Instances should not have public IP addresses

Explanation

Instances should not be publicly exposed to the internet

Possible Impact

Direct exposure of an instance to the public internet

Suggested Resolution

Remove public IP

Insecure Example

The following example will fail the google-compute-no-public-ip check.

resource "google_compute_instance" "bad_example" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  tags = ["foo", "bar"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  // Local SSD disk
  scratch_disk {
    interface = "SCSI"
  }

  network_interface {
    network = "default"

    access_config {
      // Ephemeral IP
    }
  }
}

Secure Example

The following example will pass the google-compute-no-public-ip check.

resource "google_compute_instance" "good_example" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  tags = ["foo", "bar"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  // Local SSD disk
  scratch_disk {
    interface = "SCSI"
  }

  network_interface {
    network = "default"
  }
}

Getting Started
Provider Checks
Config
GitHub Actions