Description

A Shielded VM is a VM with enhanced defences/detection for rootkits/bootkits.

Resolution: Enable Shielded VM.

Examples

Example of incorrect code:

resource "google_compute_instance" "bad_example" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  tags = ["foo", "bar"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  // Local SSD disk
  scratch_disk {
    interface = "SCSI"
  }

  shielded_instance_config {
    enable_vtpm = false
    enable_integrity_monitoring = false
  }
}

Example of correct code:

resource "google_compute_instance" "bad_example" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  tags = ["foo", "bar"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  // Local SSD disk
  scratch_disk {
    interface = "SCSI"
  }

  shielded_instance_config {
    enable_vtpm = true
    enable_integrity_monitoring = true
  }
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

google-compute-enable-shielded-vm.md

google-compute-enable-shielded-vm.md

Description

Examples

Files

google-compute-enable-shielded-vm.md

Latest commit

History

google-compute-enable-shielded-vm.md

File metadata and controls

Description

Examples