Aqua CSPM

OS Login Enabled

Quick Info

Plugin TitleOS Login Enabled
CloudGOOGLE
CategoryCompute
DescriptionEnsures OS login is enabled for the project
More InfoEnabling OS login ensures that SSH keys used to connect to instances are mapped with IAM users.
GOOGLE Linkhttps://cloud.google.com/compute/docs/instances/managing-instance-access
Recommended ActionSet enable-oslogin in project-wide metadata so that it applies to all of the instances in the project.

Detailed Remediation Steps

  1. Log into the Google Cloud Platform Console.
  2. Scroll down the left navigation panel and choose the “Compute Engine” to select the “VM Instances” option.
  3. On the “VM Instances” page, select the VM instance which needs to be verified.
  4. On the “VM instance details” page, scroll down and check is there is any cutom metadata for “OS login” is enabled or not for the project.
  5. Repeat steps number 2 - 4 to verify other VM instances in the network.
  6. Navigate to “Compute Engine”, choose the “VM instances” and select the “VM instance” which needs to enabled “Os login” for the project.
  7. On the “VM instance details” page, select the “Edit” button at the top.
  8. On the “VM instance details - Edit page”, scroll down the page and under “Custom metadata” add the key as “enable-oslogin” and value as “TRUE."
  9. Click on the “Save” button to make the changes.
  10. Navigate to “Metadata” under the “Compute Engine” to add a project-wide metadata. Click on the “Edit” button at the top and add an entry similar to the step 8 for the key and the value and click on the “Save” button to make the changes.
  11. Repeat steps number 6 - 10 to set “enable-oslogin” in project-wide metadata so that it applies to all of the instances in the project.