gcp-gce-serialport-on

Ensure 'Enable connecting to serial ports' is not enabled for VM Instance

Compute engine instance can be managed by connecting to low level terminal using serial port (simulating physical connection to a machine). This type of administrative access is quite powerful and low level and should never be left enabled. It DOES NOT support IP-based access restrictions (like firewall).

Examples

Insecure Example

resource "google_compute_instance" "default" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  metadata = {
    serial-port-enable = true
  }
}

Secure Example

resource "google_compute_instance" "default" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  metadata = {
    # Simply omit specifying this metadata key, as it is not enabled by default
  }
}

More information

• GCP Docs
• Terraform Docs