Vertex AI workbench instances are not private
Description
This policy is checking to make sure that Vertex AI workbench instances are set to private.
The policy is primarily concerned with data privacy and security. When AI workbench instances are public, they may be accessed, viewed, or modified by unauthorized individuals. This could result in the loss or corruption of data and the potential exposure of sensitive information. By setting these instances to private, access is restricted thus enhancing data security. Therefore, non-compliance with this policy compromises data security, confidentiality, and potentially, the proper functioning of the AI applications.
Code Example
resource "google_workbench_instance" "instance_good" {
...
gce_setup {
...
disable_public_ip = true
}
}Remediation
Terraform
- Resource: google_workbench_instance
- Arguments: gce_setup.disable_public_ip
To fix the issue, make sure that `disable_public_ip` attribute is set to `true` inside the `gce_setup` block in the Vertex AI workbench instance configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1013 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_GCP_28 |