services / Google Cloud / Compute Engine instance groups

Create and alter (unmanaged) instance groups.

Allows creation, modification, and destruction of manually managed instance groups. Generally requires exercise of multiple risks to exploit.


Can provide access to a VM by connecting instances to a compromised load-balancing rule; or, remove necessary infrastructure from network access.


Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.


  • https:​/​/​cloud.​google.​com/​compute/​docs/​instance-​groups
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​instance-​groups/​unmanaged
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​instanceGroups
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog