ensure "Block Project-wide SSH keys" enabled for VM instances (Scored)
GCP > CIS v1 > 4 Virtual Machines > 4.04 Ensure 'Enable connecting to serial ports' is not enabled for VM Instance (Scored)
GCP > CIS v1 > 4 Virtual Machines > 4.05 Ensure that IP forwarding is not enabled on Instances (Not Scored)
GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
GCP > CIS v3.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
GCP > CIS v3.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
GCP > CIS v3.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
GCP > CIS v3.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
GCP > CIS v3.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
GCP > CIS v3.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
GCP > CIS v3.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
GCP > CIS v3.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
GCP > CIS v3.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
GCP > CIS v4.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
GCP > CIS v4.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
GCP > CIS v4.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
GCP > CIS v4.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
GCP > CIS v4.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
GCP > CIS v4.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
GCP > CIS v4.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
GCP > CIS v4.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
GCP > CIS v4.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects

Quick Actions

In Your Workspace

Developers

Resource Type URI

tmod:@turbot/gcp-computeengine#/resource/types/instance

Category URI

tmod:@turbot/turbot#/resource/categories/compute

GraphQL

query resource(id: "tmod:@turbot/gcp-computeengine#/resource/types/instance") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/gcp-computeengine#/resource/types/instance'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/gcp-computeengine#/resource/types/instance"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/gcp-computeengine#/resource/types/instance';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/gcp-computeengine#/resource/types/instance"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/gcp-computeengine#/resource/types/instance' and notification_type in ('resource_updated', 'resource_created');