Project Level Oslogin

OS Login automatically revokes the relevant SSH keys when an IAM user has their access revoked.

Access via SSH key cannot be revoked automatically when an IAM user is removed.

Follow the appropriate remediation steps below to resolve the issue.

Log into the Google Cloud Platform Console.
Scroll down the left navigation panel and choose the “Compute Engine” to select the “VM Instances” option.
On the “VM Instances” page, select the VM instance which needs to be verified.
On the “VM instance details” page, scroll down and check is there is any cutom metadata for “OS login” is enabled or not for the project.
Repeat steps number 2 - 4 to verify other VM instances in the network.
Navigate to “Compute Engine”, choose the “VM instances” and select the “VM instance” which needs to enabled “Os login” for the project.
On the “VM instance details” page, select the “Edit” button at the top.
On the “VM instance details - Edit page”, scroll down the page and under “Custom metadata” add the key as “enable-oslogin” and value as “TRUE.”
Click on the “Save” button to make the changes.
Navigate to “Metadata” under the “Compute Engine” to add a project-wide metadata. Click on the “Edit” button at the top and add an entry similar to the step 8 for the key and the value and click on the “Save” button to make the changes.
Repeat steps number 6 - 10 to set “enable-oslogin” in project-wide metadata so that it applies to all of the instances in the project.

Enable OS Login at project level

1
2
3
4
5
6


 resource "google_compute_project_metadata" "default" {
   metadata = {
     enable-oslogin = true
   }
 }
 