Files

@typescript-eslint
Bandit
Brakeman
CSSLint
CodeNarc
CoffeeLint
CppLint
Cppcheck
Detekt
ESLint
Govet
Hadolint
Linter for Dart
Oxlint
PHP_CodeSniffer
PSScriptAnalyzer
Pycodestyle
Pylint
Revive
RuboCop
Scalastyle
ShellCheck
StyleCop.Analyzers
SwiftLint
TSLint
Yamllint
checkstyle
dotnet-assembly
lintr
stylelint
tfsec
- AWS001.md
- AWS002.md
- AWS003.md
- AWS004.md
- AWS005.md
- AWS006.md
- AWS007.md
- AWS008.md
- AWS009.md
- AWS010.md
- AWS011.md
- AWS012.md
- AWS013.md
- AWS014.md
- AWS015.md
- AWS016.md
- AWS017.md
- AWS018.md
- AWS019.md
- AWS020.md
- AWS021.md
- AWS022.md
- AWS023.md
- AWS024.md
- AWS025.md
- AWS031.md
- AWS032.md
- AWS033.md
- AWS034.md
- AWS035.md
- AWS036.md
- AWS037.md
- AWS038.md
- AWS039.md
- AWS040.md
- AWS041.md
- AWS042.md
- AWS043.md
- AWS044.md
- AWS045.md
- AWS046.md
- AWS047.md
- AWS048.md
- AWS049.md
- AWS050.md
- AWS051.md
- AWS052.md
- AWS053.md
- AWS057.md
- AWS058.md
- AWS059.md
- AWS060.md
- AWS061.md
- AWS062.md
- AWS063.md
- AWS064.md
- AWS065.md
- AWS066.md
- AWS067.md
- AWS068.md
- AWS069.md
- AWS070.md
- AWS071.md
- AWS072.md
- AWS073.md
- AWS074.md
- AWS075.md
- AWS076.md
- AWS077.md
- AWS078.md
- AWS079.md
- AWS080.md
- AWS081.md
- AWS082.md
- AWS083.md
- AWS084.md
- AWS085.md
- AWS086.md
- AWS087.md
- AWS088.md
- AWS089.md
- AWS090.md
- AWS091.md
- AWS092.md
- AWS093.md
- AWS094.md
- AWS095.md
- AWS096.md
- AWS097.md
- AWS098.md
- AWS099.md
- AZU001.md
- AZU002.md
- AZU003.md
- AZU004.md
- AZU005.md
- AZU006.md
- AZU007.md
- AZU008.md
- AZU009.md
- AZU010.md
- AZU011.md
- AZU012.md
- AZU013.md
- AZU014.md
- AZU015.md
- AZU016.md
- AZU017.md
- AZU018.md
- AZU019.md
- AZU020.md
- AZU021.md
- AZU022.md
- AZU023.md
- AZU024.md
- AZU025.md
- AZU026.md
- AZU027.md
- AZU028.md
- GCP001.md
- GCP003.md
- GCP004.md
- GCP005.md
- GCP006.md
- GCP007.md
- GCP008.md
- GCP009.md
- GCP010.md
- GCP011.md
- GCP012.md
- GEN001.md
- GEN002.md
- GEN003.md
- GEN004.md
- OCI001.md
- aws-api-gateway-enable-access-logging.md
- aws-api-gateway-enable-cache-encryption.md
- aws-api-gateway-enable-tracing.md
- aws-api-gateway-no-public-access.md
- aws-api-gateway-use-secure-tls-policy.md
- aws-athena-enable-at-rest-encryption.md
- aws-athena-no-encryption-override.md
- aws-autoscaling-enable-at-rest-encryption.md
- aws-autoscaling-enforce-http-token-imds.md
- aws-autoscaling-no-public-ip.md
- aws-autoscaling-no-secrets-in-user-data.md
- aws-autoscaling-no-sensitive-info.md
- aws-cloudfront-enable-logging.md
- aws-cloudfront-enable-waf.md
- aws-cloudfront-enforce-https.md
- aws-cloudfront-use-secure-tls-policy.md
- aws-cloudtrail-enable-all-regions.md
- aws-cloudtrail-enable-at-rest-encryption.md
- aws-cloudtrail-enable-log-validation.md
- aws-cloudtrail-ensure-cloudwatch-integration.md
- aws-cloudtrail-no-public-log-access.md
- aws-cloudtrail-require-bucket-access-logging.md
- aws-cloudwatch-log-group-customer-key.md
- aws-codebuild-enable-encryption.md
- aws-config-aggregate-all-regions.md
- aws-documentdb-enable-log-export.md
- aws-documentdb-enable-storage-encryption.md
- aws-documentdb-encryption-customer-key.md
- aws-dynamodb-enable-at-rest-encryption.md
- aws-dynamodb-enable-recovery.md
- aws-dynamodb-table-customer-key.md
- aws-ebs-enable-volume-encryption.md
- aws-ebs-encryption-customer-key.md
- aws-ec2-add-description-to-security-group-rule.md
- aws-ec2-add-description-to-security-group.md
- aws-ec2-enable-at-rest-encryption.md
- aws-ec2-enable-launch-config-at-rest-encryption.md
- aws-ec2-enable-volume-encryption.md
- aws-ec2-enforce-http-token-imds.md
- aws-ec2-enforce-launch-config-http-token-imds.md
- aws-ec2-no-default-vpc.md
- aws-ec2-no-excessive-port-access.md
- aws-ec2-no-public-egress-sgr.md
- aws-ec2-no-public-ingress-acl.md
- aws-ec2-no-public-ingress-sgr.md
- aws-ec2-no-public-ip-subnet.md
- aws-ec2-no-public-ip.md
- aws-ec2-no-secrets-in-launch-template-user-data.md
- aws-ec2-no-secrets-in-user-data.md
- aws-ec2-no-sensitive-info.md
- aws-ec2-volume-encryption-customer-key.md
- aws-ecr-enable-image-scans.md
- aws-ecr-enforce-immutable-repository.md
- aws-ecr-no-public-access.md
- aws-ecr-repository-customer-key.md
- aws-ecs-enable-container-insight.md
- aws-ecs-enable-in-transit-encryption.md
- aws-ecs-no-plaintext-secrets.md
- aws-efs-enable-at-rest-encryption.md
- aws-eks-enable-control-plane-logging.md
- aws-eks-encrypt-secrets.md
- aws-eks-no-public-cluster-access-to-cidr.md
- aws-eks-no-public-cluster-access.md
- aws-elastic-search-enable-domain-encryption.md
- aws-elastic-search-enable-domain-logging.md
- aws-elastic-search-enable-in-transit-encryption.md
- aws-elastic-search-enable-logging.md
- aws-elastic-search-encrypt-replication-group.md
- aws-elastic-search-enforce-https.md
- aws-elastic-search-use-secure-tls-policy.md
- aws-elastic-service-enable-domain-encryption.md
- aws-elasticache-add-description-for-security-group.md
- aws-elasticache-enable-at-rest-encryption.md
- aws-elasticache-enable-backup-retention.md
- aws-elasticache-enable-in-transit-encryption.md
- aws-elb-alb-not-public.md
- aws-elb-drop-invalid-headers.md
- aws-elb-http-not-used.md
- aws-elb-use-secure-tls-policy.md
- aws-elbv2-alb-not-public.md
- aws-elbv2-http-not-used.md
- aws-emr-enable-at-rest-encryption.md
- aws-emr-enable-in-transit-encryption.md
- aws-emr-enable-local-disk-encryption.md
- aws-iam-block-kms-policy-wildcard.md
- aws-iam-enforce-group-mfa.md
- aws-iam-enforce-mfa.md
- aws-iam-no-password-reuse.md
- aws-iam-no-policy-wildcards.md
- aws-iam-no-root-access-keys.md
- aws-iam-no-user-attached-policies.md
- aws-iam-require-lowercase-in-passwords.md
- aws-iam-require-numbers-in-passwords.md
- aws-iam-require-symbols-in-passwords.md
- aws-iam-require-uppercase-in-passwords.md
- aws-iam-set-max-password-age.md
- aws-iam-set-minimum-password-length.md
- aws-kinesis-enable-in-transit-encryption.md
- aws-kms-auto-rotate-keys.md
- aws-lambda-enable-tracing.md
- aws-lambda-restrict-source-arn.md
- aws-launch-no-sensitive-info.md
- aws-misc-no-exposing-plaintext-credentials.md
- aws-mq-enable-audit-logging.md
- aws-mq-enable-general-logging.md
- aws-mq-no-public-access.md
- aws-msk-enable-in-transit-encryption.md
- aws-msk-enable-logging.md
- aws-neptune-enable-log-export.md
- aws-neptune-enable-storage-encryption.md
- aws-neptune-encryption-customer-key.md
- aws-rds-backup-retention-specified.md
- aws-rds-enable-performance-insights-encryption.md
- aws-rds-enable-performance-insights.md
- aws-rds-encrypt-cluster-storage-data.md
- aws-rds-encrypt-instance-storage-data.md
- aws-rds-no-classic-resources.md
- aws-rds-no-public-db-access.md
- aws-rds-specify-backup-retention.md
- aws-redshift-add-description-to-security-group.md
- aws-redshift-encryption-customer-key.md
- aws-redshift-no-classic-resources.md
- aws-redshift-non-default-vpc-deployment.md
- aws-redshift-use-vpc.md
- aws-s3-block-public-acls.md
- aws-s3-block-public-policy.md
- aws-s3-enable-bucket-encryption.md
- aws-s3-enable-bucket-logging.md
- aws-s3-enable-versioning.md
- aws-s3-encryption-customer-key.md
- aws-s3-ignore-public-acls.md
- aws-s3-no-public-access-with-acl.md
- aws-s3-no-public-buckets.md
- aws-s3-specify-public-access-block.md
- aws-sns-enable-topic-encryption.md
- aws-sns-topic-encryption-use-cmk.md
- aws-sqs-enable-queue-encryption.md
- aws-sqs-no-wildcards-in-policy-documents.md
- aws-sqs-queue-encryption-use-cmk.md
- aws-ssm-avoid-leaks-via-http.md
- aws-ssm-secret-use-customer-key.md
- aws-vpc-add-description-to-security-group-rule.md
- aws-vpc-add-description-to-security-group.md
- aws-vpc-disallow-mixed-sgr.md
- aws-vpc-no-default-vpc.md
- aws-vpc-no-excessive-port-access.md
- aws-vpc-no-public-egress-sg.md
- aws-vpc-no-public-egress-sgr.md
- aws-vpc-no-public-ingress-acl.md
- aws-vpc-no-public-ingress-sg.md
- aws-vpc-no-public-ingress-sgr.md
- aws-vpc-no-public-ingress.md
- aws-vpc-use-secure-tls-policy.md
- aws-workspace-enable-disk-encryption.md
- aws-workspaces-enable-disk-encryption.md
- azure-appservice-account-identity-registered.md
- azure-appservice-authentication-enabled.md
- azure-appservice-detailed-error-messages-enabled.md
- azure-appservice-dotnet-framework-version.md
- azure-appservice-enable-http2.md
- azure-appservice-enable-https-only.md
- azure-appservice-enforce-https.md
- azure-appservice-failed-request-tracing-enabled.md
- azure-appservice-ftp-deployments-disabled.md
- azure-appservice-http-logs-enabled.md
- azure-appservice-php-version.md
- azure-appservice-python-version.md
- azure-appservice-require-client-cert.md
- azure-appservice-use-secure-tls-policy.md
- azure-authorization-limit-role-actions.md
- azure-compute-disable-password-authentication.md
- azure-compute-enable-disk-encryption.md
- azure-compute-no-secrets-in-custom-data.md
- azure-compute-ssh-authentication.md
- azure-container-configured-network-policy.md
- azure-container-limit-authorized-ips.md
- azure-container-logging.md
- azure-container-use-rbac-permissions.md
- azure-database-all-threat-alerts-enabled.md
- azure-database-enable-audit.md
- azure-database-enable-ssl-enforcement.md
- azure-database-mysql-threat-detection-enabled.md
- azure-database-no-public-access.md
- azure-database-no-public-firewall-access.md
- azure-database-postgres-configuration-connection-throttling.md
- azure-database-postgres-configuration-log-checkpoints.md
- azure-database-postgres-configuration-log-connection-throttling.md
- azure-database-postgres-configuration-log-connections.md
- azure-database-retention-period-set.md
- azure-database-secure-tls-policy.md
- azure-database-threat-alert-email-set.md
- azure-database-threat-alert-email-to-owner.md
- azure-datafactory-no-public-access.md
- azure-datalake-enable-at-rest-encryption.md
- azure-functionapp-authentication-enabled.md
- azure-functionapp-enable-http2.md
- azure-keyvault-content-type-for-secret.md
- azure-keyvault-ensure-key-expiry.md
- azure-keyvault-ensure-secret-expiry.md
- azure-keyvault-no-purge.md
- azure-keyvault-specify-network-acl.md
- azure-monitor-activity-log-retention-set.md
- azure-monitor-capture-all-activities.md
- azure-monitor-capture-all-regions.md
- azure-mssql-all-threat-alerts-enabled.md
- azure-mssql-threat-alert-email-set.md
- azure-mssql-threat-alert-email-to-owner.md
- azure-network-disable-rdp-from-internet.md
- azure-network-no-public-egress.md
- azure-network-no-public-ingress.md
- azure-network-retention-policy-set.md
- azure-network-ssh-blocked-from-internet.md
- azure-security-center-alert-on-severe-notifications.md
- azure-security-center-enable-standard-subscription.md
- azure-security-center-set-required-contact-details.md
- azure-securitycenter-alert-on-severe-notifications.md
- azure-securitycenter-defender-on-appservices.md
- azure-securitycenter-defender-on-container-registry.md
- azure-securitycenter-defender-on-keyvault.md
- azure-securitycenter-defender-on-kubernetes.md
- azure-securitycenter-defender-on-servers.md
- azure-securitycenter-defender-on-sql-servers-vms.md
- azure-securitycenter-defender-on-sql-servers.md
- azure-securitycenter-defender-on-storage.md
- azure-securitycenter-enable-standard-subscription.md
- azure-securitycenter-set-required-contact-details.md
- azure-storage-allow-microsoft-service-bypass.md
- azure-storage-container-activity-logs-not-public.md
- azure-storage-default-action-deny.md
- azure-storage-enforce-https.md
- azure-storage-no-public-access.md
- azure-storage-queue-services-logging-enabled.md
- azure-storage-use-secure-tls-policy.md
- azure-synapse-virtual-network-enabled.md
- cloudstack-compute-no-sensitive-info.md
- digitalocean-compute-enforce-https.md
- digitalocean-compute-kubernetes-auto-upgrades-not-enabled.md
- digitalocean-compute-no-public-egress.md
- digitalocean-compute-no-public-ingress.md
- digitalocean-compute-surge-upgrades-not-enabled.md
- digitalocean-compute-use-ssh-keys.md
- digitalocean-droplet-use-ssh-keys.md
- digitalocean-loadbalancing-enforce-https.md
- digitalocean-spaces-acl-no-public-read.md
- digitalocean-spaces-disable-force-destroy.md
- digitalocean-spaces-versioning-enabled.md
- general-secrets-no-plaintext-exposure.md
- general-secrets-sensitive-in-attribute-value.md
- general-secrets-sensitive-in-attribute.md
- general-secrets-sensitive-in-local.md
- general-secrets-sensitive-in-variable.md
- github-actions-no-plain-text-action-secrets.md
- github-branch_protections-require_signed_commits.md
- github-repositories-enable_vulnerability_alerts.md
- github-repositories-private.md
- github-repositories-require-signed-commits.md
- github-repositories-vulnerability-alerts.md
- google-bigquery-no-public-access.md
- google-compute-disk-encryption-customer-key.md
- google-compute-disk-encryption-customer-keys.md
- google-compute-disk-encryption-no-plaintext-key.md
- google-compute-disk-encryption-required.md
- google-compute-enable-shielded-vm-im.md
- google-compute-enable-shielded-vm-vtpm.md
- google-compute-enable-shielded-vm.md
- google-compute-enable-vpc-flow-logs.md
- google-compute-no-default-service-account.md
- google-compute-no-ip-forwarding.md
- google-compute-no-oslogin-override.md
- google-compute-no-plaintext-disk-keys.md
- google-compute-no-plaintext-vm-disk-keys.md
- google-compute-no-project-wide-ssh-keys.md
- google-compute-no-public-egress.md
- google-compute-no-public-ingress.md
- google-compute-no-public-ip.md
- google-compute-no-serial-port.md
- google-compute-project-level-oslogin.md
- google-compute-use-secure-tls-policy.md
- google-compute-vm-disk-encryption-customer-key.md
- google-dns-enable-dnssec.md
- google-dns-no-rsa-sha1.md
- google-gke-enable-auto-repair.md
- google-gke-enable-auto-upgrade.md
- google-gke-enable-ip-aliasing.md
- google-gke-enable-master-networks.md
- google-gke-enable-network-policy.md
- google-gke-enable-private-cluster.md
- google-gke-enable-stackdriver-logging.md
- google-gke-enable-stackdriver-monitoring.md
- google-gke-enforce-pod-security-policy.md
- google-gke-metadata-endpoints-disabled.md
- google-gke-no-legacy-auth.md
- google-gke-no-legacy-authentication.md
- google-gke-no-public-control-plane.md
- google-gke-node-metadata-security.md
- google-gke-node-pool-uses-cos.md
- google-gke-node-shielding-enabled.md
- google-gke-use-cluster-labels.md
- google-gke-use-rbac-permissions.md
- google-gke-use-service-account.md
- google-iam-no-default-network.md
- google-iam-no-folder-level-default-service-account-assignment.md
- google-iam-no-folder-level-service-account-impersonation.md
- google-iam-no-org-level-default-service-account-assignment.md
- google-iam-no-org-level-service-account-impersonation.md
- google-iam-no-privileged-service-accounts.md
- google-iam-no-project-level-default-service-account-assignment.md
- google-iam-no-project-level-service-account-impersonation.md
- google-iam-no-user-granted-permissions.md
- google-kms-rotate-kms-keys.md
- google-project-no-default-network.md
- google-sql-enable-backup.md
- google-sql-enable-pg-temp-file-logging.md
- google-sql-encrypt-in-transit-data.md
- google-sql-mysql-no-local-infile.md
- google-sql-no-contained-db-auth.md
- google-sql-no-cross-db-ownership-chaining.md
- google-sql-no-public-access.md
- google-sql-pg-log-checkpoints.md
- google-sql-pg-log-connections.md
- google-sql-pg-log-disconnections.md
- google-sql-pg-log-errors.md
- google-sql-pg-log-lock-waits.md
- google-sql-pg-no-min-statement-logging.md
- google-storage-bucket-encryption-customer-key.md
- google-storage-disk-encryption-customer-key.md
- google-storage-enable-ubla.md
- google-storage-no-public-access.md
- kubernetes-network-no-public-egress.md
- kubernetes-network-no-public-ingress.md
- openstack-compute-no-plaintext-password.md
- openstack-compute-no-public-access.md
- openstack-fw-no-public-access.md
- openstack-networking-describe-security-group.md
- openstack-networking-no-public-egress.md
- openstack-networking-no-public-ingress.md
- oracle-compute-no-public-ip.md
LICENSE
README.md
template.md

google-compute-no-public-ip.md

History

Pattern: Use of public IP for Google Compute

Issue: -

Description

Instances should not be publicly exposed to the internet.

Resolution: Remove public IP.

Examples

Example of incorrect code:

resource "google_compute_instance" "bad_example" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  tags = ["foo", "bar"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  // Local SSD disk
  scratch_disk {
    interface = "SCSI"
  }

  network_interface {
    network = "default"

    access_config {
      // Ephemeral IP
    }
  }
}

Example of correct code:

resource "google_compute_instance" "good_example" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  tags = ["foo", "bar"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  // Local SSD disk
  scratch_disk {
    interface = "SCSI"
  }

  network_interface {
    network = "default"
  }
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

google-compute-no-public-ip.md

google-compute-no-public-ip.md

Description

Examples

Files

google-compute-no-public-ip.md

Latest commit

History

google-compute-no-public-ip.md

File metadata and controls

Description

Examples