turbot/gcp_compliance

Query: compute_instance_block_project_wide_ssh_enabled

Usage

powerpipe query gcp_compliance.query.compute_instance_block_project_wide_ssh_enabled

Steampipe Tables

SQL

select
self_link resource,
case
when name like 'gke-%' and labels ? 'goog-gke-node' then 'skip'
when metadata -> 'items' @> '[{"key": "block-project-ssh-keys", "value": "true"}]' then 'ok'
else 'alarm'
end as status,
case
when name like 'gke-%' and labels ? 'goog-gke-node'
then title || ' created by GKE.'
when metadata -> 'items' @> '[{"key": "block-project-ssh-keys", "value": "true"}]'
then title || ' has "Block Project-wide SSH keys" enabled.'
else title || ' has "Block Project-wide SSH keys" disabled.'
end as reason
, location as location, project as project
from
gcp_compute_instance;

Controls

The query is being used by the following controls: