Compute instance delete protection is disabled Affecting Compute Engine service in Google


Severity

0.0
medium
0
10
    Severity Framework
    Snyk CCSS
    Rule category
    Availability / Settings

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CSA-CCM GDPR HIPAA ISO-27001 SOC-2
  • Snyk ID SNYK-CC-00395
  • credit Snyk Research Team

Description

The system is not protected against accidental or intentionally malicious deletion.

How to fix?

Set the deletion_protection attribute to true.

Example Configuration

resource "google_compute_instance" "allowed" {
  name                = "test"
  machine_type        = "e2-medium"
  zone                = "us-central1-a"
  deletion_protection = "true"

  boot_disk {
    initialize_params {
      image = "debian-10-buster-v20220920"
    }
  }

  network_interface {
    network = "default"
  }
}