Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Awn 192646 #73

Merged
merged 6 commits into from
Mar 16, 2023
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions en/google/compute/autoscale-minimum-cpu-utilization-target.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
1. In the console, go to the Instance groups page.

[Go to Instance groups](https://console.cloud.google.com/compute/instanceGroups)

2. If you have an instance group, select it and click Edit. If you don't have an instance group, click Create instance group.

3. If no autoscaling configuration exists, under Autoscaling, click Configure autoscaling.

4. Under Autoscaling mode, select On: add and remove instances to the group to enable autoscaling.

5. Specify the minimum and maximum numbers of instances that you want the autoscaler to create in this group.

6. In the Autoscaling metrics section, if an existing CPU utilization metric does not yet exist, add one:

a. Click Add metric.
b. Under Metric type, select CPU utilization.
c. Enter the Target CPU utilization that you want. This value is treated as a percentage. For example, for 75% CPU utilization, enter `75`.
d. Under Predictive autoscaling, select Off. To learn more about predictive autoscaling, and whether it is suitable for your workload, see [Scaling based on predictions](https://cloud.google.com/compute/docs/autoscaler/predictive-autoscaling).
e. Click Done.
7. You can use the Cool down period to tell the autoscaler how long it takes for your application to initialize. Specifying an accurate cool down period improves autoscaler decisions. For example, when scaling out, the autoscaler ignores data from VMs that are still initializing because those VMs might not yet represent normal usage of your application. The default cool down period is 60 seconds.

8. Click Save.
23 changes: 23 additions & 0 deletions en/google/compute/instance-automatic-restart-enabled.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# GOOGLE / Compute / Instance Automatic Restart Enabled

## Quick Info

| | |
|-|-|
| **Plugin Title** | Instance Automatic Restart Enabled |
| **Cloud** | GOOGLE |
| **Category** | Compute |
| **Description** | Ensure that Virtual Machine instances have automatic restart feature enabled. |
| **More Info** | Automatic Restart sets the virtual machine restart behavior when an instance is crashed or stopped by the system. If it is enabled, Google Cloud Compute Engine restarts the instance if it crashes or is stopped. |
| **GOOGLE Link** | https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options#autorestart |
| **Recommended Action** | Ensure automatic restart is enabled for all virtual machine instances. |

## Detailed Remediation Steps
1. In the Google Cloud console, go to the VM instances page.
2. Click the VM for which you want to change settings. The VM details page displays.
3. On the VM details page, complete the following steps:
a. Click the Edit button at the top of the page.
b. Under Availability policies, update the policy as needed. From the Availability policies section, you can set the On host maintenance and Automatic restart options.
c. Click Save.
28 changes: 28 additions & 0 deletions en/google/compute/instance-maintenance-behavior.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# GOOGLE / Compute / Instance Maintenance Behavior

## Quick Info

| | |
|-|-|
| **Plugin Title** | Instance Maintenance Behavior |
| **Cloud** | GOOGLE |
| **Category** | Compute |
| **Description** | Ensure that \"On Host Maintenance\" configuration is set to Migrate for VM instances. |
| **More Info** | When Google Compute Engine performs regular maintenance of its infrastructure, it migrates your VM instances to other hardware if you have configured the availability policy for the instance to use live migration. This prevents your applications from experiencing disruptions during these events. |
| **GOOGLE Link** | https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options |
| **Recommended Action** | Ensure that your Google Compute Engine VM instances are configured to use live migration. |

## Detailed Remediation Steps
1. In the Google Cloud console, go to the VM instances page.

[Go to VM instances](https://console.cloud.google.com/compute/instances)

2. Click the VM for which you want to change settings. The VM details page displays.

3. On the VM details page, complete the following steps:

a. Click the Edit button at the top of the page.
b. Under Availability policies, update the policy as needed. From the Availability policies section, you can set the On host maintenance and Automatic restart options.
c. Click Save.
37 changes: 37 additions & 0 deletions en/google/compute/shielded-vm-enabled.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# GOOGLE / Compute / Shielded VM Enabled
## Quick Info

| | |
|-|-|
| **Plugin Title** | Shielded VM Enabled |
| **Cloud** | GOOGLE |
| **Category** | Compute |
| **Description** | Ensures that instances are configured with the shielded VM enabled |
| **More Info** | Shielded VM option should be configured to defend against the security attacks on the instances. |
| **GOOGLE Link** | https://cloud.google.com/security/shielded-cloud/shielded-vm |
| **Recommended Action** | Enable the shielded VM for all the instances for security reasons. |

## Detailed Remediation Steps
1. In the Google Cloud console, go to the VM instances page.

[Go to VM instances](https://console.cloud.google.com/compute/instances)

2. Click the instance name to open the VM instance details page.

3. Click Stop.

4. After the instance stops, click Edit.

5. In the Shielded VM section, modify the Shielded VM options:

- Toggle Turn on Secure Boot to enable Secure Boot Compute Engine does not enable [Secure Boot](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#secure-boot) by default because unsigned drivers and other low-level software might not be compatible. If possible, Google recommends enabling Secure Boot.

- Toggle Turn on vTPM to disable the virtual trusted platform module (vTPM). By default, Compute Engine enables the [Virtual Trusted Platform Module (vTPM)](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#vtpm).

- Toggle Turn on Integrity Monitoring to disable integrity monitoring. By default, Compute Engine enables [integrity monitoring](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#integrity-monitoring).

6. Click Save.

7. Click Start to start the instance.
30 changes: 30 additions & 0 deletions en/google/compute/vm-instance-deletion-protection.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# GOOGLE / Compute / VM Instance Deletion Protection

## Quick Info

| | |
|-|-|
| **Plugin Title** | VM Instance Deletion Protection |
| **Cloud** | GOOGLE |
| **Category** | Compute |
| **Description** | Ensure that Virtual Machine instances have deletion protection enabled. |
| **More Info** | VM instances should have deletion protection enabled in order to prevent them for being accidentally deleted. |
| **GOOGLE Link** | https://cloud.google.com/compute/docs/instances/preventing-accidental-vm-deletion |
| **Recommended Action** | Modify VM instances to enable deletion protection |

## Detailed Remediation Steps
1. Go to the VM instances page.

[Go to VM instances](https://console.cloud.google.com/compute/instances)

2. If prompted, select your project and click Continue.

3. Click the name of the instance for which you want to toggle deletion protection. The instance details page displays.

4. From the instance details page, complete the following steps:

a. Click the Edit button at the top of the page.
b. Under Deletion Protection, check the box to enable or uncheck the box to disable deletion protection.
c. Save your changes.