Google Compute Engine
      Back to home
      1. CNS Policies
      2. GCP Knowledge Base
      3. Google Compute Engine

      Instance Not Using Desired Machine Image

      Ensure that instances have desired machine image based on the requirements.

      Risk Level: High

      Description

      This plugin ensures that Virtual Machine (VM) instances are of the desired machine image based on the appropriate requirements. A compute engine machine image is useful for storing all of the information needed to create a VM instance, such as permissions, configurations, and data. They are used for instance creation, cloning, backup, as well as recovery. To get optimal performance, it is critical to use the correct machine image for the VM instances. 

      About the Service

      Google Cloud Compute Engine:

      Google Cloud Compute Engine is a service that allows you to create Virtual Machines based on your preferences and run them on Google’s infrastructure. You can either use their predefined machines with certain default configurations or create your own custom Virtual Machine to meet your exact requirements. To know more, read here

      Impact

      There are different types of Virtual Machine (VM) instances, each of which is best suited to specific workloads. Not using the desired machine image for your VM instance would affect the performance of the instance. Since the pricing of virtual machines is different based on the configurations, not using the desired machine image could also result in unwanted billing charges.

      Steps to Reproduce

      Using GCP Console-

      1. Log In to your GCP Console.
      2. From the top navigation bar, select the GCP project you want to investigate.
      3. From the navigation panel on the left side of the console, go to Compute Engine and select VM Instances. You can use this link (https://console.cloud.google.com/compute) to navigate directly if you’re already logged in.
      4. Select the VM instance you want to investigate from the list of instances and go to the Details tab to examine the details of the VM instance selected.
      5. Scroll down to the Boot disk and Additional disks sections (under Storage) and check the image mentioned in the Image column of the table for each disk in this instance. If the image mentioned is not the same as the approved machine image from the plugin configuration on the PingSafe dashboard,  it needs to be re-configured.
      6. Repeat steps 4 and 5 for all the VM instances you want to investigate in the selected project.
      7. If you have multiple projects that you want to investigate, repeat steps 2-6 for each project in your GCP console.

      Steps for Remediation

      Follow the steps below to make the necessary changes if the Virtual Machine (VM) instances are not using the desired machine image.

      Note: Machine images cannot be reconfigured. In order to change the machine image for your instances, you are required to re-create the instance with the required image.

      Using GCP Console-

      1. Log In to your GCP Console.
      2. From the top navigation bar, select the GCP project you want to investigate.
      3. From the navigation panel on the left side of the console, go to Compute Engine and select VM Instances. You can use this link (https://console.cloud.google.com/compute)  to navigate directly.
      4. Select the VM instance you want to recreate from the list of instances and go to the Details tab and note down the necessary details of the VM instance selected. (In case you aren’t sure which instance needs to be re-created, follow the steps to reproduce listed above to determine which to choose.)
      5. From the left navigation menu, click on Machine images to view the list of all machine images present in the selected project. 
      6. Click on the three-dot icon of your desired machine image and select Create instance to create a new instance from the selected image.
      7. Enter a unique name and set all the configurations based on the original instance you’re recreating and click CREATE to create the new instance.
      8. Migrate all the data from the original VM instance to your newly created VM instance.
      9. You can delete the original instance once all the data has been migrated to the new VM instance. To do so, click on the VM instance and select the delete option from the top navigation bar.
      10. In the delete VM instance pop-up box, click on delete to confirm your action.
      11. Repeat steps 4 to 10 for all the VM instances you want to reconfigure in the selected project.
      12. If you have multiple projects, repeat steps 2 to 11 for each project in your GCP console.