TPU v2 VM is public
Description
This policy is checking to ensure that Tensor Processing Units (TPU) virtual machines are set to private in a Google Cloud Platform (GCP) environment. TPUs are Google's custom-developed application-specific integrated circuits (ASICs) used to accelerate machine learning workloads.
Keeping TPU VMs set to private is necessary as it makes sure the TPU resources are not exposed to the public internet, thereby reducing the risk of unauthorized access. If a TPU is not private, it can be exposed to potential cyber threats including data breaches, hacking, and data corruption. Hence, the non-compliance with this policy can lead to potential security vulnerabilities.
Code Example
resource "google_tpu_v2_vm" "tpu_good" {
...
network_config {
...
enable_external_ips = false
}
}Remediation
Terraform
- Resource: google_tpu_v2_vm
- Arguments: network_config.enable_external_ips
To fix this issue, set the "enable_external_ips" attribute to "false" in your resource configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1017 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_GCP_32 |