VM instance attached disks have auto-delete disabled
compute_instance_disk_auto_delete_disabled
This check verifies whether GCP Compute Engine VM instances have auto-delete disabled for their attached persistent disks.
When auto-delete is enabled, persistent disks are automatically removed when the associated VM instance is deleted, which can lead to unintended data loss.
Risk
With auto-delete enabled, persistent disks are automatically deleted when the associated VM instance is terminated.
This could result in:
- Permanent data loss if the instance is accidentally or intentionally deleted
- Recovery challenges for mission-critical workloads
- Compliance violations where data retention is required
prowler gcp --checks compute_instance_disk_auto_delete_disabled
Recommendation
Disable auto-delete for all persistent disks attached to production and business-critical VM instances to prevent accidental data loss. Regularly review disk configurations to ensure data retention requirements are met.
Remediation
gcloud compute instances set-disk-auto-delete INSTANCE_NAME --zone=ZONE --no-auto-delete --disk=DISK_NAME
- Open the Google Cloud Console
- Navigate to Compute Engine > VM instances
- Click the target VM instance name
- Click Edit
- In the Boot disk section, select 'Keep disk' from the 'When deleting instance' dropdown
- For Additional disks, click each disk and select 'Keep disk' under 'Deletion rule'
- Click Save
Source Code
Resource Type
compute.googleapis.com/Instance