Ensure compute instance group has security group assigned.
Description
This policy checks whether a security group is assigned to a compute instance group. Assigning a security group to a compute instance group is crucial for controlling incoming and outgoing network traffic, thereby protecting the instance from unauthorized access. Without a security group, the instance may be exposed to various security risks. It is essential to assign a security group to ensure the instance group's network security.
Code Example
terraform
resource "yandex_compute_instance_group" "example" {
instance_template {
network_interface {
security_group_ids = [yandex_vpc_security_group.example.id]
}
}
}Remediation
Assign a security group to the compute instance group by specifying the security_group_ids attribute in the instance_template block of the yandex_compute_instance_group resource.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1355 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | yandex_compute_instance_group |
| Checkov ID | CKV_YC_22 |