Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-gcp-compliance
Overview
14Dashboards
621Benchmarks
202Queries
2Variables
GitHub

Control: Ensure Compute instances are launched with Shielded VM enabled

Description

To defend against advanced threats and ensure that the boot loader and firmware on your VMs are signed and untampered, it is recommended that Compute instances are launched with Shielded VM enabled.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.compute_instance_shielded_vm_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.compute_instance_shielded_vm_enabled --share

SQL

This control uses a named query:

select
  self_link resource,
  case
    when shielded_instance_config @> '{"enableVtpm": true, "enableIntegrityMonitoring": true}' then 'ok'
    else 'alarm'
  end as status,
  case
    when shielded_instance_config @> '{"enableVtpm": true, "enableIntegrityMonitoring": true}'
      then title || ' shielded VM enabled.'
    else title || ' shielded VM not enabled.'
  end as reason
  
  , location as location, project as project
from
  gcp_compute_instance;

Tags

category = Compliance
nist_csf_v2 = true
plugin = gcp
service = GCP/Compute