Google Compute Engine

Instance Template Machine Type Not Desired

Ensure that Cloud Virtual Machine instance templates are of desired types.

Risk Level: Medium

Description

This plugin checks if Cloud Virtual Machine instance templates are of desired types or not. Virtual machine instance templates have a defined machine type, boot disk image, and other instance configurations. These templates can be used to instantly create VM instances with preexisting configurations. This is useful especially for creating multiple identical instances.

About the Service

Google Cloud Compute Engine:

Google Cloud Compute Engine is a service that allows you to create Virtual Machines based on your preferences and run them on Google’s infrastructure. You can either use their predefined machines with certain default configurations or create your own custom Virtual Machine to meet your exact requirements. To know more, read here

Impact

There can be different types of Virtual Machine (VM) instance templates, each of which is best suited to specific workloads. Not using the desired instance template for your VM instance could affect the performance of the instance. Since the pricing of virtual machines is different based on the configurations, not using the desired instance template could also result in unwanted billing charges.

Steps to Reproduce

Using GCP Console-

  1. Log In to your GCP Console.
  2. From the top navigation bar, select the GCP project you want to investigate.
  3. From the navigation panel on the left side of the console, go to Compute Engine and select Instance templates. You can use this link (https://console.cloud.google.com/compute/instanceTemplates) to navigate directly if you’re already logged in.
  4. Select the instance template you want to investigate from the list of instance templates available.
  5. Under the Machine type section, verify if the configurations are the same as the specified desired type.
  6. Repeat steps 4 and 5 for all the VM instance templates you want to investigate in the selected project.
  7. If you have multiple projects that you want to investigate, repeat steps 2-6 for each project in your GCP console.

Steps for Remediation


If the Virtual Machine (VM) instances are not of the desired instance template, follow the steps below to make the necessary changes.


Using GCP Console-

  1. Log In to your GCP Console.
  2. From the top navigation bar, select the GCP project you want to investigate.
  3. From the navigation panel on the left side of the console, go to Compute Engine and select Instance templates. You can use this link (https://console.cloud.google.com/compute/instanceTemplates) to navigate directly if you’re already logged in.
  4. From the list of instances, choose the VM instance template you want to reconfigure. (In case you aren’t sure which instance needs to be configured, follow the steps to reproduce listed above to determine which instance to choose.)
  5. Since you cannot edit the settings of an instance template, click on the Create similar button from the top navigation bar to create a new instance template with the desired configuration
  6. Under the Machine configuration section, choose the desired machine family and machine type. Then click Create to create your new instance template with the desired machine type.
  7. Once the new instance template is created, you can delete the previous instance template using the delete button on the top navigation bar, if required.
  8. Repeat steps 4 to 7 for all the instance templates you want to reconfigure in the selected project.
  9. If you have multiple projects, repeat steps 2 to 8 for each project in your GCP console.