Data protection

Internet Facing GCP Compute Engine Instance with Broad Storage Read Permission

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Orca has detected that the compute engine instance {GcpVmInstance} has broad permissions to read all storage in it's project scope.
  • Recommended Mitigation

    Review the service account permissions and the compute engine instance access scope and make sure to follow the principle of least privilege.