How to enable Shielded VMs in Compute Engine in GCP?

Deba

–

May 3, 2023

Shielded VMs in GCP offer advanced security features to protect virtual machines from threats such as rootkits and bootkits. You can enable Shielded VMs when creating new Compute Engine instances. Here’s how to do that using the GCP Console, gcloud CLI, and Terraform:

1. Using GCP Console:

a. Go to the GCP Console: https://console.cloud.google.com/

b. Navigate to Compute Engine > VM instances.

c. Click the “Create Instance” button.

d. Configure the instance settings such as name, zone, and machine type.

e. Under “Boot disk,” click “Change” and select a Shielded VM-compatible image (e.g., a recent version of Windows Server, Debian, Ubuntu, or CentOS).

f. Under “Security,” check the “Turn on Secure Boot,” “Turn on vTPM,” and “Turn on Integrity Monitoring” options to enable Shielded VM features.

g. Click “Create” to create the Shielded VM instance.

2. Using gcloud CLI:

a. Install the Google Cloud SDK and configure authentication: https://cloud.google.com/sdk/docs/install

b. Create a new Shielded VM instance using the gcloud compute instances create command with the --shielded-secure-boot, --shielded-vtpm, and --shielded-integrity-monitoring flags:

gcloud compute instances create INSTANCE_NAME \
    --image-family IMAGE_FAMILY \
    --image-project IMAGE_PROJECT \
    --zone ZONE \
    --shielded-secure-boot \
    --shielded-vtpm \
    --shielded-integrity-monitoring

Replace INSTANCE_NAME, IMAGE_FAMILY, IMAGE_PROJECT, and ZONE with appropriate values.

3. Using Terraform:

a. Update the main.tf file to configure the google_compute_instance resource with Shielded VM features:

resource "google_compute_instance" "example" {
  name         = "example-instance"
  machine_type = "n1-standard-1"
  zone         = "us-central1-a"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-10"
    }
  }

  shielded_instance_config {
    enable_secure_boot          = true
    enable_vtpm                 = true
    enable_integrity_monitoring = true
  }

  # ... other settings ...
}

b. Run the following commands to apply the changes:

terraform init
terraform plan
terraform apply

By following these steps, you can enable Shielded VMs in Compute Engine instances in GCP. Note that not all images are compatible with Shielded VM features, so make sure to select a supported image when creating the instance.

Deba

May 16, 2023

Home

Glance and Google’s Next-Level Gaming Recommendation Engine

Collaborative Excellence: Glance and Google’s Next-Level Gaming Recommendation Engine Introduction: In the dynamic gaming industry, personalized recommendations are crucial for..