Benchmark: 4 Virtual Machines
Overview
This section covers recommendations addressing virtual machines on Google Cloud Platform.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 4 Virtual Machines.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.cis_v130_4Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.cis_v130_4 --shareControls
- 4.1 Ensure that instances are not configured to use the default service account
- 4.2 Ensure that instances are not configured to use the default service account with full access to all Cloud APIs
- 4.3 Ensure 'Block Project-wide SSH keys' is enabled for VM instances
- 4.4 Ensure oslogin is enabled for a Project
- 4.5 Ensure 'Enable connecting to serial ports' is not enabled for VM Instance
- 4.6 Ensure that IP forwarding is not enabled on Instances
- 4.7 Ensure VM disks for critical VMs are encrypted with Customer-Supplied Encryption Keys (CSEK)
- 4.8 Ensure Compute instances are launched with Shielded VM enabled
- 4.9 Ensure that Compute instances do not have public IP addresses
- 4.10 Ensure that App Engine applications enforce HTTPS connections
- 4.11 Ensure that Compute instances have Confidential Computing enabled
- 4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects