Ensure compute instance does not have serial console enabled.
Description
This policy checks whether serial console access is enabled for compute instances. Serial console access can pose a security risk if not properly managed, as it allows access to the instance's console output. Enabling serial console access can potentially expose sensitive information, such as boot messages and kernel panics. It is recommended to disable serial console access unless it is explicitly required for debugging or troubleshooting purposes.
Code Example
terraform
resource "yandex_compute_instance" "example" {
metadata = {
serial-port-enable = false
}
}Remediation
Ensure the compute instance does not have serial console enabled by setting the serial-port-enable metadata to False.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1337 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | yandex_compute_instance |
| Checkov ID | CKV_YC_4 |