Compute instance delete protection is disabled Affecting Compute Engine service in Google

Severity Framework Snyk CCSS

Rule category Availability / Settings

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CSA-CCM GDPR HIPAA ISO-27001 SOC-2

Snyk ID SNYK-CC-00395
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

The system is not protected against accidental or intentionally malicious deletion.

How to fix?

Set the deletion_protection attribute to true.

Example Configuration

resource "google_compute_instance" "allowed" {
  name                = "test"
  machine_type        = "e2-medium"
  zone                = "us-central1-a"
  deletion_protection = "true"

  boot_disk {
    initialize_params {
      image = "debian-10-buster-v20220920"
    }
  }

  network_interface {
    network = "default"
  }
}

Terraform

Resource: google_compute_instance

References

Prevent accidental VM deletion