Quick Info
| Plugin Title | OS Login Enabled |
| Cloud | |
| Category | Compute |
| Description | Ensures OS login is enabled for the project |
| More Info | Enabling OS login ensures that SSH keys used to connect to instances are mapped with IAM users. |
| GOOGLE Link | https://cloud.google.com/compute/docs/instances/managing-instance-access |
| Recommended Action | Set enable-oslogin in project-wide metadata so that it applies to all of the instances in the project. |
Detailed Remediation Steps
- Log into the Google Cloud Platform Console.
- Scroll down the left navigation panel and choose the “Compute Engine” to select the “VM Instances” option.
- On the “VM Instances” page, select the VM instance which needs to be verified.
- On the “VM instance details” page, scroll down and check is there is any cutom metadata for “OS login” is enabled or not for the project.
- Repeat steps number 2 - 4 to verify other VM instances in the network.
- Navigate to “Compute Engine”, choose the “VM instances” and select the “VM instance” which needs to enabled “Os login” for the project.
- On the “VM instance details” page, select the “Edit” button at the top.
- On the “VM instance details - Edit page”, scroll down the page and under “Custom metadata” add the key as “enable-oslogin” and value as “TRUE."
- Click on the “Save” button to make the changes.
- Navigate to “Metadata” under the “Compute Engine” to add a project-wide metadata. Click on the “Edit” button at the top and add an entry similar to the step 8 for the key and the value and click on the “Save” button to make the changes.
- Repeat steps number 6 - 10 to set “enable-oslogin” in project-wide metadata so that it applies to all of the instances in the project.