Managed Instance Groups span multiple zones for high availability
compute_instance_group_multiple_zones
Managed Instance Groups (MIGs) should be configured for multi-zone deployments to ensure high availability and fault tolerance. A multi-zone MIG distributes instances across multiple zones within a region, protecting applications from zonal failures.
Risk
Running a MIG in a single zone creates a single point of failure. If that zone experiences an outage, all instances in the group become unavailable, resulting in application downtime during zonal failures, no automatic failover to healthy zones, and reduced resilience against infrastructure issues.
prowler gcp --checks compute_instance_group_multiple_zones
Recommendation
Use regional managed instance groups instead of zonal MIGs to distribute instances across multiple zones. This provides automatic failover and load distribution, ensuring high availability for production workloads.
Remediation
gcloud compute instance-groups managed create INSTANCE_GROUP_NAME --region=REGION --template=INSTANCE_TEMPLATE --size=TARGET_SIZE --zones=ZONE1,ZONE2,ZONE3
- Navigate to Compute Engine > Instance groups
- Click 'Create instance group'
- Select 'New managed instance group (stateless)'
- For 'Location', select 'Multiple zones'
- Choose the target region and zones
- Configure the instance template and target size
- Click 'Create'
Source Code
Resource Type
compute.googleapis.com/InstanceGroupManager