Resource Type: GCP > Compute Engine > Instance

Resource Context

Instance is a part of the Compute Engine service.

Each Instance lives under a Zone.

Controls

The primary controls for GCP > Compute Engine > Instance are:

• Active
• Approved
• Block Project Wide SSH Keys
• CMDB
• Deletion Protection
• Discovery
• Disks Auto Delete
• External IP Addresses
• Labels
• Policy
• Schedule
• Serial Port Access
• ServiceNow
• Shielded Instance Configuration
• Usage

It is also targeted by these controls:

• GCP > CIS v1 > 4 Virtual Machines > 4.01 Ensure that instances are not configured to use the default service account with full access to all Cloud APIs (Scored)
• GCP > CIS v1 > 4 Virtual Machines > 4.02 Ensure "Block Project-wide SSH keys" enabled for VM instances (Scored)
• GCP > CIS v1 > 4 Virtual Machines > 4.04 Ensure 'Enable connecting to serial ports' is not enabled for VM Instance (Scored)
• GCP > CIS v1 > 4 Virtual Machines > 4.05 Ensure that IP forwarding is not enabled on Instances (Not Scored)
• GCP > CIS v2.0 > 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
• GCP > CIS v2.0 > 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
• GCP > CIS v2.0 > 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
• GCP > CIS v2.0 > 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
• GCP > CIS v2.0 > 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
• GCP > CIS v2.0 > 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
• GCP > CIS v2.0 > 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
• GCP > CIS v2.0 > 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
• GCP > CIS v2.0 > 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects

Quick Actions

• Delete from GCP
• Disable Deletion Protection
• Enable Deletion Protection
• Set Labels
• Skip alarm for Active control
• Skip alarm for Active control [90 days]
• Skip alarm for Approved control
• Skip alarm for Approved control [90 days]
• Skip alarm for Labels control
• Skip alarm for Labels control [90 days]
• Start Instance
• Stop Instance

Category

• Compute

In Your Workspace

• Controls by Resource Type report
• Policy Settings by Resource Type report
• Resources by Resource Type report

Developers

Resource Type URI

tmod:@turbot/gcp-computeengine#/resource/types/instance

Category URI

tmod:@turbot/turbot#/resource/categories/compute

GraphQL

query resource(id: "tmod:@turbot/gcp-computeengine#/resource/types/instance") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/gcp-computeengine#/resource/types/instance'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/gcp-computeengine#/resource/types/instance"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/gcp-computeengine#/resource/types/instance';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/gcp-computeengine#/resource/types/instance"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/gcp-computeengine#/resource/types/instance' and notification_type in ('resource_updated', 'resource_created');