github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/compute/AVD-GCP-0030/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/compute/AVD-GCP-0030/Terraform.md (about)

     1  
     2  Disable project-wide SSH keys
     3  
     4  ```hcl
     5   resource "google_service_account" "default" {
     6     account_id   = "service_account_id"
     7     display_name = "Service Account"
     8   }
     9   
    10   resource "google_compute_instance" "default" {
    11     name         = "test"
    12     machine_type = "e2-medium"
    13     zone         = "us-central1-a"
    14   
    15     tags = ["foo", "bar"]
    16   
    17     boot_disk {
    18       initialize_params {
    19         image = "debian-cloud/debian-9"
    20       }
    21     }
    22   
    23     // Local SSD disk
    24     scratch_disk {
    25       interface = "SCSI"
    26     }
    27   
    28     network_interface {
    29       network = "default"
    30   
    31       access_config {
    32         // Ephemeral IP
    33       }
    34     }
    35   
    36     metadata = {
    37       block-project-ssh-keys = true
    38     }
    39   
    40     metadata_startup_script = "echo hi > /test.txt"
    41   
    42     service_account {
    43       # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
    44       email  = google_service_account.default.email
    45       scopes = ["cloud-platform"]
    46     }
    47   }
    48   
    49  ```
    50  
    51  #### Remediation Links
    52   - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#
    53