Ensure that the total number of VM instances does not exceed a set threshold.
Risk Level: Low
Description
This plugin ensures that the total number of Compute Engine Virtual Machine (VM) instances does not exceed a set threshold. All the active VM instances must be carefully monitored to ensure that only the required instances are up and running and unused ones are deleted.
Configuration Parameters
Instance Count Global Threshold: This parameter specifies the maximum limit of the number of instances that can run across all regions. An issue is created when the total number of running instances across all regions exceeds the provided threshold limit.
By default, the value is 200, therefore it will return a vulnerability alert if there are more than 200 running instances globally.
Instance Count Region Threshold: This parameter specifies the maximum limit of the number of instances that can run across any specific region. An issue is created when the total number of running instances across the region exceeds the provided threshold limit.
By default, the value is 100, therefore it will return a vulnerability alert if there are more than 100 running instances in that region.
About the Service
Google Cloud Compute Engine:
Google Cloud Compute Engine is a service that allows you to create Virtual Machines based on your preferences and run them on Google’s infrastructure. You can either use their predefined machines with certain default configurations or create your own custom Virtual Machine to meet your exact requirements. To know more, read here.
Impact
If the unused instances haven’t been deleted and the number of Compute Engine VM instances have crossed the set threshold, then this could lead to an increase in the charges unnecessarily. To ensure maximum efficiency and cost optimization, SentinelOne CNS strongly recommends that the total number of virtual machines does not exceed the set threshold.
Steps to Reproduce
Using GCP Console-
- Log In to your GCP Console.
- From the top navigation bar, select the GCP project you want to investigate.
- From the navigation panel on the left side of the console, go to Compute Engine and select Zones under the Settings section. You can use this link (https://console.cloud.google.com/compute/zones) to navigate directly if you’re already logged in.
- Check if any of the zones cross the maximum limit of VM instances depending on the threshold set (you can find the approved number of running instances on the CNS dashboard from the plugin configurations.) If the number of VM instances in any zone crosses the set threshold, it means that the number of instances has exceeded the maximum limit.
- If you want to check the global threshold count, you can go to the VM instance page under Compute Engine and check the total number of instances present in the list. You can use this link (https://console.cloud.google.com/compute) to navigate directly. If the number of VM instances present crosses the set threshold for global instances, then it has exceeded the maximum limit.
- If you have multiple projects that you want to investigate, repeat steps 2-5 for each project in your GCP console.
Steps for Remediation:
If the total number of your Compute Engine VM Instances crossed the threshold, delete the instances that are currently not being used.
The steps to delete a Virtual Machine (VM) instance are-
Using GCP Console-
- Log In to your GCP Console.
- From the top navigation bar, select the GCP project you want to investigate.
- From the navigation panel on the left side of the console, go to Compute Engine and select VM Instances. You can use this link (https://console.cloud.google.com/compute) to navigate directly if you’re already logged in.
- Click on More options (three-dot-icon) for the VM instance you want to delete, from the table of VM instances available.
- Select the Delete option and press DELETE in the popup box to confirm.
- Repeat steps 4 and 5 for all the VM instances you want to delete in the selected project.
- If you have multiple projects, repeat steps 2 to 6 for each project in your GCP console.