Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-gcp-compliance
Overview
12Dashboards
536Benchmarks
201Queries
2Variables
GitHub

Control: Compute Instances should have custom metadata

Description

This control ensures that Compute Instance have custom metadata. Custom metadata facilitates simple identification and enhances searchability.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.compute_instance_with_custom_metadata

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.compute_instance_with_custom_metadata --share

SQL

This control uses a named query:

select
  self_link resource,
  case
    when name like 'gke-%' then 'skip'
    when metadata is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when name like 'gke-%' and labels ? 'goog-gke-node'
      then title || ' created by GKE.'
    when metadata is not null then title || ' has custom metadata.'
    else title || ' has no custom metadata.'
  end as reason
  
  , location as location, project as project
from
  gcp_compute_instance;

Tags

category = Compliance
plugin = gcp
service = GCP/Compute