catalog logoThe IAM Privilege Catalog

services / Google Cloud / Compute Engine managed instance groups

Create and alter managed instance groups.

Allows creation, modification, and destruction of auto-scaling instance groups. Except for resizing, can not critically impact organizational functions.

compute.​instanceGroupManagers.​create

Can be exploited for cryptojacking purposes, but additionally requires creation of corresponding instance templates. Instances may be accessible via addition to target groups.

Risks

  1. Resource hijacking (MEDIUM)
  2. Spend (MEDIUM)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​instance-​groups
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​instance-​groups/​managed
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​instanceGroupManagers

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog