Ensure Vertex AI Notebook instances are launched with Shielded VM enabled
Description
This policy checks whether Vertex AI Notebook instances are launched with Shielded VM enabled. Shielded VM provides an additional layer of security and integrity for virtual machines, ensuring they are booting with a verified and trusted firmware. Enabling Shielded VM helps prevent attacks that rely on malicious firmware. It is essential to enable Shielded VM to ensure the security and integrity of the Notebook instances.
Code Example
terraform
resource "google_notebooks_instance" "example" {
shielded_instance_config {
enable_vtpm = true
}
}Remediation
Enable Shielded VM for Vertex AI Notebook instances by setting enable_vtpm to True in the shielded_instance_config block.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0984 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | google_notebooks_instance |
| Checkov ID | CKV_GCP_126 |