catalog logoThe IAM Privilege Catalog

services / Google Cloud / Compute Engine managed instances

Create and alter managed instances.

Allows access to general core VM infrastructure, which can support a broad array of organizational functions. Note that the terms "instance" and "VM" are interchangeable within the compute engine documentation, although may have semantic differences within these privileges.

compute.​instances.​getShieldedVmIdentity

Provides access to the public components of the VM's virtual trusted platform module (vTPM). While labeled "public", these components may not be intended for consumption by the broader public.

Risks

  1. Account discovery (LOW)

Scope: LOW

This privilege allows access to data that are not meant to be public, but are otherwise not sensitive.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​instances
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​instances
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​instances
  • https:​/​/​cloud.​google.​com/​compute/​shielded-​vm/​docs/​shielded-​vm

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog