Benchmark: 4 Virtual Machines
Overview
This section covers recommendations addressing virtual machines on Google Cloud Platform.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 4 Virtual Machines.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.cis_v300_4Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.cis_v300_4 --shareControls
- 4.1 Ensure That Instances Are Not Configured To Use the Default Service Account
- 4.2 Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
- 4.3 Ensure 'Block Project-Wide SSH Keys' Is Enabled for VM Instances
- 4.4 Ensure Oslogin Is Enabled for a Project
- 4.5 Ensure ‘Enable Connecting to Serial Ports’ Is Not Enabled for VM Instance
- 4.6 Ensure That IP Forwarding Is Not Enabled on Instances
- 4.7 Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys
- 4.8 Ensure Compute Instances Are Launched With Shielded VM Enabled
- 4.9 Ensure That Compute Instances Do Not Have Public IP Addresses
- 4.10 Ensure That App Engine Applications Enforce HTTPS Connections
- 4.11 Ensure That Compute Instances Have Confidential Computing Enabled
- 4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Project